Cisco is a long-time front-runner in delivering cutting-edge firewall appliances for the widest possible range of environments. Cisco's Firepower Next Generation Firewall (NGFW) appliances represent a modern cybersecurity solution that combines sophisticed hardware, cloud-based services, and next-generation intrusion protection system (NGIPS) to anticipate, identify, and respond to threats automatically. Progent's Cisco-certified CCIE firewall experts can help you to plan and carry out a smooth migration to Cisco Firepower firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX appliances and show you how to enhance Firepower appliances with Cisco's cloud-based services to create and centrally manage IT environments that span local offices, data centers, and cloud resources. Progent's firewall consultants can also help you to maintain and debug legacy Cisco firewalls. Progent's certified network security consultants can help you with policy creation based on leading practices so you can build a consistent and effective cybersecurity profile that applies to all your networked devices at any location.
Cisco's Firepower NGFW Firewall Appliances
Cisco's portfolio of Firepower Next-Generation Firewalls deliver advanced protection and centralized control at prices, speed, and expandability suitable for environments ranging from home offices and small businesses to global enterprises and service providers. Cisco's Firepower NGFW appliances deliver a significant performance improvement over Cisco's previous-generation security appliances and offer unified control of advanced security features like application visibility and control, next-generation intrusion protection with intelligent prioritization of risks, advanced malware protection (AMP), URL filtering, and multi-node sandboxing.
All Firepower Next-Generation firewalls incorporate a single-pass architecture and permit uninterrupted analysis and retrospective identification, which makes it possible to provide outbreak controls and to pinpoint root causes. Firepower NGFW firewalls also have the option of URL Filtering and subscription-free sandboxing for finding elusive malware, behavioral indicators of compromise, and malware artifacts. NGIPS rule tuning and firewall policy are performed automatically, eliminating the need for manual intervention by cybersecurity experts. All Firepower Next-Generation firewalls give you the choice of using either Cisco Firepower Threat Defense or Adaptive Security Appliance software. Centralized configuration, logging, system monitoring, and reporting functions can be managed either by Cisco's Management Center or in the cloud with Defense Orchestrator.
Cisco Firepower 1000 Series NGFW Firewalls
Firepower Next-Generation 1000 Series Firewalls are intended for small businesses, home offices, or branches. Appliances in this family deliver better price/performance vs. comparable Cisco ASA 5506-X to ASA 5525-X models, providing 4-6X faster firewall speed. Onsite management can be done with Cisco Firepower Device Manager. 1000 Series appliances include a built-in 10M/100M/1GBASE-T RJ-45 Ethernet interface for management, an RJ-45 console interface, a USB 3.0 Type-A interface, and 200 GB of storage. Active/active and Active/standby high availability is supported along with virtual private network load balancing.
Cisco's Firepower 1010 firewall is a desktop or wall-mount, fanless appliance that delivers 890 Mbps performance, Application Visibility/Control (AVC), and NGIPS. The firewall has eight integrated RJ-45 I/O ports, two of them with POE+. IPsec VPN throughput is 400 Mbps and the unit allows 100K simultaneous sessions, 6,000 new connections/second, and a maximum of 75 VPN peers. The Firepower 1120 firewall is a 1RU appliance that delivers firewall throughput of 2.3 Gbps. The unit includes eight RJ45 built-in I/O ports and four SFP ports. IPsec VPN throughput is 1.2 Gbps and the firewall allows 200K simultaneous sessions, 15,000 new connections/second with Application Visibility/Control (AVC), and a maximum of 150 VPN peers.
The Firepower 1140 model firewall is a 1RU rackmount device that offers firewall performance of 3.3 Gbps. The unit features eight integrated RJ-45 ports and 4 SFP interfaces. IPsec VPN throughput is 1.4 Gbps and the appliance supports 400K concurrent sessions, 22K new connections/second with AVC, and up to 400 VPN peers. The Firepower 1150 model firewall is a 1RU appliance that offers firewall performance of 5.3 Gbps. The firewall has 8 built-in RJ-45 ports, two SFP ports, and two 10G SFP+ interface ports. IPsec VPN throughput is 2.4 Gbps and the appliance supports 600K simultaneous sessions, 28,000 new connections/second, and as many as 800 VPN peers.
Cisco Firepower 2100 Series NGFW Firewalls
Cisco's Firepower 2100 Series NGFW Firewalls are one-rack units designed for use at the Internet edge or the data center. Firewalls in this line feature a dual multicore CPU design that allows them to deliver 3-6X faster throughput than Cisco ASA 5545-X to ASA 5555-X firewalls they are designed to succeed. Local management can be performed using Firepower Device Manager. All Firepower 2100 Series NGFW Firewalls include 12 RJ45 ports and four SFP ports. These firewalls include one build-in 10/100/1000 Ethernet port for management, an RJ-45 console port, and one USB 2.0 Type-A interface. Active/standby high availability is supported along with VPN load balancing.
Cisco's Firepower 2110 model firewall has 4 built-in 1 Gb SFP Ethernet interfaces and 100 GB of storage. The 2110 delivers 2.6 Gbps firewall throughput and 800 Mbps IPsec VPN throughput and allows 1 million simultaneous sessions, 18,000 new connections/second, and as many as 1,500 VPN peers. Cisco's Firepower 2120 firewall has 12 built-in 10M/100M/1GBASE-T RJ-45 interfaces, four integrated 1G SFP Ethernet interfaces, and 100 GB of storage. The 2120 delivers 3.4 Gbps firewall performance and 1 Gbps IPsec VPN throughput and permits 1.5 million simultaneous sessions, 28,000 new connections per second and a maximum of 3,500 VPN peers.
Cisco's Firepower 2130 model firewall comes with 4 built-in 10 Gb SFP+ interface ports and 200 GB of storage. The 2130 also scales via a network module with eight additional interface ports. The Firepower 2130 delivers 5.4 Gbps firewall performance and 1.9 Gbps IPsec VPN throughput and allows 2 million concurrent sessions, 30,000 new connections per second, and up to 7,500 VPN peers. Cisco's high-end Firepower 2140 firewall comes with four built-in 10G SFP+ interface ports and 200 GB of storage. The 2140 also accepts a network module with 8 extra interfaces for a maximum of 24 Ethernet interface ports. The 2140 offers 10.4 Gbps firewall performance and 3.6 1Gbps IPsec VPN throughput and allows 3 million concurrent, 57,000 new connections per second, and up to 10,000 VPN peers. Both the 2130 and 2140 appliances feature dual AC or DC power supplies.
Cisco 3100 Firewall Series
Cisco's 3100 Firewall Series models are modular one-rack units intended for enterprises who require throughput, high port count, and zero-trust cybersecurity at the Internet edge, the corporate data center, or a private cloud. For maximum uptime, all Secure Firewall 3100 Series appliances support 8-device clustering and work in either Active/active or Active/standby mode. The units can run Cisco's ASA or Firewall Threat Defense software. Built-in I/O for each model includes eight 10M/100M/1GBASE-T interface ports (RJ-45) and eight 1/10 Gigabit (SFP) Ethernet interfaces. Plug-in network modules support 1/10/25/40G expansion and all versions come with 900 GB of storage as well as a spare storage expansion slot.
Cisco's Secure Firewall 3105 model delivers 10 Gbps firewall performance and 5.5 Gbps IPsec VPN throughput. The 3105 allows 1.5 million concurrent sessions, 90,000 new connections/second, and as many as 2,000 VPN peers. Cisco's Secure Firewall 3110 model offers 10 Gbps firewall throughput and 8 Gbps IPsec VPN performance. The 3110 allows two million concurrent sessions, 130,000 new connections per second, and as many as 3,000 VPN peers. Cisco's 3120 Firewall model offers 21 Gbps firewall throughput and 10 Gbps IPsec VPN performance. The 3120 firewall supports 4 million concurrent sessions, 170,000 new connections per second, and a maximum of 7,000 VPN peers. Cisco's 3130 Firewall device offers 42 Gbps firewall performance and up to 14 Gbps IPsec VPN throughput. The 3130 allows 6 million concurrent sessions, 200K new connections/second, and a maximum of 15,000 VPN peers. The 3130 features 8 1/10/25G SFP+ ports. Cisco's 3140 Firewall model delivers 49 Gbps firewall throughput and up to 17 Gbps IPsec VPN performance. The 3140 firewall allows 10 million concurrent sessions, 200K new connections per second, and a maximum of 20K VPN peers. The 3140 model features 8 1/10/25G SFP+ interfaces.
Cisco Firepower 4100 Series Next-Generation Firewalls
Cisco's Firepower 4100 Series NGFW Firewalls are one-rack units designed for operation at high-performance data centers. Appliances in this series offer 5-10X faster throughput than the Cisco ASA 5585-X device they are designed to replace. Local management can be performed using Firepower Device Manager. All Firepower 4100 Series Next-Generation Firewalls include 8 integrated SFP+ interfaces and all can be expanded with a selection of plug-in network modules for up to 24 ports. All Firepower 4100 Series NGFW Firewalls support VPN load balancing, high availability, and clustering of up to six chassis. These security appliances include an integrated 1 Gigabit Ethernet port for network management, one RJ-45 console interface, and one USB 2.0 port.
The Firepower 4110 model firewall has 200 GB of storage and delivers 13 Gbps firewall performance and 6 Gbps IPsec VPN throughput. The 4110 model supports 10 million concurrent sessions, 64K new connections/second, and a maximum of 10K VPN peers. Cisco's Firepower 4112 firewall has 400 GB of storage and delivers 19 Gbps firewall performance and 8.5 Gbps IPsec VPN performance. The 4112 appliance allows 10 million concurrent sessions, 98K new connections/second, and as many as 10,000 VPN peers. Cisco's Firepower 4115 device comes with 400 GB of storage and offers 33 Gbps firewall performance and 8 Gbps IPsec VPN throughput. The 4115 firewall allows 15 million concurrent sessions, 210K new connections/second, and a maximum of 15,000 VPN peers. Cisco's Firepower 4120 appliance comes with 200 GB of storage and offers 22 Gbps firewall throughput and 19 Gbps IPsec VPN performance. The 4120 firewall supports 15 million concurrent sessions, 118K new connections/second, and up to 15,000 VPN peers. Cisco's Firepower 4125 model comes with 800 GB of storage and delivers 45 Gbps firewall performance and 19 Gbps IPsec VPN throughput. The 4125 firewall allows 25 million concurrent sessions, 269K new connections per second, and as many as 20K VPN peers.
Cisco's Firepower 4140 model firewall includes 400 GB of storage and delivers 32 Gbps firewall performance and 13 Gbps IPsec VPN throughput. The 4140 unit supports 25 million concurrent sessions, 172K new connections/second, and as many as 20K VPN peers. Cisco's newer Firepower 4145 firewall comes with 800 GB of storage and delivers 53 Gbps firewall performance and 24 Gbps IPsec VPN performance. The 4145 firewall allows 30 million simultaneous sessions, 365K new connections per second, and up to 20K VPN peers. Cisco's Firepower 4150 unit has 400 GB of storage and offers 45 Gbps firewall throughput and 14 Gbps IPsec VPN performance. The 4150 firewall supports 30 million concurrent sessions, 263K new connections per second, and as many as 20K VPN peers.
Secure Firewall 4200 Series
Cisco's Secure Firewall 4200 devices are expandable 1RU firewalls intended for deployment at enterprise campuses and data centers that need high-end throughput, visibility, and scale. Cisco's Secure Firewall 4200 Series devices offer more than double the performance of prior generation firewalls and feature high port density. As many as 8 chassis can be clustered for fault tolerance and future expansion. Crypto accelerator allows SSL and VPN decryption in real time, and zero trust application access (ZTAA) permits comprehensive threat inspection for applications. 4200 Series appliances can be managed by the Firewall Management Center or in the cloud with Cisco Defense Orchestrator. Each 4200 firewall comes with 8x 1/10/25 Gigabit Ethernet integrated ports and has two interface module bays for rapid upscaling. Up to 24 total Ethernet connections are supported. Every 4200 device comes with 1.8 TB x 2 storage.
Cisco's Secure Firewall 4215 model is designed for large enterprise campuses with high growth potential. The 4215 offers 90 Gbps firewall stateful inspection performance and 45 Gbps IPsec VPN throughput. The 4215 allows 15 million concurrent firewall connections, 350 K new connections each second, and up to 20,000 VPN peers. Cisco's Secure Firewall 4225 appliance is built for enterprise data centers. The appliance delivers 95 Gbps firewall throughput and 80 Gbps IPsec VPN throughput. Cisco's 4225 firewall can handle 30 million simultaneous firewall connections, 600 K new connections per second, and as many as 25,000 VPN peers. The Secure Firewall 4245 model is built for service providers who need to handle a very high volume of traffic. The 4245 delivers 180 Gbps firewall throughput and 140 Gbps IPsec VPN throughput. The 4245 can support 60 million concurrent firewall connections, 800 K new connections per second, and up to 30,000 VPN peers.
Cisco Firepower 9300 Series Next-Generation Firewalls
Cisco's Firepower 9300 Series Next-Generation Firewalls are massively scalable and ultra-high performing security appliances. The 3RU chassis of Firepower 9300 NGFW Series firewalls accepts two add-in network modules and three security modules. Fully loaded, the 9300 can support 24 10-Gigabit SFP+ interfaces or eight 100 Gigabit Ethernet interfaces. Intrachassis clustering of up to 5 9300 chassis delivers up to 1.2 Tbps of firewall performance. The high-end Cisco Firepower 9300 SM-56 x 3 provides 235 Gbps firewall throughput and 27 Gbps IPsec VPN performance. The unit allows 195 million simultaneous sessions, 4.75 M new connections per second, and a maximum of 20,000 VPN peers.
Firepower Services
Firepower Next Generation firewalls accept either software or physical modules that enable Cisco's Firepower Services, which provide layered protection against multi-vector attacks. Cisco's Firepower Services are powered by innovative technology acquired by Cisco from Sourcefire. Key features of Firepower Services include:
Smaller deployments of Cisco's Firepower Series firewalls can be efficiently administered via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility which is provided with all firewall models. ASDM provides an easy-to-use web console for configuring, managing, and debugging Firepower appliances and modules.
For more complex deployments, Cisco's Next Gerneration appliances with Firepower Services can be managed with Firepower Management Center, available as one or several physical units or virtual appliances. Firepower Management Center offers unified firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Advanced Malware Protection. Due to frequent rebranding after Cisco's acquisition of Sourcefire Defense Center, Cisco's Firepower Management Center has been delivered under various names that include Defense Center, FireSIGHT Defense Center, and Cisco Firesight Management Center.
Firepower Management Center appliance offers capabilities unavailable with Cisco's on-device Adaptive Security Device Manager tool. Additional capabilities include expanded context awareness, Advanced Malware Protection with mitigation for user devices, a dashboard that provides dynamic network infrastructure visualization, automated policy optimization based on impact assessment of threats, comprehensive IPS, custom application discovery for Application Visibility and Control, customized health alerts, improved reporting features, and application interfaces for host input and databases. Hardware-dependent options like clustering, stacking, switching, routing, VPN, and NAT must be handled using either the on-box ASDM or the Firepower CLI.
Progent's Migration Consulting for Cisco Next Generation Firewalls
Since Cisco has discontinued offering the PIX 500 and ASA 5500 families of firewalls, many businesses are uncomfortable with relying on a critical infrastructure mechanism that may stop being supported by Cisco. Firepower NGFW Series security appliances have the benefit of being current products and also offer important technical and economic benefits in comparison to legacy devices. These benefits include significantly better performance, optional Secure Sockets Layer VPN capability, and an expandable architecture that guards your investment by allowing you to add more security features when and if you require them. Progent's Cisco certified experts can assist your company to determine the strategic value of for upgrading from PIX or ASA 5500 firewalls, create a migration plan that permits a quick and non-disruptive changeover, assist you to install new Firepower Series appliances, and offer remote training, consulting, and technical support services.
Other Ways Progent Can Support Your Cisco Firewalls
Cisco Firepower Next-Generation Series security appliances incorporate an array of configuration, monitoring, and analysis options which offer you the flexibility to configure these security appliances to align optimally with your company's needs. Progent's CCIE authorized network professionals can assist you to build an efficient network infrastructure that incorporates Cisco security appliances and that offers world-class protection, resilience, throughput, and recoverability. Progent's GISA and CISM-premier IS security professionals can assist your business to create a security policy appropriate for your environment and can configure your firewall to enforce your security policies. Progent's risk assessment professionals can assess the strength of your current firewall solution and audit the overall security of your entire IT environment. Progent's Technical Response Center (TRC) can deliver emergency remote technical support for Cisco products and can give you quick access to a Cisco CCIE network engineer.
Progent offers online or onsite support and is available for occasional expertise to help you resolve a stubborn technical impasse or Progent offers comprehensive project management services to ensure your network security initiative is completed on time and on budget.
To learn additional information about Progent's professional expertise for Cisco technology, select a subject: