Cisco is a long-time front-runner in delivering cutting-edge firewalls for the broadest possible range of deployments. Cisco's Firepower NGFWs Firewalls represent an advanced firewall solution that marshals dedicated hardware, cloud services, and next-generation intrusion protection system (NGIPS) to block, identify, and mitigate threats automatically. Progent's Cisco-certified CCIE-certified firewall experts can help your organization to design and execute an efficient migration to Firepower firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX firewalls and help you integrate Firepower firewalls with Cisco's cloud-based services to create and centrally manage network ecosystems that encompass local offices, data centers, and cloud resources. Progent can also help you to maintain and troubleshoot older-generation Cisco security appliances. Progent's certified network security experts can assist you with policy creation and tuning driven by industry best practices so you can build a consistent and effective cybersecurity profile across all your networked endpoints anywhere.

Cisco's Firepower NGFW Firewall Appliances
Cisco's extensive family of Firepower Next-Generation firewalls delivers modern security and centralized management at prices, speed, and expandability suitable for deployments ranging from telecommuters and small businesses to major enterprises and service providers. Cisco's Firepower NGFWs Firewalls provide a significant performance improvement compared to Cisco's previous-generation security appliances and offer unified management of advanced cybersecurity capabilities such as application visibility and control, next-generation intrusion protection (NGIPS) with intelligent prioritization of risks, advanced malware protection, DDoS mitigation, and multi-node sandboxing.

All Firepower Next-Generation firewalls have a one-pass design and support continuous inspection and retrospective identification, which allows the firewalls to initiate outbreak management and to uncover root causes. Firepower Next-Generation firewalls also have the option of URL Filtering and subscription-free sandboxing for finding elusive threats, behavioral indicators of compromise, and malware artifacts. Next-Generation IPS rule tuning and firewall policy creation can be automated, requiring no manual intervention by cybersecurity experts. All Firepower Next-Generation firewalls offer the choice of running either Firepower Threat Defense (FTD) or Cisco Adaptive Security Appliance (ASA) software. Centralized configuration, logging, monitoring, and reporting capabilities can be managed either by Cisco's Management Center or in the cloud with Defense Orchestrator.

Cisco Firepower 1000 Series NGFW Firewalls
Cisco Firepower NGFW 1000 Series Firewalls ExpertsCisco Firepower NGFW 1000 Series Firewalls are intended for small businesses, telecommuters, or branch offices. Devices in this family deliver better price/performance vs. comparable Cisco ASA 5506-X to ASA 5525-X models, providing 4-6X faster firewall speed. Local management can be performed with Firepower Device Manager. These appliances include an integrated 10/100/1000 Ethernet port for management, an RJ-45 console port, a USB 3.0 Type-A port, and 200 Gbytes of storage. Active/active and Active/standby high availability is supported along with VPN load balancing. For additional specs, see Cisco Firepower 1000 Series Next-Generation firewalls consulting and troubleshooting services.

Cisco Firepower 2100 Series NGFW Firewalls
Cisco Firepower 2100 Series Next-Generation Firewalls ConsultingCisco's Firepower 2100 Series Next-Generation Firewalls are one-rack units intended for use at the Internet edge or the data center. Devices in this series have a dual multicore CPU design that allows them to deliver 3-6X higher performance than Cisco ASA 5545-X to ASA 5555-X firewalls they are engineered to replace. Onsite management can be done with Cisco Firepower Device Manager. All Firepower 2100 Series NGFW Firewalls incorporate 12 RJ45 ports and four SFP ports. These appliances include one build-in 10M/100M/1GBASE-T Ethernet interface for management, an RJ-45 console interface, and one USB 2.0 Type-A interface. High availability is supported along with VPN load balancing. For more details, see Cisco Firepower 2100 Series Next-Generation firewalls consulting and troubleshooting expertise.

Cisco Firepower 4100 Series NGFW Firewalls
Cisco Firepower 4100 Series Next-Generation Firewalls ConsultingCisco's Firepower 4100 Series Next-Generation Firewalls are 1RU units intended for deployment at the Internet edge or high-performance data centers. Appliances in this line deliver 5-10X higher performance than the Cisco ASA 5585-X firewall they are engineered to replace. Local management can be performed using Firepower Device Manager. All Firepower 4100 Series Next-Generation Firewalls include 8 integrated SFP+ ports and all can be expanded with a variety of add-in network modules for a maximum of 24 interfaces. All Firepower 4100 Series Next-Generation Firewalls offer VPN load balancing, high availability, and clustering of up to six chassis. These firewalls feature a built-in 1Gb Ethernet port for management, an RJ-45 console interface, and one USB 2.0 interface. For more specs, visit Cisco Firepower 4100 Series NGFW firewalls consulting and management expertise.

Cisco Firepower 9300 Series Next-Generation Firewalls
Cisco Firepower 9300 Series NGFW Firewalls ConsultantsCisco's Firepower 9300 Series Next-Generation Firewalls are highly scalable and carrier-grade security appliances. The 3 Rack Units enclosure of Firepower 9300 Next-Generation Series firewalls can hold two add-in network modules as well as three security modules. Fully loaded, the Firepower 9300 can support 24 10G SFP+ ports or eight 100 Gigabit Ethernet ports. Intrachassis clustering of up to 5 9300 chassis delivers up to 1.2 Tbps of firewall performance. The high-end Cisco Firepower 9300 SM-56 provides 70 Gbps firewall performance and 27 Gbps IPsec VPN throughput. The unit allows 35 million concurrent sessions, 490K new connections per second, and up to 000 VPN peers.

Cisco's Firepower Services
Cisco's Firepower Series security appliances work with software or physical modules that enable Firepower Services, which offer layered protection against sophisticated attacks. Firepower Services are based on technology acquired by Cisco from Sourcefire. Key features of Firepower Services include:

  • Multi-layer protection against familiar and new threats
  • Advanced Malware Protection that utilizes big data to find and remediate security breaches
  • Cisco's Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that looks at users, infrastructure, apps, and content to discover threats that incorporate multiple approaches
  • High-resolution Application Visibility and Control (AVC that is aware of thousands of applications and can automatically activate both standard and customized IPS policies depending on the degree of risk
Cisco Firepower Integration Expertise

Firepower Services for Next Generation firewalls provide advanced multi-layered protection

Smaller deployments of Firepower Next Generation security appliances can be effectively managed via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web tool which is provided with all firewall versions. ASDM provides a simple web console for deploying, managing, and debugging Firepower firewalls and modules.

For more complex deployments, NGFW appliances with Firepower Services can be managed with Cisco's Firepower Management Center, implemented as one or more physical units or virtual appliances. Cisco's Firepower Management Center provides centralized firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Advanced Malware Protection (AMP). Because of frequent rebranding after Cisco's acquisition of Sourcefire Defense Center, Cisco's Firepower Management Center has been delivered under various names that include Cisco Defense Center, FireSIGHT Defense Center, and FireSIGHT Management Center.

Firepower Management Center Experts

Cisco Firepower Management Center centralizes event and policy management for Cisco Firepower firewalls

Firepower Management Center appliance provides capabilities unavailable with Cisco's on-device Adaptive Security Device Manager utility. Additional capabilities include greater context awareness, Advanced Malware Protection (AMP) with remediation for client devices, a console that offers real-time network infrastructure visualization, automated policy optimization driven by risk assessment of threats, comprehensive IPS, custom application discovery for Application Visibility and Control, customized health notifications, enhanced reporting options, and application interfaces for host input and database access. Hardware-dependent options such as clustering, stacking, switching, routing, VPN, and NAT must be handled using the on-box ASDM or the Firepower command line interface.

Progent's Migration Support Services for Cisco Next Generation Firewalls
Because Cisco has stopped offering the PIX 500 and ASA 5500 families of firewalls, many companies are uncomfortable with depending on a critical security component that might no longer be supported by Cisco. Firepower NGFW Series security appliances have the advantage of being current devices and also bring multiple technical and financial advantages in comparison to legacy firewalls. These advantages include substantially higher performance, optional SSL VPN support, and a modular design that protects your investment by allowing you to self-install new security services when and if you need them. Progent's Cisco network engineers can help you to assess the strategic case for migrating from PIX 500 or Cisco ASA 5500 security appliances, create a migration plan that permits a fast and non-disruptive changeover, assist you to configure new Firepower Series appliances, and provide online, consulting, and technical support services.

Additional Ways Progent Can Support Your Cisco Firewalls
Cisco Firepower Next-Generation Series firewalls incorporate an array of setup, tracking, and analysis features which offer you the ability to configure these security appliances to match your company's requirements. Progent's CCIE authorized network consultants can help you to design a cost-effective infrastructure that incorporates Cisco security appliances and that offers advanced protection, fault tolerance, performance, and recoverability. Progent's CISA and CISM-premier information security professionals can assist your business to create a security strategy that makes sense for your situation and can set up your security appliance to support your security policies. Progent's risk assessment engineers can assess the effectiveness of your existing firewall deployment and audit the overall security of your whole IT environment. Progentís Technical Response Center (TRC) can deliver emergency remote troubleshooting for Cisco technology and offer fast access to a Cisco CCIE network engineer.

Progent offers remote or on-premises support and is available for occasional expertise to help you resolve a challenging IT bottleneck or Progent can provide comprehensive project management services to ensure your firewall initiative is performed on time and on budget.

To find out additional information concerning Progent's consulting help for Cisco technology, select a topic:

Contact Progent for Cisco Firewall Solutions
To ask Progent about consulting help with Cisco Firepower NGFW firewalls, call 1-800-993-9400 or visit Contact Progent.

More topics of interest: