Cisco is a perennial front-runner in developing cutting-edge firewall appliances for the broadest possible range of environments. Cisco's Firepower Next Generation Firewall (NGFW) appliances represent an advanced cybersecurity platform that combines sophisticed hardware, cloud-based services, and machine learning to anticipate, discover, and mitigate threats automatically. Progent's Cisco-certified CCIE firewall consultants can help your organization to design and carry out a smooth migration to Firepower firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX firewalls and show you how to enhance Firepower firewalls with Cisco's security services to build and centrally control IT ecosystems that encompass local offices, data centers, private clouds and public clouds. Progent can also assist you to manage and debug legacy Cisco security appliances. Progent's certified cybersecurity consultants can assist you with policy creation driven by leading practices in order to establish a consistent security posture that applies to all your networked endpoints at any location.
Cisco's Firepower Next Generation Firewall Appliances
Cisco's family of Firepower Next-Generation Firewalls offer advanced protection and unified management at price points, speed, and scale suitable for environments ranging from telecommuters and small organizations to global enterprises and Internet service providers. Cisco's Firepower NGFW appliances deliver a major performance improvement compared to Cisco's older security appliances and offer centralized control of advanced security features like application visibility, next-generation intrusion protection (NGIPS) with intelligent prioritization of risks, advanced malware protection (AMP), URL filtering, and sandboxing.
All Firepower NGFW firewalls have a one-pass architecture and support continuous inspection and retrospective identification, which makes it possible to initiate outbreak management and to uncover root causes. Firepower Next-Generation firewalls also offer URL Filtering and sandboxing for detecting evasive and sandbox-aware malware, actionable event correlations, and malware artifacts. Next-Generation IPS rule tuning and firewall policy are automated, eliminating the need for time-consuming intervention by cybersecurity specialists. All Firepower Next-Generation security appliances offer the option of using either Cisco Firepower Threat Defense or Adaptive Security Appliance (ASA) software. Centralized configuration, logging, system monitoring, and reporting capabilities can be managed either via Cisco's Management Center or in the cloud with Defense Orchestrator.
Cisco Firepower 1000 Series NGFW Firewalls
Firepower Next-Generation 1000 Series Firewalls are intended for small businesses, home offices, or branches. Appliances in this family offer improved price/performance vs. comparable Cisco ASA 5506-X to ASA 5525-X firewalls, providing 4-6X higher firewall throughput. Onsite management can be done using Firepower Device Manager. These appliances feature a built-in 10/100/1000 Ethernet interface for network management, an RJ-45 console interface, a USB 3.0 Type-A interface, and 200 GB of storage. High availability is provided along with virtual private network load balancing.
Cisco's Firepower 1010 firewall is a desktop, fanless device that delivers 890 Mbps performance, Application Visibility/Control (AVC), and NGIPS. The appliance includes 8 integrated RJ-45 I/O interface ports, two of them with POE+. IPsec VPN performance is 500 Mbps and the appliance allows 100K simultaneous sessions, 6,000 new connections per second, and a maximum of 75 VPN peers. The Firepower 1120 firewall is a 1RU rack device that provides firewall throughput of 2.3 Gbps. The unit has 8 RJ45 integrated I/O ports and four SFP interfaces. IPsec VPN performance is 1.2 Gbps and the device allows 200K simultaneous sessions, 15,000 new connections/second with AVC, and a maximum of 150 VPN peers.
The Firepower 1140 firewall is a 1RU appliance that offers firewall performance of 3.3 Gbps. The appliance comes with 8 built-in RJ-45 ports and 4 SFP ports. IPsec VPN throughput is 1.4 Gbps and the appliance allows 400K simultaneous sessions, 22K new connections per second with AVC, and a maximum of 400 VPN peers. The Firepower 1150 firewall is a 1RU rackmount appliance that delivers firewall performance of 5.3 Gbps. The appliance has 8 integrated RJ-45 interfaces, two SFP interfaces, and two 10G SFP+ interfaces. IPsec VPN performance is 2.4 Gbps and the appliance supports 600K concurrent sessions, 28,000 new connections/second, and up to 800 VPN peers.
Cisco Firepower 2100 Series Next-Generation Firewalls
Cisco's Firepower 2100 Series Next-Generation Firewalls are single-rack appliances intended for operation at the Internet edge or the data center. Appliances in this family feature a dual multicore processor architecture that allows them to deliver 3-6X faster performance than Cisco ASA 5545-X to ASA 5555-X firewalls they are designed to replace. Onsite management can be performed with Cisco Firepower Device Manager. All Firepower 2100 Series Next-Generation Firewalls include 12 RJ45 interfaces and four SFP interfaces. These appliances include one integrated 10M/100M/1GBASE-T RJ-45 Ethernet port for management, an RJ-45 console interface, and one USB 2.0 Type-A connection. Active/standby high availability is supported as well as VPN load balancing.
The Firepower 2110 firewall includes four integrated 1 Gb SFP Ethernet ports and 100 GB of storage. The 2110 delivers 2.6 Gbps firewall throughput and 800 Mbps IPsec VPN throughput and allows 1 million simultaneous sessions, 18,000 new connections/second, and a maximum of 1,500 VPN peers. Cisco's Firepower 2120 firewall includes 12 built-in 10M/100M/1GBASE-T RJ-45 interfaces, four built-in 1G SFP Ethernet ports, and 100 GB of storage. The 2120 offers 3.4 Gbps firewall throughput and 1 Gbps IPsec VPN performance and permits 1.5 million simultaneous sessions, 28,000 new connections/second and as many as 3,500 VPN peers.
Cisco's Firepower 2130 model firewall includes 4 integrated 10 Gb SFP+ interfaces and 200 GB of storage. The 2130 also scales via a network module with 8 extra ports. The Firepower 2130 delivers 5.4 Gbps firewall performance and 1.9 Gbps IPsec VPN performance and supports 2 million simultaneous sessions, 30,000 new connections/second, and up to 7,500 VPN peers. Cisco's top-of-the-line Firepower 2140 model firewall features four integrated 10G SFP+ ports and 200 GB of storage. The unit also scales via a network module with 8 additional interfaces for a maximum of 24 Ethernet interface ports. The 2140 model offers 10.4 Gbps firewall throughput and 3.6 1Gbps IPsec VPN performance and supports three million simultaneous, 57,000 new connections per second, and a maximum of 10,000 VPN peers. Both the 2130 and 2140 model firewalls have the option of redundant AC or DC power supplies.
Cisco 3100 Firewall Series
Cisco's Secure Firewall 3100 Series models are modular 1RU devices designed for enterprises who need throughput, high port density, and zero-trust cybersecurity at the Internet edge, the data center, or a private cloud. For maximum uptime, all Secure Firewall 3100 Series appliances support 8-device clustering and work in Active/active or Active/standby mode. The appliances can run Cisco's ASA or Firewall Threat Defense software. Built-in I/O for each model includes eight 10M/100M/1GBASE-T interface ports (RJ-45) and 8 1/10 Gigabit Ethernet interfaces. Plug-in network modules support 1/10/25/40G expansion and all models feature 900 GB of storage plus an additional storage expansion slot.
Cisco's Secure Firewall 3110 device offers 18 Gbps firewall performance and 8 Gbps IPsec VPN performance. The 3110 allows 2 million concurrent sessions, 64,000 new connections per second, and a maximum of 3,000 VPN peers. Cisco's Secure Firewall 3120 device delivers 22 Gbps firewall throughput and 10 Gbps IPsec VPN throughput. The 3120 firewall supports 4 million simultaneous sessions, 98K new connections per second, and up to 7,000 VPN peers. Cisco's 3130 Firewall model delivers 42 Gbps firewall throughput and up to 14 Gbps IPsec VPN performance. The 3130 firewall allows 6 million simultaneous sessions, 200K new connections per second, and up to 15,000 VPN peers. Cisco's 3140 Firewall appliance delivers 49 Gbps firewall performance and 17 Gbps IPsec VPN performance. The 3140 firewall allows 10 million simultaneous sessions, 200K new connections per second, and up to 20K VPN peers.
Cisco Firepower 4100 Series NGFW Firewalls
Cisco's Firepower 4100 Series NGFW Firewalls are 1RU rack appliances designed for use at high-performance data centers. Appliances in this family offer 5-10X faster performance than the Cisco ASA 5585-X firewall they are designed to replace. Onsite management can be performed with Firepower Device Manager. All Firepower 4100 Series NGFW Firewalls have 8 integrated SFP+ ports and all can be expanded with a selection of plug-in network modules for a maximum of 24 interfaces. All Firepower 4100 Series Next-Generation Firewalls support VPN load balancing, Active/standby high availability, and clustering of up to six chassis. These devices include a built-in 1 Gigabit Ethernet port for network management, one RJ-45 console interface, and one USB 2.0 port.
Cisco's Firepower 4110 firewall features 200 GB of storage and delivers 13 Gbps firewall throughput and 6 Gbps IPsec VPN throughput. The 4110 model supports 10 million concurrent sessions, 64K new connections/second, and up to 10K VPN peers. Cisco's Firepower 4112 firewall includes 400 GB of storage and delivers 19 Gbps firewall performance and 8.5 Gbps IPsec VPN performance. The 4112 appliance supports 10 million simultaneous sessions, 98K new connections/second, and a maximum of 10,000 VPN peers. Cisco's newer Firepower 4115 device comes with 400 GB of storage and delivers 27 Gbps firewall throughput and 8 Gbps IPsec VPN performance. The 4115 unit allows 15 million simultaneous sessions, 200K new connections per second, and a maximum of 15,000 VPN peers. Cisco's Firepower 4120 device features 200 GB of storage and offers 22 Gbps firewall throughput and 19 Gbps IPsec VPN throughput. The 4120 firewall supports 15 million simultaneous sessions, 118K new connections per second, and a maximum of 15,000 VPN peers. Cisco's more recent Firepower 4125 appliance comes with 800 GB of storage and delivers 40 Gbps firewall throughput and 14 Gbps IPsec VPN throughput. The 4125 unit supports 25 million concurrent sessions, 265K new connections/second, and up to 20K VPN peers.
The Firepower 4140 firewall has 400 GB of storage and delivers 32 Gbps firewall performance and 13 Gbps IPsec VPN performance. The 4140 firewall allows 25 million simultaneous sessions, 172K new connections per second, and a maximum of 20K VPN peers. Cisco's newer Firepower 4145 appliance features 800 GB of storage and delivers 53 Gbps firewall throughput and 18 Gbps IPsec VPN performance. The 4145 unit supports 30 million simultaneous sessions, 350K new connections/second, and a maximum of 20K VPN peers. Cisco's Firepower 4150 unit has 400 GB of storage and offers 45 Gbps firewall performance and 14 Gbps IPsec VPN performance. The 4150 unit supports 30 million concurrent sessions, 263K new connections/second, and as many as 20K VPN peers.
Cisco Firepower 9300 Series NGFW Firewalls
Cisco's Firepower 9300 Series NGFW Firewalls are massively scalable and ultra-high performing security appliances. The 3RU chassis of Firepower 9300 Next-Generation Series firewalls can hold two add-in network modules as well as three security modules. Fully loaded, the 9300 can hold 24 10-Gigabit SFP+ network interfaces or eight 100 Gigabit Ethernet ports. Intrachassis clustering of up to 5 9300 chassis delivers a total 1.2 Tbps of firewall performance. The top-of-the-line Cisco Firepower 9300 SM-56 provides 70 Gbps firewall throughput and 27 Gbps IPsec VPN throughput. The unit allows 35 million simultaneous sessions, 490K new connections per second, and up to 20,000 VPN peers.
Cisco's Firepower Services
Cisco's Firepower Series firewalls work with either software or physical modules that enable Cisco's Firepower Services, which offer layered protection against sophisticated threats. Cisco's Firepower Services are based on technology acquired by Cisco from Sourcefire. Key features of Firepower Services include:
- Multi-layer defense against familiar and new attacks
- Advanced Malware Protection that utilizes big data techniques to discover and mitigate security breaches
- A Next-Generation Intrusion Prevention System that performs contextual analysis that covers clients, infrastructure, software applications, and content to discover threats that incorporate multiple vectors
- High-resolution Application Visibility and Control that is aware of thousands of apps and can automatically activate standard and customized IPS policies based on the degree of threats
Firepower Services for Next Generation firewalls offer multi-layered protection
Smaller deployments of Firepower NGFW security appliances can be effectively managed via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based tool included with all NGFW firewall models. ASDM provides an easy-to-use web dashboard for configuring, managing, and troubleshooting NGFW firewalls and modules.
For more complex deployments, Cisco's Next Gerneration firewalls with Firepower Services can be managed with Cisco's Firepower Management Center, available as one or several physical units or virtual appliances. Firepower Management Center provides unified firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Advanced Malware Protection. Because of ongoing rebranding after Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been delivered under several names that include Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.
Firepower Management Center unifies event and policy control for Firepower firewalls
Firepower Management Center appliance provides capabilities beyond those available with Cisco's on-device ASDM tool. Extra capabilities include greater context awareness, Cisco's Advanced Malware Protection (AMP) with mitigation for user devices, a dashboard that offers real-time infrastructure visualization, automated policy tuning based on impact assessment of attacks, advanced IPS, custom application detectors for Application Visibility and Control, customized health alerts, enhanced reporting options, and application interfaces for host input and database access. Hardware-dependent capabilities like clustering, stacking, switching, routing, VPN, and NAT must be managed using the on-device ASDM or the Firepower command line interface.
Progent's Migration Consulting Support for Cisco Firepower Firewalls
Because Cisco has stopped selling the PIX 500 and ASA 5500 product lines, many businesses are uncomfortable with depending on a key infrastructure component that may no longer be supported. Firepower Series firewalls have the advantage of being new devices and also offer multiple functions and economic advantages in comparison to legacy devices. These benefits include significantly higher performance, optional Secure Sockets Layer VPN capability, and an expandable architecture that protects your investment by allowing you to add new security features whenever you require them. Progent's Cisco certified network engineers can help you to determine the strategic case for migrating from PIX 500 or ASA 5500 security appliances, design a migration plan that allows for a quick and seamless upgrade, help you to configure new Firepower NGFW Series appliances, and provide remote training, consulting, and technical support services.
Additional Ways Progent Can Support Your Cisco Firewalls
Cisco's Firepower Series firewalls provide a wealth of setup, tracking, and analysis features that offer you the flexibility to set up these firewalls to match your business requirements. Progent's CCIE authorized network experts can assist you to configure and support an efficient infrastructure that includes Cisco security appliances and that offers advanced security, fault tolerance, throughput, and recoverability. Progent's GISA and CISM-certified IS security professionals can help your business to develop a security policy that makes sense for your situation and can set up your firewall to enforce your security policies. Progent's risk assessment experts can assess the strength of your current firewall solution and audit the overall security of your entire IT network. Progent's Technical Response Center (TRC) can deliver emergency online troubleshooting for Cisco technology and offer quick access to a Cisco CCIE network engineer.
Progent can provide remote or on-premises consulting services and is available for occasional expertise to help you resolve a stubborn IT bottleneck or Progent can provide end-to-end project management services to make sure your network security initiative is completed on schedule and within budget.
To find out more information about Progent's professional support for Cisco products, pick a subject:
Contact Progent for Cisco Firewall Solutions
To ask Progent about consulting help with Cisco Firepower NGFW firewalls, call 1-800-993-9400 or visit Contact Progent.