Cisco is a perennial leader in developing cutting-edge firewall appliances for the broadest possible variety of deployments. Cisco's Firepower Next Generation Firewall (NGFW) security appliances provide an advanced cybersecurity platform that marshals dedicated hardware, cloud services, and next-generation intrusion protection system (NGIPS) to anticipate, discover, and respond to cyberthreats automatically. Progent's Cisco-certified CCIE firewall experts can assist you to plan and execute a smooth migration to Firepower Series firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX appliances and help you integrate Firepower firewalls with Cisco's security services to create and centrally control network environments that span local offices, data centers, and cloud resources. Progent can also assist you to manage and debug older-generation Cisco firewalls. Progent's certified cybersecurity experts can assist you with policy creation and tuning driven by leading practices in order to build a consistent security profile that applies to all your endpoints at any location.
Cisco's Firepower NGFW Firewall Appliances
Cisco's family of Firepower Next-Generation Firewalls deliver advanced protection and centralized control at price points, speed, and expandability suitable for environments ranging from telecommuters and small organizations to global enterprises and Internet service providers. Cisco's Firepower NGFW devices provide a major performance boost compared to Cisco's previous-generation security appliances and offer unified management of modern security capabilities such as application visibility and control, next-generation intrusion protection with risk prioritization, advanced malware protection (AMP), DDoS mitigation, and sandboxing.
All Firepower Next-Generation firewalls have a single-pass design and permit uninterrupted inspection and retrospective identification, which makes it possible to initiate outbreak management and to uncover patient zero. Firepower Next-Generation firewalls also offer URL Filtering and sandboxing for finding elusive malware, behavioral indicators of compromise, and malware artifacts. Next-Generation IPS rule tuning and network firewall policy creation can be automated, eliminating the need for manual intervention by IT security specialists. All Firepower NGFW security appliances give you the option of running either Firepower Threat Defense (FTD) or Adaptive Security Appliance software. Centralized deployment, logging, monitoring, and reporting capabilities can be managed either by Management Center or in the cloud with Cisco Defense Orchestrator.
Cisco Firepower 1000 Series Next-Generation Firewalls
Cisco Firepower NGFW 1000 Series Firewalls are targeted at small organizations, telecommuters, or branches. Devices in this family deliver improved value vs. corresponding Cisco ASA 5506-X to ASA 5525-X firewalls, providing 4-6X faster firewall speed. Onsite management can be done with Cisco Firepower Device Manager. 1000 Series appliances feature a built-in 10M/100M/1GBASE-T RJ-45 Ethernet interface for network management, an RJ-45 console interface, a USB 3.0 Type-A connection, and 200 Gbytes of storage. Active/active and Active/standby high availability is provided along with virtual private network load balancing.
Cisco's Firepower 1010 firewall is a desktop, fanless device that offers 890 Mbps performance, Application Visibility/Control, and Next Generation Intrusion Prevention System. The appliance comes with eight built-in RJ-45 I/O interface ports, two of them with POE+. IPsec VPN throughput is 500 Mbps and the device allows 100K concurrent sessions, 6,000 new connections/second, and up to 75 VPN peers. The Firepower 1120 firewall is a 1RU rack appliance that provides firewall performance of 2.3 Gbps. The unit has 8 RJ45 built-in I/O ports and four SFP interfaces. IPsec VPN performance is 1.2 Gbps and the unit supports 200K simultaneous sessions, 15,000 new connections per second with Application Visibility/Control (AVC), and as many as 150 VPN peers.
The Firepower 1140 model firewall is a 1RU rackmount device that offers firewall throughput of 3.3 Gbps. The unit comes with eight integrated RJ-45 interface ports and four SFP interfaces. IPsec VPN performance is 1.4 Gbps and the unit supports 400K simultaneous sessions, 22K new connections/second with Application Visibility/Control, and as many as 400 VPN peers. The Firepower 1150 model firewall is a 1RU appliance that delivers firewall performance of 5.3 Gbps. The firewall includes eight built-in RJ-45 interface ports, two SFP interface ports, and two 10G SFP+ ports. IPsec VPN performance is 2.4 Gbps and the unit supports 600K concurrent sessions, 28,000 new connections/second, and up to 800 VPN peers.
Cisco Firepower 2100 Series NGFW Firewalls
Cisco's Firepower 2100 Series NGFW Firewalls are 1RU rack appliances designed for deployment at the data center. Firewalls in this series feature a dual multicore CPU architecture that enables them to deliver 3-6X faster throughput than Cisco ASA 5545-X to ASA 5555-X firewalls they are engineered to replace. Onsite management can be performed using Firepower Device Manager. All Firepower 2100 Series Next-Generation Firewalls incorporate 12 RJ45 ports and four SFP interfaces. These appliances include one integrated 10M/100M/1GBASE-T Ethernet interface for network management, an RJ-45 console port, and one USB connection. Active/standby high availability is supported as well as VPN load balancing.
Cisco's Firepower 2110 firewall includes four integrated 1 Gb SFP Ethernet interfaces and 100 GB of storage. The 2110 delivers 2.6 Gbps firewall performance and 800 Mbps IPsec VPN performance and allows 1 million simultaneous sessions, 18,000 new connections/second, and a maximum of 1,500 VPN peers. Cisco's Firepower 2120 model firewall has 12 integrated 10M/100M/1GBASE-T Ethernet RJ-45 ports, four built-in 1G SFP Ethernet interfaces, and 100 GB of storage. The 2120 delivers 3.4 Gbps firewall throughput and 1 Gbps IPsec VPN throughput and permits 1.5 million simultaneous sessions, 28,000 new connections/second and as many as 3,500 VPN peers.
Cisco's Firepower 2130 model firewall includes four integrated 10 Gigabit SFP+ interface ports and 200 GB of storage. The 2130 also scales via a network module with 8 additional ports. The Firepower 2130 offers 5.4 Gbps firewall performance and 1.9 Gbps IPsec VPN throughput and allows two million concurrent sessions, 30,000 new connections/second, and up to 7,500 VPN peers. Cisco's top-of-the-line Firepower 2140 firewall has four integrated 10 Gigabit SFP+ interface ports and 200 GB of storage. The 2140 also accepts a network module with 8 additional interface ports for a maximum of 24 Ethernet interface ports. The 2140 model delivers 10.4 Gbps firewall performance and 3.6 1Gbps IPsec VPN throughput and allows three million concurrent, 57,000 new connections per second, and up to 10,000 VPN peers. Both the 2130 and 2140 appliances feature dual AC or DC power supplies.
Cisco 3100 Firewall Series
Cisco's Secure Firewall 3100 Series models are modular one-rack devices intended for large companies who need performance, high port density, and zero-trust security at the Internet edge, the data center, or a private cloud. For maximum uptime, all Secure Firewall 3100 Series appliances allow 8-chassis clustering and operate in Active/active or Active/standby mode. The appliances can run Cisco's ASA or FTD software. Integrated I/O for each device includes 8 10M/100M/1GBASE-T interfaces (RJ-45) and 8 1/10 Gigabit (SFP) Ethernet ports. Available network modules support 1/10/25/40G expansion and all versions feature 900 GB of storage plus a spare storage expansion slot.
Cisco's Secure Firewall 3110 model delivers 18 Gbps firewall throughput and 8 Gbps IPsec VPN performance. The 3110 allows 2 million concurrent sessions, 64,000 new connections/second, and a maximum of 3,000 VPN peers. Cisco's 3120 Firewall model delivers 22 Gbps firewall throughput and up to 10 Gbps IPsec VPN throughput. The 3120 allows 4 million simultaneous sessions, 98K new connections/second, and a maximum of 7,000 VPN peers. Cisco's 3130 Firewall model offers 42 Gbps firewall throughput and up to 14 Gbps IPsec VPN performance. The 3130 supports 6 million concurrent sessions, 200K new connections/second, and as many as 15,000 VPN peers. Cisco's Secure Firewall 3140 appliance delivers 49 Gbps firewall throughput and up to 17 Gbps IPsec VPN throughput. The 3140 supports 10 million concurrent sessions, 200K new connections/second, and as many as 20K VPN peers.
Cisco Firepower 4100 Series Next-Generation Firewalls
Cisco's Firepower 4100 Series NGFW Firewalls are 1RU rack appliances designed for deployment at the Internet edge. Appliances in this family offer 5-10X faster performance than the Cisco ASA 5585-X firewall they are designed to replace. Local management can be performed using Cisco Firepower Device Manager. All Firepower 4100 Series Next-Generation Firewalls include 8 built-in SFP+ interfaces and all accept a selection of plug-in network modules for a maximum of 24 ports. All Firepower 4100 Series NGFW Firewalls offer virtual private network load balancing, high availability, and clustering of as many as six chassis. These firewalls include a built-in 1 Gigabit Ethernet port for management, one RJ-45 console port, and one USB 2.0 port.
The Firepower 4110 model firewall features 200 GB of storage and delivers 13 Gbps firewall throughput and 6 Gbps IPsec VPN throughput. The 4110 allows 10 million concurrent sessions, 64K new connections/second, and as many as 10K VPN peers. Cisco's Firepower 4112 firewall features 400 GB of storage and delivers 19 Gbps firewall throughput and 8.5 Gbps IPsec VPN throughput. The 4112 appliance allows 10 million simultaneous sessions, 98K new connections/second, and as many as 10,000 VPN peers. Cisco's more recent Firepower 4115 appliance features 400 GB of storage and offers 27 Gbps firewall throughput and 8 Gbps IPsec VPN throughput. The 4115 firewall allows 15 million concurrent sessions, 200K new connections per second, and a maximum of 15,000 VPN peers. Cisco's Firepower 4120 appliance comes with 200 GB of storage and delivers 22 Gbps firewall performance and 19 Gbps IPsec VPN performance. The 4120 unit allows 15 million simultaneous sessions, 118K new connections/second, and a maximum of 15,000 VPN peers. Cisco's more recent Firepower 4125 model features 800 GB of storage and delivers 40 Gbps firewall throughput and 14 Gbps IPsec VPN performance. The 4125 firewall allows 25 million concurrent sessions, 265K new connections per second, and up to 20K VPN peers.
Cisco's Firepower 4140 model firewall includes 400 GB of storage and offers 32 Gbps firewall throughput and 13 Gbps IPsec VPN throughput. The 4140 firewall supports 25 million simultaneous sessions, 172K new connections per second, and a maximum of 20K VPN peers. Cisco's newer Firepower 4145 firewall features 800 GB of storage and delivers 53 Gbps firewall throughput and 18 Gbps IPsec VPN performance. The 4145 firewall allows 30 million simultaneous sessions, 350K new connections/second, and up to 20K VPN peers. Cisco's Firepower 4150 firewall includes 400 GB of storage and offers 45 Gbps firewall performance and 14 Gbps IPsec VPN throughput. The 4150 unit allows 30 million concurrent sessions, 263K new connections/second, and up to 20K VPN peers.
Cisco Firepower 9300 Series Next-Generation Firewalls
Cisco's Firepower 9300 Series Next-Generation Firewalls are highly scalable and carrier-grade firewalls. The 3RU chassis of Firepower 9300 Next-Generation Series firewalls accepts two add-in network modules as well as three security modules. Altogether, the 9300 can support 24 10G Ethernet Enhanced Small Form-Factor Pluggable interfaces or eight 100 Gigabit Ethernet interfaces. Intrachassis clustering of up to five chassis allows up to 1.2 Tbps of firewall throughput. The top-of-the-line Cisco Firepower 9300 SM-56 provides 70 Gbps firewall performance and 27 Gbps IPsec VPN performance. The 9300 SM-56 allows 35 million concurrent sessions, 490K new connections per second, and up to 20,000 VPN peers.
Firepower Services
Firepower Series firewalls work with software or physical modules that support Cisco's Firepower Services, which offer layered defense against sophisticated threats. Firepower Services are powered by technology adopted by Cisco from Sourcefire. Key features of Firepower Services include:
Simpler implementations of Cisco's Firepower Series firewalls can be effectively administered via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based utility which is provided with all NGFW firewall models. ASDM includes a convenient web console for deploying, administering, and troubleshooting Firepower devices and service modules.
For multi-device and multi-site deployments, Cisco's Next Gerneration firewalls with Firepower Services can be managed using Cisco's Firepower Management Center, available as one or several physical units or virtual appliances. Firepower Management Center provides unified firewall management, Application Visibility and Control, enhanced IPS, URL filtering, and Cisco's Advanced Malware Protection (AMP). Because of ongoing rebranding after Cisco's purchase of Sourcefire Defense Center, Firepower Management Center has been delivered under various names including Defense Center, FireSIGHT Defense Center, and Cisco Firesight Management Center.
Firepower Management Center appliance provides capabilities unavailable with Cisco's on-box ASDM tool. Extra capabilities include expanded context awareness, Advanced Malware Protection (AMP) with remediation for client devices, a console that offers dynamic network infrastructure visualization, automated policy optimization based on impact evaluation of threats, comprehensive IPS, custom app discovery for Application Visibility and Control, customized health notifications, improved reporting features, and application interfaces for host input and database access. Hardware-dependent features like clustering, stacking, switching, routing, VPN, and NAT must be handled using either Cisco's on-box ASDM or the Firepower command line interface.
Progent's Migration Consulting for Cisco Firepower Firewalls
Since Cisco has discontinued selling the PIX 500 and ASA 5500 product lines, many companies are uncomfortable with relying on a key infrastructure component that may no longer be supported. Firepower NGFW Series firewalls have the advantage of being new devices and also bring important functions and budgetary benefits in comparison to legacy devices. These advantages include substantially better performance, optional SSL tunneling capability, and a modular design that guards your investment by enabling you to self-install new security features whenever you need them. Progent's Cisco experts can help you to assess the strategic value of for moving from PIX 500 or ASA 5500 security appliances, create a migration plan that allows for a quick and non-disruptive upgrade, assist your IT staff to deploy new Firepower Series firewalls, and offer remote training, consulting, and troubleshooting services.
Other Ways Progent Can Support Your Cisco Firewalls
Cisco's Firepower NGFW Series firewalls provide a wealth of configuration, monitoring, and analysis features which offer you the ability to set up these firewalls to match your business requirements. Progent's CCIE certified network experts can assist you to build a cost-effective network infrastructure that incorporates Cisco security appliances and that provides world-class protection, resilience, performance, and manageability. Progent's CISA and CISM-certified IS security consultants can assist your business to develop a security policy appropriate for your environment and can set up your security appliance to enforce your security policies. Progent's risk evaluation consultants can evaluate the effectiveness of your current firewall solution and validate the overall security of your whole information system environment. Progent’s Technical Response Center (TRC) can deliver emergency remote technical support for Cisco technology and offer quick access to a Cisco CCIE expert.
Progent offers online or on-premises consulting services and is available for occasional guidance to help you with a challenging IT impasse or Progent can provide end-to-end project management and co-management support to ensure your network security initiative is completed on time and within budget.
To find out additional details concerning Progent's consulting support for Cisco technology, choose a topic: