Cisco is a perennial front-runner in developing cutting-edge firewall appliances for the widest possible range of deployments. Cisco's Firepower Next Generation Firewalls (NGFWs) represent a modern firewall platform that marshals dedicated hardware, cloud services, and next-generation intrusion protection system (NGIPS) to block, discover, and respond to cyber attacks automatically. Progent's Cisco-certified CCIE-certified firewall experts can help your organization to design and carry out an efficient migration to Firepower Series firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX appliances and show you how to enhance Firepower appliances with Cisco's subscription-based security services to build and centrally control network ecosystems that encompass branch offices, data centers, private clouds and public clouds. Progent can also help you to manage and debug legacy Cisco firewalls. Progent's certified cybersecurity consultants can assist you with policy creation and tuning based on leading practices in order to establish a consistent cybersecurity profile that applies to all your networked endpoints anywhere.
Cisco's Firepower Next Generation Firewalls
Cisco's extensive portfolio of Firepower Next-Generation firewalls delivers advanced protection and unified management at prices, speed, and scale to fit environments ranging from branch offices and small organizations to major enterprises and service providers. Cisco's Firepower Next Generation Firewalls (NGFWs) provide a significant performance improvement compared to Cisco's previous-generation firewalls and offer unified management and automation of modern cybersecurity capabilities such as application visibility, next-generation intrusion protection (NGIPS) with intelligent prioritization of risks, advanced malware protection, URL filtering, and multi-node sandboxing.
All Firepower NGFW firewalls incorporate a one-pass design and support continuous inspection and retrospective identification, which allows the firewalls to provide outbreak controls and to uncover patient zero. Firepower Next-Generation firewalls also offer URL Filtering and subscription-free sandboxing for finding elusive threats, behavioral indicators of compromise, and malware artifacts. Next-Generation IPS rule tuning and network firewall policy creation can be performed automatically, eliminating the need for manual intervention by IT security specialists. All Firepower Next-Generation firewalls offer the choice of using either Firepower Threat Defense or Cisco Adaptive Security Appliance (ASA) software. Unified deployment, logging, monitoring, and reporting functions can be managed either via Management Center or in the cloud with Defense Orchestrator.
Cisco Firepower 1000 Series Next-Generation Firewalls
Firepower Next-Generation 1000 Series Firewalls are targeted at small businesses, telecommuters, or branches. Devices in this family deliver improved price/performance vs. comparable Cisco ASA models, delivering 4-6X faster firewall throughput. Local management can be done using Firepower Device Manager. These firewalls feature a built-in 10/100/1000 RJ-45 Ethernet interface for network management, an RJ-45 console port, a USB interface, and 200 GB of storage. Active/active and Active/standby high availability is provided as well as virtual private network load balancing. For more details, visit Cisco Firepower 1000 Series NGFW firewalls consulting and troubleshooting services.
Cisco Firepower 2100 Series Next-Generation Firewalls
Cisco's Firepower 2100 Series NGFW Firewalls are single-rack units designed for use at the Internet edge or the data center. Firewalls in this series have a dual multicore CPU architecture that allows them to offer 3-6X higher performance than Cisco ASA models they are designed to succeed. Local management can be performed using Firepower Device Manager. All Firepower 2100 Series Next-Generation Firewalls include 12 RJ45 ports and four SFP ports. These units include one build-in 10/100/1000 RJ-45 Ethernet port for management, an RJ-45 console port, and one USB 2.0 Type-A port. Active/standby high availability is supported along with VPN load balancing. For more details, visit Cisco Firepower 2100 Series Next-Generation firewalls consulting and management services.
Cisco Firepower 4100 Series Next-Generation Firewalls
Cisco's Firepower 4100 Series Next-Generation Firewalls are single-rack units intended for use at the Internet edge. Firewalls in this family offer 5-10X higher performance than the Cisco ASA 5585-X firewall they are engineered to succeed. Local management can be done with Firepower Device Manager. All Firepower 4100 Series Next-Generation Firewalls include 8 integrated SFP+ interfaces and all can be expanded with a variety of plug-in network modules for up to 24 ports. All Firepower 4100 Series NGFW Firewalls support virtual private network load balancing, Active/standby high availability, and clustering of as many as six chassis. These firewalls feature a built-in 1Gb Ethernet port for network management, an RJ-45 console interface, and one USB port. For additional details, refer to Cisco Firepower 4100 Series Next-Generation firewalls consulting and troubleshooting expertise.
Cisco Firepower 9300 Series NGFW Firewalls
Cisco's Firepower 9300 Series NGFW Firewalls are massively scalable and carrier-grade firewalls. The 3RU chassis of Firepower 9300 Next-Generation Series firewalls can hold two add-in network modules as well as three security modules. Fully loaded, the Firepower 9300 can support 24 10-Gigabit SFP+ interfaces or eight 100G connections. Clustering of up to 5 chassis allows a total 1.2 Tbps of firewall performance. The top-of-the-line Cisco Firepower 9300 SM-56 provides 70 Gbps firewall performance and 27 Gbps IPsec VPN performance. The unit allows 35 million concurrent sessions, 490K new connections per second, and a maximum of 20K VPN peers.
Firepower Series security appliances accept either software or hardware modules that support Cisco's Firepower Services, which provide layered protection against advanced threats. Firepower Services are based on technology adopted by Cisco from Sourcefire. Key capabilities of Firepower Services include:
- Layered defense against both familiar and new attacks
- Advanced Malware Protection that uses big data to find and remediate security breaches
- Cisco's Next-Generation Intrusion Prevention System that provides contextual analysis that covers clients, network infrastructure, software applications, and content to detect attacks that use multiple approaches
- Fine-grained Application Visibility and Control (AVC that is aware of thousands of applications and can automatically launch standard and customized IPS policies depending on the degree of risk
Firepower Services for Next Generation firewalls offer multi-layered security
Smaller deployments of Firepower Next Generation security appliances can be effectively administered via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility included with all firewall models. ASDM includes an easy-to-use web dashboard for deploying, administering, and debugging NGFW devices and modules.
For more complex environments, Cisco's Next Gerneration appliances with Firepower Services can be administered using Cisco's Firepower Management Center, available as one or more physical units or virtual devices. Firepower Management Center provides centralized firewall management, Application Visibility and Control (AVC, enhanced IPS, URL filtering, and Cisco's Advanced Malware Protection (AMP). Because of frequent rebranding after Cisco's purchase of Sourcefire Defense Center, Firepower Management Center has been delivered under various names including Defense Center, FireSIGHT Defense Center, and FireSIGHT Management Center.
Cisco Firepower Management Center unifies event and policy control for Cisco Firepower firewall appliances
Cisco's Firepower Management Center appliance offers capabilities beyond those available with Cisco's on-device Adaptive Security Device Manager utility. Extra features include expanded context awareness, Cisco's Advanced Malware Protection (AMP) with remediation for user devices, a dashboard that provides real-time infrastructure visualization, automated policy optimization driven by impact evaluation of threats, advanced IPS, custom application detectors for Application Visibility and Control (AVC), customized health notifications, enhanced reporting features, and APIs for host input and databases. Hardware-dependent capabilities like clustering, stacking, switching, routing, VPN, and NAT must be handled via Cisco's on-box ASDM or the Firepower command line interface.
Progent's Migration Consulting for Cisco Firepower Firewalls
Since Cisco has discontinued selling the PIX 500 and ASA 5500 families of firewalls, many companies are concerned about relying on a critical infrastructure component that may no longer be supported. Firepower Series security appliances have the benefit of being current devices and also offer multiple functions and economic benefits in comparison to legacy firewalls. These advantages include significantly better throughput, optional Secure Sockets Layer tunneling support, and a modular design that protects your investment by enabling you to add new security services when and if you need them. Progent's CCIE-certified experts can assist you to determine the strategic case for upgrading from PIX 500 or Cisco ASA 5500 firewalls, design a migration plan that permits a quick and seamless changeover, help your IT staff to configure new Firepower NGFW Series firewalls, and provide remote training, consulting, and technical support services.
Other Ways Progent Can Support Your Cisco Firewalls
Cisco Firepower NGFW Series security appliances provide a wealth of setup, tracking, and troubleshooting features that give you the flexibility to set up these security appliances to match your company's needs. Progent's CCIE authorized network professionals can assist you to configure and support a cost-effective network infrastructure that includes Cisco firewall technology and that provides world-class protection, fault tolerance, throughput, and recoverability. Progent's GISA and CISSP-ISSP-premier IS security engineers can help your business to create a security strategy that makes sense for your environment and can configure your security appliance to enforce your security policies. Progent's risk evaluation engineers can evaluate the strength of your existing firewall deployment and audit the security of your entire IT network. Progent’s Technical Response Center (TRC) can deliver urgent online technical support for Cisco technology and offer fast access to a Cisco CCIE network engineer.
Progent can provide online or onsite consulting services and can deliver occasional expertise to help you with a stubborn technical bottleneck or Progent offers comprehensive project management and co-management support to ensure your network security initiative is completed on time and within budget.
To learn additional information about Progent's engineering help for Cisco products, pick a topic:
Contact Progent for Cisco Firewall Solutions
To ask Progent about consulting help with Cisco Firepower NGFW firewalls, call 1-800-993-9400 or visit Contact Progent.