Cisco is a perennial front-runner in delivering cutting-edge firewall appliances for the broadest possible variety of environments. Cisco's Firepower Next Generation Firewalls (NGFWs) represent a modern cybersecurity solution that combines dedicated hardware, cloud services, and machine learning to block, discover, and mitigate cyber attacks automatically. Progent's Cisco-certified CCIE-certified firewall consultants can help you to design and execute an efficient migration to Cisco Firepower firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX firewalls and show you how to enhance Firepower appliances with Cisco's subscription-based security services to build and centrally manage network environments that span local offices, data centers, and cloud resources. Progent can also assist you to maintain and debug legacy Cisco firewalls. Progent's certified cybersecurity experts can assist you with policy creation driven by industry best practices so you can establish a consistent and effective security posture across all your networked endpoints at any location.

Cisco's Firepower Next Generation Firewall Appliances
Cisco's extensive line of Firepower Next-Generation firewall appliances offers modern protection and unified control at price points, speed, and scale suitable for environments spanning home offices and small organizations to global enterprises and service providers. Cisco's Firepower NGFWs Firewalls deliver a major performance boost over Cisco's previous-generation security appliances and include unified management of advanced cybersecurity capabilities such as application visibility and control, next-generation intrusion protection with risk prioritization, advanced malware protection, DDoS mitigation, and sandboxing.

All Firepower NGFW firewalls incorporate a one-pass design and support uninterrupted inspection and retrospective detection, which allows the firewalls to initiate outbreak controls and to pinpoint root causes. Firepower Next-Generation firewalls also have the option of URL Filtering and subscription-free sandboxing for detecting evasive and sandbox-aware malware, behavioral indicators of compromise, and malware artifacts. NGIPS rule tuning and network firewall policy can be performed automatically, eliminating the need for time-consuming intervention by IT security experts. All Firepower Next-Generation firewalls offer the choice of using either Firepower Threat Defense or Cisco Adaptive Security Appliance software. Centralized deployment, logging, monitoring, and reporting capabilities can be managed either by Cisco's Management Center or in the cloud with Defense Orchestrator.

Cisco Firepower 1000 Series Next-Generation Firewalls
Firepower NGFW 1000 Series Firewalls ConsultingFirepower NGFW 1000 Series Firewalls are targeted at small organizations, telecommuters, or branch offices. Appliances in this series offer better value vs. corresponding Cisco ASA models, delivering 4-6X faster firewall throughput. Onsite management can be done using Cisco Firepower Device Manager. These firewalls feature an integrated 10M/100M/1GBASE-T RJ-45 Ethernet interface for network management, an RJ-45 console interface, a USB connection, and 200 Gbytes of storage. Active/active and Active/standby high availability is supported along with VPN load balancing. For additional details, visit Cisco Firepower 1000 Series Next-Generation firewalls consulting and management expertise.

Cisco Firepower 2100 Series NGFW Firewalls
Cisco Firepower 2100 Series NGFW Firewalls ExpertsCisco's Firepower 2100 Series Next-Generation Firewalls are 1RU units intended for deployment at the data center. Firewalls in this family have a dual multicore CPU design that allows them to offer 3-6X higher performance than Cisco ASA 5545-X to ASA 5555-X models they are designed to succeed. Onsite management can be performed using Firepower Device Manager. All Firepower 2100 Series Next-Generation Firewalls incorporate 12 RJ45 ports and four SFP interfaces. These appliances include one build-in 10M/100M/1GBASE-T Ethernet port for management, an RJ-45 console port, and one USB 2.0 Type-A port. Active/standby high availability is supported as well as virtual private network load balancing. For more details, visit Cisco Firepower 2100 Series NGFW firewalls consulting and management expertise.

Cisco Firepower 4100 Series NGFW Firewalls
Cisco Firepower 4100 Series Next-Generation Firewalls ConsultingCisco's Firepower 4100 Series Next-Generation Firewalls are 1RU rack units designed for use at the Internet edge. Firewalls in this line deliver 5-10X faster throughput than the Cisco ASA 5585-X firewall they are designed to replace. Onsite management can be done using Firepower Device Manager. All Firepower 4100 Series NGFW Firewalls have 8 integrated SFP+ interfaces and all can be expanded with a selection of add-in network modules for up to 24 interfaces. All Firepower 4100 Series Next-Generation Firewalls offer VPN load balancing, Active/standby high availability, and clustering of as many as six chassis. These devices include an integrated 1Gb Ethernet interface for management, one RJ-45 console interface, and one USB interface. For additional specs, visit Cisco Firepower 4100 Series NGFW firewalls consulting and management expertise.

Cisco Firepower 9300 Series Next-Generation Firewalls
Cisco Firepower 9300 Series Next-Generation Firewalls ConsultingCisco's Firepower 9300 Series NGFW Firewalls are massively scalable and ultra-high performing firewalls. The 3 Rack Units (3RU) enclosure of Firepower 9300 NGFW Series firewalls can hold two network modules and three security modules. Fully loaded, the Firepower 9300 can support 24 10-Gigabit SFP+ network interfaces or eight 100G interfaces. Clustering of up to five 9300 chassis allows a total 1.2 Tbps of firewall throughput. The top-of-the-line Cisco Firepower 9300 SM-56 provides 70 Gbps firewall throughput and 27 Gbps IPsec VPN performance. The unit allows 35 million simultaneous sessions, 490K new connections per second, and up to 000 VPN peers.

Cisco's Firepower Services
Cisco's Firepower NGFW firewalls accept software or hardware modules that support Cisco's Firepower Services, which provide layered defense against sophisticated threats. Firepower Services are powered by innovative technology adopted by Cisco from Sourcefire. Major capabilities of Firepower Services include:

  • Layered protection against both familiar and new threats
  • Cisco's Advanced Malware Protection (AMP) that utilizes big data techniques to find and remediate security breaches
  • Cisco's Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that looks at users, network infrastructure, software applications, and content to detect attacks that incorporate multiple vectors
  • Fine-grained Application Visibility and Control (AVC that is familiar with thousands of apps and can automatically launch both standard and custom IPS policies depending on the severity of threats
Cisco Firepower Configuration Expertise

Firepower Services for NGFW firewalls provide advanced multi-layered protection

Smaller implementations of Firepower NGFW security appliances can be effectively managed via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility included with all firewall versions. ASDM provides a convenient web console for deploying, administering, and debugging Firepower devices and modules.

For more complex deployments, NGFW firewalls with Firepower Services can be administered using Cisco's Firepower Management Center, implemented as one or more physical or virtual appliances. Cisco's Firepower Management Center provides centralized firewall management, Application Visibility and Control (AVC, enhanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Because of ongoing rebranding since Cisco's acquisition of Sourcefire Defense Center, Cisco's Firepower Management Center has been delivered under various names including Cisco Defense Center, FireSIGHT Defense Center, and Cisco Firesight Management Center.

Cisco Firepower Management Center Consultants

Firepower Management Center centralizes event and policy control for Firepower firewall appliances

Firepower Management Center appliance provides capabilities unavailable with Cisco's on-device ASDM tool. Additional capabilities include greater context awareness, Advanced Malware Protection with remediation for user devices, a dashboard that provides dynamic network infrastructure visualization, automated policy tuning driven by risk evaluation of attacks, comprehensive IPS, custom application detectors for Application Visibility and Control (AVC), customized health notifications, enhanced reporting options, and application interfaces for host input and databases. Hardware-dependent options such as clustering, stacking, switching, routing, VPN, and NAT must be managed via the on-box ASDM or the Firepower CLI.

Progent's Migration Support for Cisco Firepower Firewalls
Because Cisco has stopped offering the PIX and ASA 5500 product lines, many companies are uncomfortable with relying on a critical infrastructure mechanism that may no longer be supported by Cisco. Firepower Series firewalls have the advantage of being new products and also offer important functions and economic benefits in comparison to legacy firewalls. These advantages include substantially higher performance, optional SSL tunneling support, and an expandable design that protects your investment by enabling you to add new security services whenever you require them. Progent's Cisco certified network engineers can help you to determine the business value of for upgrading from PIX or Cisco ASA 5500 firewalls, design a migration plan that permits a fast and non-disruptive changeover, help your IT staff to set up new Firepower NGFW Series appliances, and provide remote training, consulting, and troubleshooting services.

Other Ways Progent Can Support Your Cisco Firewalls
Cisco's Firepower NGFW Series firewalls incorporate an array of configuration, monitoring, and analysis options which offer you the flexibility to configure these security appliances to match your business requirements. Progent's CCIE authorized network consultants can assist you to configure and support a cost-effective infrastructure that incorporates Cisco security appliances and that offers advanced security, fault tolerance, throughput, and manageability. Progent's CISA and CISSP-ISSP-certified information security experts can assist you to develop a security policy appropriate for your situation and can set up your security appliance to support your security policies. Progent's risk assessment professionals can evaluate the effectiveness of your current firewall solution and help determine the security of your whole information system network. Progentís Technical Response Center (TRC) can deliver emergency remote technical support for Cisco products and offer fast access to a Cisco network engineer.

Progent can provide online or on-premises support and can deliver as-needed expertise to help your organization resolve a challenging technical bottleneck or Progent can provide end-to-end project management services to ensure your firewall initiative is completed on schedule and on budget.

To find out additional information concerning Progent's professional support for Cisco solutions, choose a topic:

Contact Progent for Cisco Firewall Solutions
To ask Progent about consulting help with Cisco Firepower NGFW firewalls, call 1-800-993-9400 or visit Contact Progent.

More topics of interest: