Cisco is a long-time front-runner in delivering cutting-edge firewalls for the broadest possible range of deployments. Cisco's Firepower Next Generation Firewall (NGFW) appliances represent an advanced cybersecurity platform that marshals sophisticed hardware, cloud services, and machine learning to block, discover, and mitigate cyberthreats automatically. Progent's Cisco-certified CCIE-certified firewall consultants can help your organization to design and execute a smooth upgrade to Cisco Firepower firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX appliances and show you how to integrate Firepower appliances with Cisco's cloud-based services to create and centrally control IT ecosystems that span branch offices, data centers, and cloud resources. Progent's firewall consultants can also help you to maintain and troubleshoot legacy Cisco firewalls. Progent's certified network security experts can help you with policy creation driven by industry best practices in order to build a consistent and effective cybersecurity profile across all your endpoints anywhere.
Cisco's Firepower NGFW Firewall Appliances
Cisco's family of Firepower Next-Generation Firewalls offer advanced protection and unified control at prices, performance levels, and scale to fit deployments ranging from telecommuters and small businesses to global enterprises and service providers. Cisco's Firepower NGFW appliances deliver a significant performance boost over Cisco's previous-generation firewalls and offer unified control of advanced cybersecurity features such as application visibility, next-generation intrusion protection with intelligent prioritization of risks, advanced malware protection (AMP), DDoS mitigation, and multi-node sandboxing.
All Firepower Next-Generation firewalls incorporate a one-pass design and support uninterrupted inspection and retrospective detection, which makes it possible to provide outbreak management and to pinpoint patient zero. Firepower Next-Generation firewalls also offer URL Filtering and subscription-free sandboxing for finding elusive malware, IoCs, and malware artifacts. Next-Generation IPS rule tuning and network firewall policy are performed automatically, eliminating the need for time-consuming intervention by cybersecurity experts. All Firepower NGFW firewalls give you the option of running either Cisco Firepower Threat Defense or Cisco Adaptive Security Appliance (ASA) software. Unified configuration, logging, monitoring, and reporting functions can be controlled either by Cisco's Management Center or in the cloud with Cisco Defense Orchestrator.
Cisco Firepower 1000 Series NGFW Firewalls
Cisco Firepower Next-Generation 1000 Series Firewalls are intended for small businesses, home offices, or branches. Firewalls in this series offer better price/performance vs. corresponding Cisco ASA firewalls, providing 4-6X faster firewall throughput. Local management can be performed using Cisco Firepower Device Manager. 1000 Series appliances feature a built-in 10/100/1000 RJ-45 Ethernet interface for network management, an RJ-45 console port, a USB port, and 200 Gbytes of storage. High availability is supported as well as VPN load balancing.
Cisco's Firepower 1010 model is a desktop or wall-mount, fanless appliance that delivers 890 Mbps performance, Application Visibility/Control (AVC), and Next Generation Intrusion Prevention System (NGIPS). The unit comes with eight integrated RJ-45 I/O interfaces, two of them POE+ capable. IPsec VPN throughput is 500 Mbps and the device allows 100K simultaneous sessions, 6,000 new connections per second, and a maximum of 75 VPN peers. The Firepower 1120 firewall is a 1RU device that delivers firewall performance of 2.3 Gbps. The appliance includes 8 RJ45 built-in I/O ports and four SFP interfaces. IPsec VPN performance is 1.2 Gbps and the unit supports 200K concurrent sessions, 15,000 new connections/second with Application Visibility/Control, and a maximum of 150 VPN peers.
The Firepower 1140 firewall is a 1RU rackmount device that offers firewall throughput of 3.3 Gbps. The unit comes with eight integrated RJ-45 interface ports and 4 SFP ports. IPsec VPN throughput is 1.4 Gbps and the firewall supports 400K concurrent sessions, 22K new connections per second with Application Visibility/Control, and up to 400 VPN peers. The Firepower 1150 model firewall is a 1RU rackmount appliance that delivers firewall throughput of 5.3 Gbps. The appliance comes with eight integrated RJ-45 ports, two SFP ports, and two 10G SFP+ interface ports. IPsec VPN throughput is 2.4 Gbps and the firewall allows 600K concurrent sessions, 28,000 new connections/second, and a maximum of 800 VPN peers.
Cisco Firepower 2100 Series NGFW Firewalls
Cisco's Firepower 2100 Series NGFW Firewalls are 1RU units designed for use at the Internet edge. Firewalls in this line have a dual multicore CPU design that allows them to offer 3-6X higher performance than Cisco ASA models they are engineered to replace. Local management can be done with Firepower Device Manager. All Firepower 2100 Series Next-Generation Firewalls include 12 RJ45 ports and four SFP interfaces. These firewalls include one integrated 10M/100M/1GBASE-T Ethernet port for management, an RJ-45 console interface, and one USB connection. Active/standby high availability is supported along with VPN load balancing.
Cisco's Firepower 2110 firewall includes 4 built-in 1 Gb SFP Ethernet interfaces and 100 GB of storage. The 2110 delivers 2.6 Gbps firewall throughput and 800 Mbps IPsec VPN performance and supports 1 million simultaneous sessions, 18,000 new connections per second, and up to 1,500 VPN peers. Cisco's Firepower 2120 firewall comes with 12 integrated 10M/100M/1GBASE-T Ethernet RJ-45 ports, four built-in 1G SFP Ethernet interface ports, and 100 GB of storage. The 2120 delivers 3.4 Gbps firewall throughput and 1 Gbps IPsec VPN performance and permits 1.5 million concurrent sessions, 28,000 new connections per second and as many as 3,500 VPN peers.
Cisco's Firepower 2130 model firewall features 4 integrated 10 Gigabit SFP+ interface ports and 200 GB of storage. The 2130 also scales via a network module with 8 additional interface ports. The Firepower 2130 offers 5.4 Gbps firewall throughput and 1.9 Gbps IPsec VPN throughput and supports 2 million simultaneous sessions, 30,000 new connections/second, and up to 7,500 VPN peers. Cisco's top-of-the-line Firepower 2140 firewall features 4 integrated 10G SFP+ interfaces and 200 GB of storage. The 2140 also accepts a network module with 8 additional interface ports for a maximum of 24 Ethernet interfaces. The 2140 model offers 10.4 Gbps firewall throughput and 3.6 1Gbps IPsec VPN performance and supports 3 million simultaneous, 57,000 new connections/second, and up to 10,000 VPN peers. Both the 2130 and 2140 model firewalls feature dual AC or DC power supplies.
Cisco Secure Firewall 3100 Series
Cisco's 3100 Firewall Series models are modular 1RU rack devices intended for large companies who need throughput, high port count, and zero-trust security at the Internet edge, the data center, or a private cloud. For maximum availability, all Secure Firewall 3100 Series models support 8-device clustering and work in Active/active or Active/standby mode. The appliances can run Cisco's ASA or FTD software. Built-in I/O for each device includes 8 10M/100M/1GBASE-T Ethernet interface ports (RJ-45) and eight 1/10 Gigabit (SFP) Ethernet ports. Available network modules support 1/10/25/40G options and all versions come with 900 GB of storage as well as a spare storage expansion slot.
Cisco's Secure Firewall 3110 device offers 18 Gbps firewall throughput and 8 Gbps IPsec VPN performance. The 3110 allows 2 million simultaneous sessions, 64,000 new connections/second, and as many as 3,000 VPN peers. Cisco's Secure Firewall 3120 model delivers 22 Gbps firewall throughput and 10 Gbps IPsec VPN throughput. The 3120 allows 4 million simultaneous sessions, 98K new connections/second, and as many as 7,000 VPN peers. Cisco's Secure Firewall 3130 model offers 42 Gbps firewall throughput and 14 Gbps IPsec VPN performance. The 3130 allows 6 million simultaneous sessions, 200K new connections/second, and up to 15,000 VPN peers. Cisco's 3140 Firewall appliance delivers 49 Gbps firewall throughput and 17 Gbps IPsec VPN performance. The 3140 firewall supports 10 million concurrent sessions, 200K new connections per second, and a maximum of 20K VPN peers.
Cisco Firepower 4100 Series NGFW Firewalls
Cisco's Firepower 4100 Series NGFW Firewalls are 1RU appliances intended for deployment at high-performance data centers. Firewalls in this family deliver 5-10X faster throughput than the Cisco ASA 5585-X device they are engineered to replace. Onsite management can be performed using Cisco Firepower Device Manager. All Firepower 4100 Series Next-Generation Firewalls have 8 integrated SFP+ interfaces and all can be expanded with a variety of add-in network modules for up to 24 interfaces. All Firepower 4100 Series NGFW Firewalls offer VPN load balancing, Active/standby high availability, and clustering of up to six chassis. These firewalls feature an integrated 1Gb Ethernet port for management, one RJ-45 console port, and one USB 2.0 interface.
Cisco's Firepower 4110 firewall has 200 GB of storage and delivers 13 Gbps firewall performance and 6 Gbps IPsec VPN throughput. The 4110 model supports 10 million concurrent sessions, 64K new connections per second, and a maximum of 10K VPN peers. Cisco's Firepower 4112 firewall features 400 GB of storage and delivers 19 Gbps firewall performance and 8.5 Gbps IPsec VPN performance. The 4112 firewall allows 10 million concurrent sessions, 98K new connections per second, and as many as 10,000 VPN peers. Cisco's more recent Firepower 4115 firewall has 400 GB of storage and delivers 27 Gbps firewall performance and 8 Gbps IPsec VPN performance. The 4115 firewall supports 15 million concurrent sessions, 200K new connections/second, and a maximum of 15,000 VPN peers. Cisco's Firepower 4120 appliance includes 200 GB of storage and delivers 22 Gbps firewall throughput and 19 Gbps IPsec VPN performance. The 4120 firewall supports 15 million concurrent sessions, 118K new connections/second, and a maximum of 15,000 VPN peers. Cisco's newer Firepower 4125 appliance features 800 GB of storage and offers 40 Gbps firewall performance and 14 Gbps IPsec VPN throughput. The 4125 unit allows 25 million simultaneous sessions, 265K new connections per second, and as many as 20K VPN peers.
The Firepower 4140 model firewall includes 400 GB of storage and offers 32 Gbps firewall throughput and 13 Gbps IPsec VPN throughput. The 4140 firewall supports 25 million concurrent sessions, 172K new connections/second, and as many as 20K VPN peers. Cisco's more recent Firepower 4145 model comes with 800 GB of storage and offers 53 Gbps firewall throughput and 18 Gbps IPsec VPN throughput. The 4145 unit allows 30 million concurrent sessions, 350K new connections/second, and as many as 20K VPN peers. The Cisco Firepower 4150 firewall includes 400 GB of storage and delivers 45 Gbps firewall performance and 14 Gbps IPsec VPN performance. The 4150 firewall supports 30 million simultaneous sessions, 263K new connections per second, and as many as 20K VPN peers.
Cisco Firepower 9300 Series NGFW Firewalls
Cisco's Firepower 9300 Series Next-Generation Firewalls are massively scalable and carrier-grade security appliances. The 3RU chassis of Firepower 9300 Next-Generation Series firewalls accepts two network modules as well as three security modules. Fully loaded, the Firepower 9300 can hold 24 10-Gigabit Ethernet Enhanced Small Form-Factor Pluggable interfaces or eight 100G interfaces. Clustering of up to 5 chassis delivers up to 1.2 Tbps of firewall throughput. The top-of-the-line Cisco Firepower 9300 SM-56 delivers 70 Gbps firewall performance and 27 Gbps IPsec VPN throughput. The 9300 SM-56 allows 35 million concurrent sessions, 490K new connections per second, and a maximum of 20,000 VPN peers.
Cisco's Firepower NGFW firewalls work with either software or hardware modules that enable Firepower Services, which offer layered protection against advanced attacks. Firepower Services are powered by technology acquired by Cisco from Sourcefire. Key capabilities of Firepower Services include:
- Layered protection against both familiar and zero-day attacks
- Advanced Malware Protection (AMP) that utilizes big data techniques to find and remediate security breaches
- Cisco's Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that covers clients, network infrastructure, software applications, and content to detect attacks that incorporate multiple approaches
- Fine-grained Application Visibility and Control (AVC that is familiar with thousands of applications and can automatically activate both standard and custom IPS policies based on the degree of threats
Firepower Services for Next Generation firewalls provide advanced multi-layered threat protection
Smaller implementations of Cisco's Firepower Series security appliances can be effectively administered via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based utility which is provided with all NGFW firewall versions. ASDM includes a convenient web console for configuring, administering, and troubleshooting Firepower firewalls and modules.
For more complex environments, NGFW firewalls with Firepower Services can be administered with Firepower Management Center, implemented as one or several physical or virtual appliances. Cisco's Firepower Management Center offers unified firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection (AMP). Because of ongoing rebranding after Cisco's purchase of Sourcefire Defense Center, Firepower Management Center has been delivered under various names that include Cisco Defense Center, Cisco Firesight Defense Center, and FireSIGHT Management Center.
Firepower Management Center unifies event and policy management for Firepower firewall appliances
Firepower Management Center appliance provides features unavailable with Cisco's on-device ASDM utility. Extra features include greater context awareness, Advanced Malware Protection with remediation for client devices, a dashboard that offers dynamic infrastructure visualization, automated policy optimization based on impact assessment of threats, comprehensive IPS, custom app discovery for Application Visibility and Control, customized health notifications, enhanced reporting options, and application interfaces for host input and databases. Hardware-dependent capabilities such as clustering, stacking, switching, routing, VPN, and NAT must be handled using either the on-box ASDM or the Firepower command line interface.
Progent's Migration Support for Cisco Next Generation Firewalls
Since Cisco has discontinued selling the PIX 500 and ASA 5500 families of firewalls, many companies are uncomfortable with relying on a key infrastructure component that may no longer be supported. Firepower Series firewalls have the advantage of being current products and also offer multiple technical and financial benefits in comparison to legacy firewalls. These benefits include substantially better throughput, optional Secure Sockets Layer VPN capability, and an expandable architecture that guards your investment by allowing you to add more security features when and if you require them. Progent's CCIE-certified network engineers can help you to assess the strategic case for moving from PIX or ASA 5500 security appliances, create a migration plan that allows for a quick and non-disruptive changeover, assist you to install new Firepower NGFW Series firewalls, and offer online, consulting, and technical support services.
Additional Ways Progent Can Support Your Cisco Firewalls
Cisco's Firepower NGFW Series firewalls provide an array of configuration, tracking, and troubleshooting features which give you the ability to configure these firewalls to align optimally with your business requirements. Progent's CCIE authorized network consultants can help you to configure and support a cost-effective infrastructure that incorporates Cisco firewalls and that provides world-class protection, fault tolerance, throughput, and recoverability. Progent's GISA and CISM-premier information security professionals can assist your business to develop a security policy appropriate for your environment and can configure your security appliance to enforce your security policies. Progent's risk evaluation consultants can assess the effectiveness of your existing firewall solution and validate the overall security of your entire information system network. Progentís Technical Response Center can provide emergency remote troubleshooting for Cisco technology and offer fast access to a Cisco expert.
Progent can provide remote or on-premises support and can deliver occasional expertise to help you with a challenging technical impasse or Progent offers comprehensive project management and co-management support to make sure your network security initiative is completed on time and on budget.
To see more details about Progent's consulting expertise for Cisco solutions, select a subject:
Contact Progent for Cisco Firewall Solutions
To ask Progent about consulting help with Cisco Firepower NGFW firewalls, call 1-800-993-9400 or visit Contact Progent.