Cisco is a perennial front-runner in developing cutting-edge firewall appliances for the widest possible range of environments. Cisco's Firepower Next Generation Firewalls provide an advanced cybersecurity platform that combines sophisticed hardware, cloud services, and next-generation intrusion protection system (NGIPS) to anticipate, identify, and mitigate threats automatically. Progent's Cisco-certified CCIE firewall consultants can help your organization to design and carry out a smooth migration to Firepower firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX appliances and help you enhance Firepower firewalls with Cisco's subscription-based security services to create and centrally control IT environments that span branch offices, data centers, private clouds and public clouds. Progent can also help you to maintain and troubleshoot older-generation Cisco security appliances. Progent's certified network security experts can assist you with policy creation and tuning driven by industry best practices so you can build a consistent and effective security profile across all your devices at any location.
Cisco's Firepower NGFW Firewalls
Cisco's extensive family of Firepower NGFW firewalls offers advanced protection and unified management at prices, performance levels, and scale to fit deployments spanning branch offices and small organizations to major enterprises and Internet service providers. Cisco's Firepower Next Generation Firewalls provide a major performance improvement over Cisco's older security appliances and include centralized control of modern security capabilities such as application visibility, next-generation intrusion protection (NGIPS) with risk prioritization, advanced malware protection, URL filtering, and sandboxing.
All Firepower Next-Generation firewalls incorporate a single-pass architecture and support uninterrupted analysis and retrospective detection, which makes it possible to initiate outbreak management and to uncover patient zero. Firepower Next-Generation firewalls also offer URL Filtering and subscription-free sandboxing for detecting evasive and sandbox-aware malware, actionable event correlations, and malware artifacts. Next-Generation IPS rule tuning and firewall policy creation can be performed automatically, requiring no time-consuming intervention by IT security specialists. All Firepower NGFW firewalls give you the option of using either Firepower Threat Defense or Cisco Adaptive Security Appliance (ASA) software. Centralized deployment, logging, system monitoring, and reporting capabilities can be controlled either via Cisco's Management Center or in the cloud with Defense Orchestrator.
Cisco Firepower 1000 Series NGFW Firewalls
Cisco Firepower Next-Generation 1000 Series Firewalls are targeted at small organizations, telecommuters, or branches. Devices in this family deliver improved value vs. comparable Cisco ASA 5506-X to ASA 5525-X firewalls, providing 4-6X faster firewall throughput. Local management can be done using Firepower Device Manager. 1000 Series firewalls include an integrated 10M/100M/1GBASE-T RJ-45 Ethernet port for network management, an RJ-45 console port, a USB 3.0 Type-A port, and 200 Gbytes of storage. High availability is supported along with VPN load balancing. For additional details, refer to Cisco Firepower 1000 Series NGFW firewalls consulting and management services.
Cisco Firepower 2100 Series Next-Generation Firewalls
Cisco's Firepower 2100 Series Next-Generation Firewalls are one-rack appliances designed for operation at the data center. Firewalls in this line feature a dual multicore processor architecture that enables them to deliver 3-6X faster throughput than Cisco ASA 5545-X to ASA 5555-X models they are engineered to replace. Local management can be done with Firepower Device Manager. All Firepower 2100 Series Next-Generation Firewalls incorporate 12 RJ45 ports and four SFP interfaces. These appliances include one integrated 10M/100M/1GBASE-T Ethernet interface for network management, an RJ-45 console port, and one USB 2.0 Type-A interface. Active/standby high availability is supported along with VPN load balancing. For additional specs, refer to Cisco Firepower 2100 Series Next-Generation firewalls consulting and management expertise.
Cisco Firepower 4100 Series NGFW Firewalls
Cisco's Firepower 4100 Series NGFW Firewalls are single-rack appliances designed for use at high-performance data centers. Firewalls in this series deliver 5-10X faster performance than the Cisco ASA 5585-X firewall they are engineered to succeed. Onsite management can be performed using Cisco Firepower Device Manager. All Firepower 4100 Series Next-Generation Firewalls include 8 built-in SFP+ ports and all can be expanded with a selection of add-in network modules for a maximum of 24 interfaces. All Firepower 4100 Series NGFW Firewalls support virtual private network load balancing, high availability, and clustering of up to six chassis. These devices feature an integrated 1Gb Ethernet interface for network management, one RJ-45 console port, and one USB 2.0 port. For additional details, visit Cisco Firepower 4100 Series Next-Generation firewalls consulting and troubleshooting services.
Cisco Firepower 9300 Series Next-Generation Firewalls
Cisco's Firepower 9300 Series NGFW Firewalls are highly scalable and carrier-grade firewalls. The 3 Rack Units (3RU) enclosure of Firepower 9300 NGFW Series firewalls can hold two network modules and three security modules. Fully loaded, the Firepower 9300 can support 24 10G SFP+ ports or eight 100 Gigabit Ethernet ports. Clustering of up to 5 9300 chassis delivers up to 1.2 Tbps of firewall throughput. The high-end Cisco Firepower 9300 SM-56 delivers 70 Gbps firewall performance and 27 Gbps IPsec VPN performance. The 9300 SM-56 allows 35 million simultaneous sessions, 490K new connections per second, and up to 20 VPN peers.
Cisco's Firepower Services
Firepower Next Generation security appliances work with software or hardware modules that support Cisco's Firepower Services, which offer layered defense against sophisticated attacks. Cisco's Firepower Services are based on innovative technology acquired by Cisco from Sourcefire. Major capabilities of Firepower Services include:
- Multi-layer defense against familiar and zero-day attacks
- Advanced Malware Protection (AMP) that uses big data to find and mitigate intrusions
- A Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that looks at users, network infrastructure, apps, and content to detect attacks that incorporate multiple approaches
- Fine-grained Application Visibility and Control (AVC that is familiar with thousands of applications and can automatically launch both standard and custom IPS policies depending on the severity of risk
Firepower Services for Next Generation firewalls provide advanced multi-layered threat protection
Simpler deployments of Cisco's Firepower Next Generation firewalls can be efficiently managed via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web tool included with all NGFW firewall versions. ASDM includes a simple web dashboard for deploying, managing, and debugging NGFW appliances and service modules.
For multi-device and multi-site environments, Cisco's Next Gerneration firewalls with Firepower Services can be administered using Firepower Management Center, implemented as one or several physical or virtual appliances. Firepower Management Center offers centralized firewall management, Application Visibility and Control (AVC, enhanced IPS, URL filtering, and Advanced Malware Protection. Due to frequent rebranding after Cisco's acquisition of Sourcefire Defense Center, Firepower Management Center has been offered under various names including Defense Center, Cisco Firesight Defense Center, and FireSIGHT Management Center.
Cisco Firepower Management Center unifies event and policy management for Firepower firewalls
Firepower Management Center appliance offers features unavailable with Cisco's on-box ASDM tool. Additional capabilities include greater context awareness, Advanced Malware Protection (AMP) with remediation for client devices, a dashboard that provides dynamic infrastructure visualization, automated policy optimization driven by risk assessment of threats, comprehensive IPS, custom app detectors for Application Visibility and Control (AVC), customized health notifications, improved reporting options, and application interfaces for host input and databases. Hardware-dependent capabilities such as clustering, stacking, switching, routing, VPN, and NAT must be managed using either Cisco's on-device ASDM or the Firepower CLI.
Progent's Migration Consulting Support for Cisco Firepower Firewalls
Since Cisco has ceased offering the PIX and ASA 5500 product lines, many businesses are concerned about relying on a critical security mechanism that might stop being supported. Firepower Series firewalls have the benefit of being new products and also bring multiple functions and budgetary advantages in comparison to legacy devices. These benefits include substantially higher performance, optional Secure Sockets Layer tunneling capability, and a modular architecture that guards your investment by allowing you to self-install new security features whenever you require them. Progent's Cisco network engineers can help your company to assess the strategic case for moving from PIX 500 or Cisco ASA 5500 security appliances, design a migration plan that allows for a fast and non-disruptive upgrade, help your IT staff to set up new Firepower NGFW Series firewalls, and offer online, consulting, and technical support services.
Additional Ways Progent Can Support Your Cisco Firewalls
Cisco's Firepower Next-Generation Series firewalls provide a wealth of configuration, monitoring, and analysis features which give you the ability to deploy these firewalls to align optimally with your business needs. Progent's CCIE authorized network consultants can help you to configure and support a cost-effective network infrastructure that incorporates Cisco firewalls and that provides world-class protection, fault tolerance, performance, and manageability. Progent's CISA and CISSP-ISSP-certified information security experts can assist you to create a security policy that makes sense for your situation and can set up your firewall to support your security policies. Progent's security assessment professionals can evaluate the strength of your existing firewall solution and validate the security of your whole IT network. Progentís Technical Response Center can deliver urgent remote technical support for Cisco technology and offer fast access to a Cisco CCIE network engineer.
Progent can provide online or on-premises consulting services and is available for occasional guidance to help you resolve a challenging technical bottleneck or Progent can provide end-to-end project management support to ensure your firewall initiative is performed on schedule and on budget.
To find out additional information concerning Progent's professional expertise for Cisco solutions, select a subject:
Contact Progent for Cisco Firewall Solutions
To ask Progent about consulting help with Cisco Firepower NGFW firewalls, call 1-800-993-9400 or visit Contact Progent.