Cisco is a long-time leader in developing state-of-the-art firewalls for the widest possible range of deployments. Cisco's Firepower Next Generation Firewall (NGFW) security appliances provide an advanced cybersecurity solution that combines sophisticed hardware, cloud services, and machine learning to anticipate, discover, and respond to cyber attacks without manual intervention. Progent's Cisco-certified CCIE firewall experts can assist you to plan and execute an efficient migration to Cisco Firepower firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX appliances and show you how to enhance Firepower firewalls with Cisco's security services to create and centrally manage network environments that span branch offices, data centers, and cloud resources. Progent can also assist you to manage and debug legacy Cisco security appliances. Progent's certified cybersecurity consultants can assist you with policy creation and tuning based on leading practices in order to establish a consistent and effective cybersecurity posture across all your networked devices anywhere.
Cisco's Firepower NGFW Firewall Appliances
Cisco's line of Firepower Next-Generation Firewalls deliver modern security and unified control at price points, speed, and expandability suitable for environments ranging from telecommuters and small organizations to global enterprises and Internet service providers. Cisco's Firepower NGFW devices deliver a major performance boost compared to Cisco's older security appliances and include centralized control of advanced cybersecurity features such as application visibility and control (AVC), next-generation intrusion protection with risk prioritization, advanced malware protection (AMP), URL filtering, and sandboxing.
All Firepower NGFW firewalls incorporate a single-pass architecture and permit continuous analysis and retrospective identification, which makes it possible to initiate outbreak management and to pinpoint patient zero. Firepower NGFW firewalls also have the option of URL Filtering and subscription-free sandboxing for detecting elusive malware, actionable event correlations, and malware artifacts. NGIPS rule tuning and firewall policy are performed automatically, requiring no time-consuming intervention by cybersecurity experts. All Firepower NGFW firewalls offer the option of using either Firepower Threat Defense (FTD) or Cisco Adaptive Security Appliance software. Centralized deployment, logging, system monitoring, and reporting functions can be managed either via Management Center or in the cloud with Cisco Defense Orchestrator.
Cisco Firepower 1000 Series NGFW Firewalls
Cisco Firepower Next-Generation 1000 Series Firewalls are intended for small organizations, home offices, or branches. Firewalls in this family offer improved value vs. comparable Cisco ASA 5506-X to ASA 5525-X firewalls, providing 4-6X higher firewall speed. Local management can be done using Cisco Firepower Device Manager. 1000 Series firewalls feature an integrated 10/100/1000 RJ-45 Ethernet interface for management, an RJ-45 console interface, a USB interface, and 200 GB of storage. High availability is supported as well as VPN load balancing.
Cisco's Firepower 1010 firewall is a desktop, quiet appliance that delivers 890 Mbps throughput, Application Visibility/Control (AVC), and NGIPS. The appliance has eight integrated RJ-45 I/O interface ports, two of them POE+ capable. IPsec VPN throughput is 500 Mbps and the unit allows 100K simultaneous sessions, 6,000 new connections/second, and up to 75 VPN peers. The Firepower 1120 firewall is a 1RU device that provides firewall throughput of 2.3 Gbps. The firewall has 8 RJ45 integrated I/O interfaces and four SFP interfaces. IPsec VPN throughput is 1.2 Gbps and the appliance supports 200K concurrent sessions, 15,000 new connections/second with Application Visibility/Control, and up to 150 VPN peers.
The Firepower 1140 firewall is a 1RU rackmount device that offers firewall throughput of 3.3 Gbps. The firewall comes with eight built-in RJ-45 ports and 4 SFP ports. IPsec VPN throughput is 1.4 Gbps and the unit supports 400K simultaneous sessions, 22K new connections/second with Application Visibility/Control, and up to 400 VPN peers. The Firepower 1150 firewall is a 1RU appliance that delivers firewall performance of 5.3 Gbps. The firewall features 8 integrated RJ-45 interface ports, two SFP interface ports, and two 10G SFP+ interfaces. IPsec VPN performance is 2.4 Gbps and the firewall allows 600K concurrent sessions, 28,000 new connections/second, and a maximum of 800 VPN peers.
Cisco Firepower 2100 Series Next-Generation Firewalls
Cisco's Firepower 2100 Series Next-Generation Firewalls are 1RU appliances designed for deployment at the Internet edge or the data center. Devices in this family feature a dual multicore CPU architecture that enables them to offer 3-6X faster performance than Cisco ASA 5545-X to ASA 5555-X models they are designed to replace. Local management can be performed using Firepower Device Manager. All Firepower 2100 Series Next-Generation Firewalls include 12 RJ45 interfaces and four SFP interfaces. These firewalls include one build-in 10M/100M/1GBASE-T Ethernet port for management, an RJ-45 console port, and one USB connection. Active/standby high availability is supported along with virtual private network load balancing.
The Firepower 2110 model firewall comes with 4 built-in 1 Gb SFP Ethernet interface ports and 100 GB of storage. The 2110 offers 2.6 Gbps firewall throughput and 800 Mbps IPsec VPN performance and supports 1 million simultaneous sessions, 18,000 new connections per second, and as many as 1,500 VPN peers. Cisco's Firepower 2120 model firewall features 12 integrated 10M/100M/1GBASE-T Ethernet RJ-45 interfaces, four integrated 1G SFP Ethernet ports, and 100 GB of storage. The 2120 delivers 3.4 Gbps firewall performance and 1 Gbps IPsec VPN throughput and allows 1.5 million simultaneous sessions, 28,000 new connections per second and as many as 3,500 VPN peers.
Cisco's Firepower 2130 firewall comes with 4 built-in 10 Gb SFP+ interfaces and 200 GB of storage. The 2130 also accepts a network module with eight additional interfaces. The Firepower 2130 offers 5.4 Gbps firewall throughput and 1.9 Gbps IPsec VPN performance and supports two million concurrent sessions, 30,000 new connections per second, and as many as 7,500 VPN peers. Cisco's top-of-the-line Firepower 2140 firewall has four built-in 10G SFP+ ports and 200 GB of storage. The unit also scales via a network module with eight extra ports for a total of 24 Ethernet ports. The 2140 model offers 10.4 Gbps firewall performance and 3.6 1Gbps IPsec VPN performance and allows three million simultaneous, 57,000 new connections/second, and a maximum of 10,000 VPN peers. Both the 2130 and 2140 model firewalls have the option of redundant AC or DC power supplies.
Cisco Secure Firewall 3100 Series
Cisco's Secure Firewall 3100 Series appliances are modular single-rack units intended for enterprises who need performance, high port density, and zero-trust cybersecurity at the Internet edge, the corporate data center, or a private cloud. For maximum availability, all Secure Firewall 3100 Series models support 8-chassis clustering and operate in either Active/active or Active/standby mode. The devices can run Cisco's ASA or Firewall Threat Defense (FTD) software. Built-in I/O for each device includes 8 10M/100M/1GBASE-T ports (RJ-45) and 8 1/10 Gigabit Ethernet interface ports. Available network modules offer 1/10/25/40G options and all models come with 900 GB of storage plus an additional storage slot.
Cisco's Secure Firewall 3110 model offers 18 Gbps firewall performance and 8 Gbps IPsec VPN throughput. The 3110 allows two million concurrent sessions, 64,000 new connections per second, and as many as 3,000 VPN peers. Cisco's Secure Firewall 3120 device offers 22 Gbps firewall throughput and up to 10 Gbps IPsec VPN performance. The 3120 allows 4 million concurrent sessions, 98K new connections per second, and as many as 7,000 VPN peers. Cisco's Secure Firewall 3130 model offers 42 Gbps firewall throughput and up to 14 Gbps IPsec VPN performance. The 3130 firewall supports 6 million simultaneous sessions, 200K new connections/second, and up to 15,000 VPN peers. Cisco's Secure Firewall 3140 device offers 49 Gbps firewall throughput and 17 Gbps IPsec VPN throughput. The 3140 firewall supports 10 million concurrent sessions, 200K new connections/second, and as many as 20K VPN peers.
Cisco Firepower 4100 Series NGFW Firewalls
Cisco's Firepower 4100 Series Next-Generation Firewalls are single-rack units designed for operation at the Internet edge or high-performance data centers. Devices in this series offer 5-10X higher throughput than the Cisco ASA 5585-X firewall they are designed to succeed. Onsite management can be done using Cisco Firepower Device Manager. All Firepower 4100 Series NGFW Firewalls include 8 integrated SFP+ interfaces and all can be expanded with a variety of add-in network modules for a maximum of 24 interfaces. All Firepower 4100 Series Next-Generation Firewalls offer VPN load balancing, Active/standby high availability, and clustering of up to six chassis. These security appliances include a built-in 1Gb Ethernet interface for management, an RJ-45 console port, and one USB port.
Cisco's Firepower 4110 firewall includes 200 GB of storage and offers 13 Gbps firewall performance and 6 Gbps IPsec VPN throughput. The 4110 supports 10 million concurrent sessions, 64K new connections/second, and up to 10K VPN peers. Cisco's Firepower 4112 firewall has 400 GB of storage and offers 19 Gbps firewall performance and 8.5 Gbps IPsec VPN throughput. The 4112 appliance allows 10 million simultaneous sessions, 98K new connections per second, and up to 10,000 VPN peers. Cisco's more recent Firepower 4115 device includes 400 GB of storage and delivers 27 Gbps firewall performance and 8 Gbps IPsec VPN throughput. The 4115 firewall allows 15 million concurrent sessions, 200K new connections/second, and up to 15,000 VPN peers. Cisco's Firepower 4120 appliance has 200 GB of storage and delivers 22 Gbps firewall throughput and 19 Gbps IPsec VPN performance. The 4120 unit allows 15 million concurrent sessions, 118K new connections per second, and as many as 15,000 VPN peers. Cisco's more recent Firepower 4125 firewall has 800 GB of storage and offers 40 Gbps firewall performance and 14 Gbps IPsec VPN throughput. The 4125 unit allows 25 million concurrent sessions, 265K new connections/second, and up to 20K VPN peers.
The Firepower 4140 firewall has 400 GB of storage and delivers 32 Gbps firewall performance and 13 Gbps IPsec VPN throughput. The 4140 unit allows 25 million concurrent sessions, 172K new connections per second, and a maximum of 20K VPN peers. Cisco's newer Firepower 4145 device has 800 GB of storage and offers 53 Gbps firewall performance and 18 Gbps IPsec VPN performance. The 4145 firewall allows 30 million simultaneous sessions, 350K new connections/second, and up to 20K VPN peers. Cisco's Firepower 4150 unit features 400 GB of storage and delivers 45 Gbps firewall performance and 14 Gbps IPsec VPN throughput. The 4150 firewall supports 30 million simultaneous sessions, 263K new connections per second, and a maximum of 20K VPN peers.
Cisco Firepower 9300 Series Next-Generation Firewalls
Cisco's Firepower 9300 Series Next-Generation Firewalls are massively scalable and ultra-high performing firewalls. The 3 Rack Units enclosure of Firepower 9300 NGFW Series firewalls can hold two add-in network modules as well as three security modules. Fully loaded, the Firepower 9300 can support 24 10G SFP+ ports or eight 100G interfaces. Intrachassis clustering of up to five chassis delivers up to 1.2 Tbps of firewall throughput. The high-end Cisco Firepower 9300 SM-56 delivers 70 Gbps firewall performance and 27 Gbps IPsec VPN performance. The unit allows 35 million concurrent sessions, 490K new connections per second, and up to 20,000 VPN peers.
Cisco's Firepower Next Generation security appliances accept software or hardware modules that support Cisco's Firepower Services, which provide layered protection against sophisticated threats. Cisco's Firepower Services are based on innovative technology adopted by Cisco from Sourcefire. Major features of Firepower Services include:
- Layered defense against familiar and zero-day attacks
- Advanced Malware Protection that utilizes big data to discover and mitigate security breaches
- A Next-Generation Intrusion Prevention System that provides contextual analysis that looks at users, infrastructure, software applications, and content to discover attacks that incorporate multiple approaches
- Fine-grained Application Visibility and Control (AVC that is familiar with thousands of applications and can automatically launch both standard and customized IPS policies depending on the degree of threats
Firepower Services for Next Generation firewalls offer multi-layered threat protection
Smaller deployments of Cisco's Firepower Series security appliances can be efficiently administered via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based utility included with all NGFW firewall models. ASDM includes a simple web dashboard for configuring, administering, and troubleshooting Firepower firewalls and modules.
For more complex environments, NGFW firewalls with Firepower Services can be administered with Firepower Management Center, available as one or several physical or virtual devices. Firepower Management Center offers centralized firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Due to frequent rebranding after Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under various names that include Defense Center, Cisco Firesight Defense Center, and FireSIGHT Management Center.
Cisco Firepower Management Center centralizes event and policy management for Firepower firewalls
Firepower Management Center appliance offers capabilities unavailable with Cisco's on-device Adaptive Security Device Manager tool. Additional features include greater context awareness, Advanced Malware Protection with mitigation for client devices, a console that provides real-time network visualization, automated policy tuning based on impact assessment of attacks, comprehensive IPS, custom application discovery for Application Visibility and Control (AVC), customized health notifications, improved reporting features, and APIs for host input and database access. Hardware-dependent features such as clustering, stacking, switching, routing, VPN, and NAT must be managed using the on-device ASDM or the Firepower CLI.
Progent's Migration Consulting Services for Cisco Firepower Firewalls
Because Cisco has ceased selling the PIX and ASA 5500 families of firewalls, many companies are concerned about depending on a critical infrastructure mechanism that may stop being supported by Cisco. Firepower NGFW Series security appliances offer the benefit of being new devices and also bring multiple functions and budgetary advantages in comparison to legacy devices. These advantages include substantially better throughput, optional SSL VPN capability, and a modular architecture that protects your investment by enabling you to self-install new security services when and if you require them. Progent's Cisco certified experts can help your company to assess the business case for moving from PIX 500 or ASA 5500 firewalls, create a migration plan that allows for a quick and non-disruptive changeover, assist you to configure new Firepower Series firewalls, and offer remote training, consulting, and technical support services.
Other Ways Progent Can Support Your Cisco Firewalls
Cisco Firepower Next-Generation Series firewalls incorporate a wealth of setup, tracking, and analysis features which give you the ability to deploy these security appliances to align optimally with your business requirements. Progent's CCIE authorized network professionals can help you to design an efficient infrastructure that incorporates Cisco firewall technology and that provides advanced protection, resilience, throughput, and manageability. Progent's GISA and CISSP-ISSP-certified information security professionals can help your business to create a security policy that makes sense for your situation and can set up your firewall to enforce your security strategy. Progent's security evaluation professionals can evaluate the strength of your existing firewall deployment and validate the security of your entire information system environment. Progent's Technical Response Center can deliver urgent online troubleshooting for Cisco products and offer fast access to a Cisco expert.
Progent can provide remote or on-premises consulting services and can deliver as-needed expertise to help your organization with a stubborn IT impasse or Progent offers end-to-end project management services to ensure your network security initiative is performed on schedule and on budget.
To learn additional information about Progent's consulting assistance for Cisco solutions, pick a topic:
Contact Progent for Cisco Firewall Solutions
To ask Progent about consulting help with Cisco Firepower NGFW firewalls, call 1-800-993-9400 or visit Contact Progent.