Cisco Network Consultants

Cisco is a perennial front-runner in delivering cutting-edge firewalls for the broadest possible variety of environments. Cisco's Firepower NGFWs Firewalls provide an advanced firewall solution that combines dedicated hardware, cloud services, and next-generation intrusion protection system (NGIPS) to anticipate, identify, and respond to cyber attacks automatically. Progent's Cisco-certified CCIE-certified firewall consultants can help your organization to design and execute an efficient migration to Firepower firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX appliances and help you integrate Firepower firewalls with Cisco's cloud-based services to create and centrally manage network environments that encompass branch offices, data centers, private clouds and public clouds. Progent's firewall consultants can also assist you to maintain and debug legacy Cisco security appliances. Progent's certified network security experts can help you with policy creation based on industry best practices so you can establish a consistent cybersecurity posture that applies to all your networked endpoints at any location.

Cisco's Firepower NGFW Firewall Appliances
Cisco's comprehensive portfolio of Firepower NGFW firewall appliances offers modern security and unified management at prices, speed, and expandability suitable for environments ranging from branch offices and small businesses to major enterprises and Internet service providers. Cisco's Firepower NGFWs Firewalls provide a major performance improvement compared to Cisco's older firewalls and include centralized management and automation of advanced cybersecurity features such as application visibility, next-generation intrusion protection with intelligent prioritization of risks, advanced malware protection (AMP), DDoS mitigation, and multi-node sandboxing.

All Firepower Next-Generation firewalls incorporate a single-pass design and permit continuous analysis and retrospective identification, which makes it possible to provide outbreak management and to pinpoint patient zero. Firepower NGFW firewalls also offer URL Filtering and sandboxing for finding evasive and sandbox-aware malware, IoCs, and malware artifacts. Next-Generation IPS rule tuning and firewall policy are performed automatically, eliminating the need for manual intervention by IT security experts. All Firepower Next-Generation firewalls give you the option of using either Firepower Threat Defense or Adaptive Security Appliance software. Centralized configuration, logging, system monitoring, and reporting functions can be controlled either via Cisco's Management Center or in the cloud with Cisco Defense Orchestrator.

Cisco Firepower 1000 Series NGFW Firewalls
Cisco Firepower Next-Generation 1000 Series Firewalls are targeted at small organizations, telecommuters, or branches. Appliances in this family deliver better price/performance vs. corresponding Cisco ASA 5506-X to ASA 5525-X models, delivering 4-6X higher firewall throughput. Onsite management can be done using Firepower Device Manager. 1000 Series firewalls feature an integrated 10/100/1000 RJ-45 Ethernet interface for management, an RJ-45 console port, a USB port, and 200 Gbytes of storage. High availability is supported along with virtual private network load balancing. For more specs, refer to Cisco Firepower 1000 Series Next-Generation firewalls consulting and management expertise.

Cisco Firepower 2100 Series NGFW Firewalls
Cisco's Firepower 2100 Series NGFW Firewalls are one-rack units designed for operation at the Internet edge or the data center. Devices in this family feature a dual multicore CPU design that allows them to offer 3-6X higher throughput than Cisco ASA 5545-X to ASA 5555-X models they are engineered to succeed. Local management can be done using Cisco Firepower Device Manager. All Firepower 2100 Series Next-Generation Firewalls include 12 RJ45 ports and four SFP interfaces. These firewalls include one integrated 10/100/1000 RJ-45 Ethernet port for network management, an RJ-45 console port, and one USB interface. Active/standby high availability is supported along with virtual private network load balancing. For more details, refer to Cisco Firepower 2100 Series Next-Generation firewalls consulting and management services.

Cisco Firepower 4100 Series NGFW Firewalls
Cisco's Firepower 4100 Series NGFW Firewalls are 1RU rack units intended for deployment at the Internet edge. Devices in this family offer 5-10X higher throughput than the Cisco ASA 5585-X device they are designed to succeed. Local management can be performed using Firepower Device Manager. All Firepower 4100 Series NGFW Firewalls have 8 built-in SFP+ interfaces and all can be expanded with a selection of add-in network modules for up to 24 ports. All Firepower 4100 Series NGFW Firewalls offer VPN load balancing, Active/standby high availability, and clustering of up to six chassis. These devices feature an integrated 1Gb Ethernet port for management, one RJ-45 console port, and one USB 2.0 connection. For more details, see Cisco Firepower 4100 Series NGFW firewalls consulting and troubleshooting services.

Cisco Firepower 9300 Series Next-Generation Firewalls
Cisco's Firepower 9300 Series Next-Generation Firewalls are highly scalable and carrier-grade firewalls. The 3 Rack Units (3RU) chassis of Firepower 9300 Next-Generation Series firewalls can hold two network modules as well as three security modules. Altogether, the 9300 can hold 24 10G SFP+ network interfaces or eight 100 Gigabit Ethernet interfaces. Clustering of up to five 9300 chassis delivers a total 1.2 Tbps of firewall performance. The high-end Cisco Firepower 9300 SM-56 provides 70 Gbps firewall throughput and 27 Gbps IPsec VPN performance. The unit allows 35 million simultaneous sessions, 490K new connections per second, and up to 000 VPN peers.

Firepower Services
Cisco's Firepower Next Generation firewalls accept software or hardware modules that support Firepower Services, which provide layered defense against advanced attacks. Cisco's Firepower Services are based on innovative technology adopted by Cisco from Sourcefire. Key capabilities of Firepower Services include:

• Layered protection against both familiar and zero-day threats
• Cisco's Advanced Malware Protection (AMP) that utilizes big data techniques to find and mitigate intrusions
• Cisco's Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that covers users, infrastructure, apps, and content to discover attacks that use multiple approaches
• High-resolution Application Visibility and Control (AVC that is aware of thousands of apps and can automatically launch both standard and custom IPS policies based on the severity of threats

Smaller deployments of Cisco's Firepower NGFW firewalls can be effectively managed via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility provided with all NGFW firewall versions. ASDM includes an easy-to-use web dashboard for deploying, managing, and troubleshooting Firepower devices and service modules.

For more complex deployments, NGFW firewalls with Firepower Services can be managed using Cisco's Firepower Management Center, available as one or several physical units or virtual devices. Firepower Management Center offers unified firewall management, Application Visibility and Control (AVC, enhanced IPS, URL filtering, and Cisco's Advanced Malware Protection (AMP). Because of ongoing rebranding since Cisco's acquisition of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under various names including Defense Center, FireSIGHT Defense Center, and FireSIGHT Management Center.

Firepower Management Center appliance provides features unavailable with Cisco's on-device ASDM utility. Extra capabilities include greater context awareness, Cisco's Advanced Malware Protection (AMP) with mitigation for user devices, a console that provides dynamic network infrastructure visualization, automated policy optimization driven by risk evaluation of attacks, comprehensive IPS, custom application detectors for Application Visibility and Control, customized health notifications, improved reporting features, and APIs for host input and databases. Hardware-dependent options such as clustering, stacking, switching, routing, VPN, and NAT must be managed via Cisco's on-box ASDM or the Firepower command line interface.

Progent's Migration Consulting Support for Cisco Next Generation Firewalls
Since Cisco has discontinued selling the PIX and ASA 5500 families of firewalls, many businesses are uncomfortable with relying on a critical infrastructure component that may stop being supported by Cisco. Firepower NGFW Series security appliances have the advantage of being new products and also offer important functions and financial advantages in comparison to legacy firewalls. These benefits include substantially higher performance, optional SSL VPN support, and a modular architecture that guards your investment by enabling you to self-install new security services when and if you require them. Progent's Cisco experts can help you to assess the business case for upgrading from PIX 500 or Cisco ASA 5500 firewalls, design a migration process that permits a fast and non-disruptive changeover, help your IT staff to set up new Firepower NGFW Series firewalls, and provide remote training, consulting, and troubleshooting services.

Other Ways Progent Can Support Your Cisco Firewalls
Cisco's Firepower Series security appliances provide an array of configuration, tracking, and troubleshooting features that offer you the ability to set up these firewalls to match your company's requirements. Progent's CCIE authorized network consultants can assist you to configure and support a cost-effective network infrastructure that incorporates Cisco firewalls and that provides advanced protection, fault tolerance, performance, and manageability. Progent's GISA and CISM-certified IS security experts can assist you to create a security strategy appropriate for your situation and can set up your PIX or ASA firewall to enforce your security strategy. Progent's risk evaluation engineers can evaluate the effectiveness of your existing firewall solution and help determine the overall security of your entire IT network. Progent’s Help Desk Call Center can provide urgent remote troubleshooting for Cisco products and can give you fast access to a Cisco CCIE expert.

Progent can provide online or onsite consulting services and is available for occasional expertise to help your organization resolve a challenging technical impasse or Progent offers end-to-end project management and co-management support to make sure your firewall initiative is completed on schedule and on budget.

To learn additional details concerning Progent's engineering expertise for Cisco products, choose a topic:

• Introduction to Progent's Cisco Engineering Services
• Fast and Affordable Remote Assistance from a CCIE Engineer
• ASA 5500-X Series Firewall with Firepower: Consulting and Troubleshooting Services
• ASA 5500 Firewall Integration Support
• Cisco PIX Series Firewall Consulting Help
• Cisco Routers Engineering Services
• Cisco Wireless Deployment Help
• Aironet Wireless APs Deployment Support
• Cisco Small Business WiFi APs Engineering Services
• Cisco WiFi Controllers Integration Consulting
• Cisco Meraki Access Points Deployment Services
• Cisco Unified Communications Manager (CUCM or Unified CM) and CallManager Configuration and Technical Support
• Cisco Voice over IP Phones and IP Video Desktop Phones Consulting Services and Cisco Wireless IP Phone Configuration
• Cisco Jabber and Management Expertise
• Cisco Catalyst Switches Engineering Expertise
• Nexus Switches Configuration and Maintenance Expertise
• Meraki Switches Configuration and Maintenance Services
• Cisco Security and VPN Setup and Troubleshooting Services
• SIP and CUBE Integration Solutions: SIP PSTN Trunks and Cisco CUBE Integration Consulting
• Infrastructure Design for Cisco-based Datacenters
• Data Center Design Services for Service Providers
• Remote Management Strategies for Cisco-powered Environments