Cisco is a long-time front-runner in delivering state-of-the-art firewall appliances for the widest possible variety of environments. Cisco's Firepower Next Generation Firewalls (NGFWs) represent an advanced firewall platform that marshals sophisticed hardware, cloud-based services, and machine learning to block, identify, and mitigate cyber attacks automatically. Progent's Cisco-certified CCIE-certified firewall experts can assist you to design and execute a smooth migration to Firepower Series firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX firewalls and help you enhance Firepower firewalls with Cisco's cloud-based services to create and centrally manage IT environments that span local offices, data centers, and cloud resources. Progent can also help you to maintain and troubleshoot older-generation Cisco security appliances. Progent's certified cybersecurity experts can help you with policy creation and tuning based on leading practices in order to establish a consistent and effective cybersecurity posture that applies to all your networked devices at any location.
Cisco's Firepower Next Generation Firewalls
Cisco's comprehensive family of Firepower Next-Generation firewalls delivers advanced security and unified management at prices, performance levels, and scale to fit deployments spanning telecommuters and small businesses to global enterprises and Internet service providers. Cisco's Firepower Next Generation Firewalls deliver a significant performance boost over Cisco's older security appliances and offer centralized management of modern security features such as application visibility and control (AVC), next-generation intrusion protection with intelligent prioritization of risks, advanced malware protection (AMP), URL filtering, and sandboxing.
All Firepower Next-Generation firewalls incorporate a single-pass design and support continuous inspection and retrospective identification, which allows the firewalls to initiate outbreak controls and to pinpoint patient zero. Firepower NGFW firewalls also offer URL Filtering and sandboxing for detecting elusive malware, behavioral indicators of compromise, and malware artifacts. Next-Generation IPS rule tuning and firewall policy creation can be performed automatically, eliminating the need for manual intervention by IT security specialists. All Firepower NGFW firewalls give you the option of running either Firepower Threat Defense or Cisco Adaptive Security Appliance software. Centralized configuration, logging, system monitoring, and reporting capabilities can be controlled either via Cisco's Management Center or in the cloud with Defense Orchestrator.
Cisco Firepower 1000 Series NGFW Firewalls
Firepower Next-Generation 1000 Series Firewalls are intended for small businesses, telecommuters, or branches. Appliances in this series deliver improved value vs. corresponding Cisco ASA 5506-X to ASA 5525-X firewalls, providing 4-6X faster firewall speed. Local management can be performed using Firepower Device Manager. These appliances include an integrated 10/100/1000 Ethernet port for network management, an RJ-45 console interface, a USB connection, and 200 GB of storage. Active/active and Active/standby high availability is provided along with VPN load balancing. For additional details, see Cisco Firepower 1000 Series NGFW firewalls consulting and troubleshooting services.
Cisco Firepower 2100 Series NGFW Firewalls
Cisco's Firepower 2100 Series NGFW Firewalls are single-rack appliances designed for deployment at the Internet edge or the data center. Appliances in this series feature a dual multicore processor design that allows them to deliver 3-6X higher performance than Cisco ASA 5545-X to ASA 5555-X models they are engineered to succeed. Onsite management can be performed using Firepower Device Manager. All Firepower 2100 Series Next-Generation Firewalls include 12 RJ45 ports and four SFP interfaces. These firewalls include one build-in 10/100/1000 RJ-45 Ethernet port for network management, an RJ-45 console port, and one USB connection. High availability is supported as well as VPN load balancing. For additional specs, refer to Cisco Firepower 2100 Series NGFW firewalls consulting and troubleshooting expertise.
Cisco Firepower 4100 Series NGFW Firewalls
Cisco's Firepower 4100 Series NGFW Firewalls are one-rack units designed for deployment at the Internet edge. Appliances in this series deliver 5-10X higher throughput than the Cisco ASA 5585-X firewall they are designed to replace. Onsite management can be performed with Firepower Device Manager. All Firepower 4100 Series NGFW Firewalls have 8 integrated SFP+ ports and all accept a variety of add-in network modules for up to 24 interfaces. All Firepower 4100 Series Next-Generation Firewalls offer virtual private network load balancing, high availability, and clustering of up to six chassis. These security appliances feature an integrated 1Gb Ethernet interface for management, an RJ-45 console port, and one USB interface. For additional specs, see Cisco Firepower 4100 Series Next-Generation firewalls consulting and management services.
Cisco Firepower 9300 Series NGFW Firewalls
Cisco's Firepower 9300 Series NGFW Firewalls are highly scalable and carrier-grade firewalls. The 3 Rack Units chassis of Firepower 9300 NGFW Series firewalls accepts two network modules as well as three security modules. Fully loaded, the 9300 can support 24 10G Ethernet Enhanced Small Form-Factor Pluggable network interfaces or eight 100 Gigabit Ethernet ports. Intrachassis clustering of up to 5 chassis allows up to 1.2 Tbps of firewall throughput. The top-of-the-line Cisco Firepower 9300 SM-56 provides 70 Gbps firewall performance and 27 Gbps IPsec VPN throughput. The 9300 SM-56 allows 35 million simultaneous sessions, 490K new connections per second, and a maximum of 20K VPN peers.
Cisco's Firepower Services
Cisco's Firepower Series security appliances work with either software or physical modules that support Firepower Services, which provide layered defense against multi-vector attacks. Cisco's Firepower Services are powered by innovative technology acquired by Cisco from Sourcefire. Major capabilities of Firepower Services include:
- Layered defense against both familiar and zero-day threats
- Advanced Malware Protection (AMP) that uses big data techniques to find and remediate security breaches
- A Next-Generation Intrusion Prevention System that provides contextual analysis that covers users, network infrastructure, apps, and content to discover attacks that use multiple approaches
- Fine-grained Application Visibility and Control that is aware of thousands of applications and can automatically launch both standard and customized IPS policies depending on the severity of threats
Firepower Services for NGFW firewalls provide advanced multi-layered threat protection
Simpler implementations of Firepower Next Generation security appliances can be effectively administered using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility which is provided with all firewall versions. ASDM includes a convenient web console for configuring, managing, and debugging Firepower appliances and modules.
For more complex deployments, NGFW appliances with Firepower Services can be administered with Cisco's Firepower Management Center, available as one or several physical units or virtual devices. Firepower Management Center provides unified firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Because of ongoing rebranding after Cisco's purchase of Sourcefire Defense Center, Firepower Management Center has been offered under various names that include Defense Center, FireSIGHT Defense Center, and FireSIGHT Management Center.
Firepower Management Center unifies event and policy control for Cisco Firepower firewalls
Firepower Management Center appliance provides features beyond those available with Cisco's on-device Adaptive Security Device Manager utility. Additional features include expanded context awareness, Cisco's Advanced Malware Protection (AMP) with remediation for user devices, a console that provides real-time network infrastructure visualization, automated policy tuning based on impact assessment of attacks, advanced IPS, custom application detectors for Application Visibility and Control, customized health alerts, improved reporting features, and application interfaces for host input and database access. Hardware-dependent options such as clustering, stacking, switching, routing, VPN, and NAT must be managed using Cisco's on-device ASDM or the Firepower command line interface.
Progent's Migration Support Services for Cisco Next Generation Firewalls
Since Cisco has stopped offering the PIX 500 and ASA 5500 product lines, many businesses are concerned about relying on a key security mechanism that might no longer be supported. Firepower Series firewalls have the advantage of being current products and also bring important technical and financial benefits in comparison to legacy firewalls. These advantages include substantially better throughput, optional SSL tunneling support, and a modular architecture that guards your investment by enabling you to add new security features whenever you need them. Progent's Cisco network engineers can help you to determine the business case for migrating from PIX or ASA 5500 firewalls, create a migration process that permits a fast and non-disruptive changeover, help you to configure new Firepower NGFW Series firewalls, and offer online, consulting, and troubleshooting services.
Other Ways Progent Can Support Your Cisco Firewalls
Cisco Firepower Series security appliances provide an array of setup, tracking, and analysis features that give you the flexibility to deploy these security appliances to align optimally with your company's needs. Progent's CCIE authorized network experts can help you to design a cost-effective infrastructure that incorporates Cisco firewalls and that offers advanced security, resilience, throughput, and recoverability. Progent's GISA and CISSP-ISSP-premier information security consultants can assist your business to develop a security strategy that makes sense for your situation and can configure your PIX or ASA firewall to support your security policies. Progent's risk evaluation engineers can assess the effectiveness of your existing firewall solution and help determine the security of your entire IS environment. Progentís Technical Response Center (TRC) can deliver urgent online troubleshooting for Cisco technology and offer fast access to a Cisco CCIE expert.
Progent can provide remote or onsite support and is available for occasional expertise to help your organization resolve a stubborn technical impasse or Progent can provide comprehensive project management support to ensure your network security initiative is performed on schedule and on budget.
To see more details about Progent's engineering assistance for Cisco products, pick a topic:
Contact Progent for Cisco Firewall Solutions
To ask Progent about consulting help with Cisco Firepower NGFW firewalls, call 1-800-993-9400 or visit Contact Progent.