Cisco is a long-time front-runner in delivering cutting-edge firewalls for the broadest possible range of deployments. Cisco's Firepower Next Generation Firewalls represent an advanced cybersecurity solution that combines dedicated hardware, cloud services, and machine learning to block, identify, and mitigate cyber attacks automatically. Progent's Cisco-certified CCIE firewall experts can assist your organization to design and execute an efficient upgrade to Cisco Firepower firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX firewalls and show you how to integrate Firepower appliances with Cisco's security services to create and centrally control IT ecosystems that encompass branch offices, data centers, private clouds and public clouds. Progent can also help you to manage and troubleshoot older-generation Cisco firewalls. Progent's certified cybersecurity experts can help you with policy creation based on leading practices in order to establish a consistent and effective cybersecurity profile that applies to all your endpoints anywhere.
Cisco's Firepower Next Generation Firewall Appliances
Cisco's comprehensive portfolio of Firepower Next-Generation firewalls offers modern security and unified management at price points, performance levels, and expandability to fit deployments ranging from home offices and small organizations to global enterprises and Internet service providers. Cisco's Firepower Next Generation Firewalls provide a major performance improvement compared to Cisco's previous-generation security appliances and include unified control of advanced cybersecurity capabilities like application visibility and control (AVC), next-generation intrusion protection (NGIPS) with risk prioritization, advanced malware protection (AMP), URL filtering, and sandboxing.
All Firepower NGFW firewalls have a single-pass design and permit uninterrupted inspection and retrospective identification, which makes it possible to provide outbreak management and to pinpoint patient zero. Firepower NGFW firewalls also offer URL Filtering and subscription-free sandboxing for detecting evasive and sandbox-aware threats, IoCs, and malware artifacts. NGIPS rule tuning and firewall policy creation are performed automatically, requiring no time-consuming intervention by IT security experts. All Firepower NGFW firewalls offer the option of running either Cisco Firepower Threat Defense (FTD) or Adaptive Security Appliance (ASA) software. Unified configuration, logging, monitoring, and reporting capabilities can be controlled either via Management Center or in the cloud with Cisco Defense Orchestrator.
Cisco Firepower 1000 Series Next-Generation Firewalls
Firepower Next-Generation 1000 Series Firewalls are intended for small businesses, telecommuters, or branch offices. Appliances in this family offer better value vs. corresponding Cisco ASA 5506-X to ASA 5525-X models, delivering 4-6X faster firewall throughput. Onsite management can be done with Cisco Firepower Device Manager. 1000 Series firewalls feature an integrated 10M/100M/1GBASE-T RJ-45 Ethernet interface for management, an RJ-45 console port, a USB 3.0 Type-A connection, and 200 GB of storage. Active/active and Active/standby high availability is provided as well as VPN load balancing. For additional specs, refer to Cisco Firepower 1000 Series Next-Generation firewalls consulting and troubleshooting services.
Cisco Firepower 2100 Series Next-Generation Firewalls
Cisco's Firepower 2100 Series NGFW Firewalls are one-rack units designed for use at the Internet edge. Firewalls in this family feature a dual multicore processor architecture that allows them to deliver 3-6X faster throughput than Cisco ASA 5545-X to ASA 5555-X firewalls they are engineered to replace. Onsite management can be performed using Firepower Device Manager. All Firepower 2100 Series NGFW Firewalls include 12 RJ45 interfaces and four SFP ports. These units include one integrated 10M/100M/1GBASE-T Ethernet port for management, an RJ-45 console port, and one USB interface. High availability is supported as well as virtual private network load balancing. For more specs, visit Cisco Firepower 2100 Series NGFW firewalls consulting and troubleshooting services.
Cisco Firepower 4100 Series Next-Generation Firewalls
Cisco's Firepower 4100 Series Next-Generation Firewalls are 1RU rack units designed for use at high-performance data centers. Firewalls in this series deliver 5-10X faster performance than the Cisco ASA 5585-X device they are designed to succeed. Local management can be performed with Firepower Device Manager. All Firepower 4100 Series Next-Generation Firewalls have 8 built-in SFP+ interfaces and all accept a variety of add-in network modules for up to 24 ports. All Firepower 4100 Series NGFW Firewalls offer virtual private network load balancing, Active/standby high availability, and clustering of up to six chassis. These firewalls include an integrated 1Gb Ethernet interface for management, one RJ-45 console interface, and one USB 2.0 connection. For additional specs, visit Cisco Firepower 4100 Series NGFW firewalls consulting and troubleshooting expertise.
Cisco Firepower 9300 Series Next-Generation Firewalls
Cisco's Firepower 9300 Series Next-Generation Firewalls are massively scalable and carrier-grade security appliances. The 3 Rack Units enclosure of Firepower 9300 Next-Generation Series firewalls accepts two add-in network modules as well as three security modules. Fully loaded, the 9300 can support 24 10G Ethernet Enhanced Small Form-Factor Pluggable network interfaces or eight 100G interfaces. Clustering of up to five chassis delivers up to 1.2 Tbps of firewall performance. The top-of-the-line Cisco Firepower 9300 SM-56 provides 70 Gbps firewall throughput and 27 Gbps IPsec VPN throughput. The unit allows 35 million concurrent sessions, 490K new connections per second, and up to 20 VPN peers.
Cisco's Firepower Services
Firepower NGFW firewalls work with either software or hardware modules that enable Firepower Services, which offer layered defense against sophisticated threats. Firepower Services are powered by technology acquired by Cisco from Sourcefire. Key features of Firepower Services include:
- Multi-layer protection against familiar and new threats
- Cisco's Advanced Malware Protection that utilizes big data techniques to find and mitigate intrusions
- A Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that looks at users, network infrastructure, apps, and content to discover threats that use simultaneous vectors
- High-resolution Application Visibility and Control that is aware of thousands of apps and can automatically activate both standard and custom IPS policies depending on the severity of threats
Firepower Services for Next Generation firewalls offer advanced multi-layered security
Smaller implementations of Firepower Next Generation firewalls can be effectively managed via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility included with all firewall versions. ASDM includes an easy-to-use web console for configuring, administering, and debugging NGFW firewalls and modules.
For more complex environments, Cisco's Next Gerneration appliances with Firepower Services can be administered using Cisco's Firepower Management Center, available as one or several physical units or virtual devices. Firepower Management Center provides centralized firewall management, Application Visibility and Control (AVC, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection. Because of frequent rebranding since Cisco's acquisition of Sourcefire Defense Center, Firepower Management Center has been offered under various names including Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.
Cisco Firepower Management Center centralizes event and policy management for Cisco Firepower firewalls
Firepower Management Center appliance provides capabilities unavailable with Cisco's on-box ASDM utility. Extra capabilities include greater context awareness, Advanced Malware Protection (AMP) with remediation for user devices, a console that provides real-time network infrastructure visualization, automated policy tuning driven by impact assessment of attacks, comprehensive IPS, custom application discovery for Application Visibility and Control (AVC), customized health alerts, enhanced reporting options, and APIs for host input and database access. Hardware-dependent features like clustering, stacking, switching, routing, VPN, and NAT must be managed using either Cisco's on-box ASDM or the Firepower CLI.
Progent's Migration Consulting Services for Cisco Next Generation Firewalls
Because Cisco has ceased selling the PIX and ASA 5500 product lines, many businesses are concerned about relying on a key infrastructure component that may stop being supported by Cisco. Firepower Series security appliances have the advantage of being new products and also bring important functions and economic benefits in comparison to legacy firewalls. These benefits include substantially better throughput, optional Secure Sockets Layer VPN support, and a modular architecture that protects your investment by allowing you to add more security features whenever you require them. Progent's Cisco certified experts can help your company to assess the business case for upgrading from PIX 500 or Cisco ASA 5500 firewalls, design a migration plan that permits a fast and non-disruptive changeover, help you to install new Firepower NGFW Series firewalls, and provide online, consulting, and troubleshooting services.
Other Ways Progent Can Support Your Cisco Firewalls
Cisco's Firepower NGFW Series firewalls provide a wealth of setup, tracking, and analysis options which offer you the flexibility to deploy these firewalls to align optimally with your company's requirements. Progent's CCIE authorized network professionals can show you how to design a cost-effective infrastructure that incorporates Cisco firewalls and that provides world-class protection, resilience, throughput, and recoverability. Progent's GISA and CISSP-ISSP-premier IS security experts can help you to develop a security policy that makes sense for your environment and can set up your firewall to enforce your security strategy. Progent's security assessment experts can evaluate the effectiveness of your existing firewall solution and help determine the overall security of your entire information system network. Progentís Technical Response Center can deliver urgent online troubleshooting for Cisco technology and can give you quick access to a Cisco CCIE network engineer.
Progent can provide online or on-premises consulting services and is available for as-needed guidance to help you with a stubborn IT impasse or Progent can provide comprehensive project management and co-management support to ensure your network security initiative is performed on schedule and on budget.
To find out additional details about Progent's engineering support for Cisco networking products, select a topic:
Contact Progent for Cisco Firewall Solutions
To ask Progent about consulting help with Cisco Firepower NGFW firewalls, call 1-800-993-9400 or visit Contact Progent.