Cisco is a long-time front-runner in developing state-of-the-art firewall appliances for the broadest possible range of deployments. Cisco's Firepower Next Generation Firewall (NGFW) appliances represent a modern firewall solution that marshals dedicated hardware, cloud services, and machine learning to block, discover, and respond to cyber attacks automatically. Progent's Cisco-certified CCIE firewall experts can assist your organization to plan and execute a smooth migration to Cisco Firepower Series firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX appliances and show you how to integrate Firepower firewalls with Cisco's security services to build and centrally control network environments that span local offices, data centers, and cloud resources. Progent can also assist you to manage and troubleshoot legacy Cisco firewalls. Progent's certified cybersecurity consultants can help you with policy creation and tuning based on leading practices so you can build a consistent and effective security posture that applies to all your endpoints anywhere.
Cisco's Firepower Next Generation Firewalls
Cisco's portfolio of Firepower Next-Generation Firewalls deliver modern security and unified control at prices, speed, and expandability to fit environments ranging from home offices and small organizations to global enterprises and Internet service providers. Cisco's Firepower NGFW devices deliver a major performance boost compared to Cisco's previous-generation firewalls and include unified control of advanced cybersecurity capabilities like application visibility and control, next-generation intrusion protection (NGIPS) with risk prioritization, advanced malware protection, DDoS mitigation, and multi-node sandboxing.
All Firepower Next-Generation firewalls have a single-pass design and permit uninterrupted inspection and retrospective identification, which allows the firewalls to initiate outbreak controls and to uncover root causes. Firepower NGFW firewalls also offer URL Filtering and subscription-free sandboxing for finding evasive and sandbox-aware malware, behavioral indicators of compromise, and malware artifacts. Next-Generation IPS rule tuning and network firewall policy are automated, requiring no time-consuming intervention by IT security specialists. All Firepower Next-Generation security appliances give you the option of using either Cisco Firepower Threat Defense or Cisco Adaptive Security Appliance (ASA) software. Centralized configuration, logging, monitoring, and reporting functions can be controlled either via Cisco's Management Center or in the cloud with Defense Orchestrator.
Cisco Firepower 1000 Series NGFW Firewalls
Cisco Firepower Next-Generation 1000 Series Firewalls are intended for small businesses, home offices, or branch offices. Firewalls in this series offer better value vs. corresponding Cisco ASA models, providing 4-6X higher firewall throughput. Local management can be performed using Cisco Firepower Device Manager. 1000 Series firewalls include a built-in 10/100/1000 Ethernet interface for network management, an RJ-45 console port, a USB port, and 200 GB of storage. High availability is supported along with VPN load balancing.
Cisco's Firepower 1010 firewall is a desktop or wall-mount, fanless appliance that offers 890 Mbps throughput, Application Visibility/Control (AVC), and NGIPS. The unit includes 8 integrated RJ-45 I/O ports, two of them with POE+. IPsec VPN performance is 500 Mbps and the device allows 100K simultaneous sessions, 6,000 new connections/second, and up to 75 VPN peers. The Firepower 1120 firewall is a 1RU rack device that provides firewall performance of 2.3 Gbps. The firewall includes 8 RJ45 built-in I/O interfaces and four SFP interface ports. IPsec VPN performance is 1.2 Gbps and the device allows 200K concurrent sessions, 15,000 new connections per second with Application Visibility/Control (AVC), and a maximum of 150 VPN peers.
The Firepower 1140 model firewall is a 1RU device that delivers firewall throughput of 3.3 Gbps. The firewall features 8 integrated RJ-45 interfaces and 4 SFP ports. IPsec VPN throughput is 1.4 Gbps and the appliance allows 400K simultaneous sessions, 22K new connections per second with Application Visibility/Control, and up to 400 VPN peers. The Firepower 1150 model firewall is a 1RU device that delivers firewall performance of 5.3 Gbps. The appliance has 8 integrated RJ-45 ports, two SFP interfaces, and two 10G SFP+ interfaces. IPsec VPN throughput is 2.4 Gbps and the firewall can handle 600K simultaneous sessions, 28,000 new connections/second, and as many as 800 VPN peers.
Cisco Firepower 2100 Series NGFW Firewalls
Cisco's Firepower 2100 Series NGFW Firewalls are one-rack appliances intended for use at the Internet edge or the data center. Devices in this line have a dual multicore CPU design that allows them to deliver 3-6X higher performance than Cisco ASA models they are designed to replace. Onsite management can be performed using Firepower Device Manager. All Firepower 2100 Series Next-Generation Firewalls include 12 RJ45 ports and four SFP interfaces. These firewalls include one integrated 10M/100M/1GBASE-T Ethernet port for network management, an RJ-45 console port, and one USB interface. High availability is supported along with virtual private network load balancing.
Cisco's Firepower 2110 firewall has 4 integrated 1 Gb SFP Ethernet ports and 100 GB of storage. The 2110 delivers 2.6 Gbps firewall throughput and 800 Mbps IPsec VPN throughput and allows 1 million concurrent sessions, 18,000 new connections per second, and as many as 1,500 VPN peers. Cisco's Firepower 2120 model firewall has 12 integrated 10M/100M/1GBASE-T RJ-45 interface ports, four integrated 1G SFP Ethernet interface ports, and 100 GB of storage. The 2120 delivers 3.4 Gbps firewall performance and 1 Gbps IPsec VPN throughput and allows 1.5 million concurrent sessions, 28,000 new connections/second and as many as 3,500 VPN peers.
Cisco's Firepower 2130 firewall has four built-in 10 G SFP+ interfaces and 200 GB of storage. The unit also scales via a network module with eight extra interface ports. The Firepower 2130 delivers 5.4 Gbps firewall performance and 1.9 Gbps IPsec VPN throughput and allows 2 million simultaneous sessions, 30,000 new connections/second, and as many as 7,500 VPN peers. Cisco's top-of-the-line Firepower 2140 firewall features 4 integrated 10 Gigabit SFP+ interface ports and 200 GB of storage. The 2140 also scales via a network module with 8 extra interfaces for a total of 24 Ethernet interfaces. The 2140 delivers 10.4 Gbps firewall performance and 3.6 1Gbps IPsec VPN throughput and supports three million simultaneous, 57,000 new connections per second, and up to 10,000 VPN peers. Both the 2130 and 2140 appliances have the option of dual AC or DC power supplies.
Cisco 3100 Firewall Series
Cisco's 3100 Firewall Series models are modular 1RU rack units intended for large companies who require performance, high port count, and zero-trust cybersecurity at the Internet edge, the data center, or a private cloud. For maximum uptime, all Secure Firewall 3100 Series appliances support 8-chassis clustering and work in either Active/active or Active/standby mode. The units can run Cisco's ASA or Firewall Threat Defense software. Built-in I/O for each model includes eight 10M/100M/1GBASE-T Ethernet interfaces (RJ-45) and eight 1/10 Gigabit (SFP) Ethernet ports. Plug-in network modules offer 1/10/25/40G expansion and all versions come with 900 GB of storage as well as an additional storage slot.
Cisco's Secure Firewall 3110 device delivers 18 Gbps firewall throughput and 8 Gbps IPsec VPN performance. The 3110 allows two million simultaneous sessions, 64,000 new connections per second, and as many as 3,000 VPN peers. Cisco's Secure Firewall 3120 model offers 22 Gbps firewall performance and up to 10 Gbps IPsec VPN throughput. The 3120 allows 4 million concurrent sessions, 98K new connections per second, and as many as 7,000 VPN peers. Cisco's Secure Firewall 3130 model offers 42 Gbps firewall throughput and up to 14 Gbps IPsec VPN performance. The 3130 allows 6 million concurrent sessions, 200K new connections/second, and a maximum of 15,000 VPN peers. Cisco's 3140 Firewall model delivers 49 Gbps firewall performance and 17 Gbps IPsec VPN throughput. The 3140 allows 10 million concurrent sessions, 200K new connections per second, and as many as 20K VPN peers.
Cisco Firepower 4100 Series Next-Generation Firewalls
Cisco's Firepower 4100 Series NGFW Firewalls are single-rack appliances intended for operation at the Internet edge or high-performance data centers. Devices in this line offer 5-10X higher throughput than the Cisco ASA 5585-X device they are engineered to replace. Onsite management can be done using Cisco Firepower Device Manager. All Firepower 4100 Series NGFW Firewalls have 8 built-in SFP+ interfaces and all accept a selection of add-in network modules for up to 24 ports. All Firepower 4100 Series NGFW Firewalls offer virtual private network load balancing, high availability, and clustering of up to six chassis. These firewalls feature a built-in 1Gb Ethernet port for management, one RJ-45 console port, and one USB connection.
The Firepower 4110 model firewall includes 200 GB of storage and offers 13 Gbps firewall performance and 6 Gbps IPsec VPN performance. The 4110 model allows 10 million concurrent sessions, 64K new connections per second, and a maximum of 10K VPN peers. Cisco's Firepower 4112 firewall has 400 GB of storage and offers 19 Gbps firewall throughput and 8.5 Gbps IPsec VPN throughput. The 4112 appliance supports 10 million simultaneous sessions, 98K new connections per second, and up to 10,000 VPN peers. Cisco's more recent Firepower 4115 model firewall has 400 GB of storage and delivers 27 Gbps firewall throughput and 8 Gbps IPsec VPN throughput. The 4115 unit allows 15 million simultaneous sessions, 200K new connections per second, and a maximum of 15,000 VPN peers. Cisco's Firepower 4120 device features 200 GB of storage and delivers 22 Gbps firewall throughput and 19 Gbps IPsec VPN throughput. The 4120 unit allows 15 million simultaneous sessions, 118K new connections per second, and a maximum of 15,000 VPN peers. Cisco's more recent Firepower 4125 model features 800 GB of storage and offers 40 Gbps firewall throughput and 14 Gbps IPsec VPN throughput. The 4125 firewall allows 25 million concurrent sessions, 265K new connections per second, and up to 20K VPN peers.
The Firepower 4140 model firewall has 400 GB of storage and delivers 32 Gbps firewall throughput and 13 Gbps IPsec VPN performance. The 4140 firewall supports 25 million concurrent sessions, 172K new connections per second, and a maximum of 20K VPN peers. Cisco's newer Firepower 4145 model features 800 GB of storage and delivers 53 Gbps firewall throughput and 18 Gbps IPsec VPN throughput. The 4145 firewall supports 30 million simultaneous sessions, 350K new connections/second, and up to 20K VPN peers. Cisco's Firepower 4150 firewall has 400 GB of storage and delivers 45 Gbps firewall performance and 14 Gbps IPsec VPN throughput. The 4150 firewall supports 30 million concurrent sessions, 263K new connections per second, and a maximum of 20K VPN peers.
Cisco Firepower 9300 Series NGFW Firewalls
Cisco's Firepower 9300 Series NGFW Firewalls are highly scalable and carrier-grade security appliances. The 3RU enclosure of Firepower 9300 Next-Generation Series firewalls can hold two network modules as well as three security modules. Fully loaded, the 9300 can support 24 10-Gigabit Ethernet Enhanced Small Form-Factor Pluggable network interfaces or eight 100G connections. Clustering of up to 5 9300 chassis allows a total 1.2 Tbps of firewall performance. The top-of-the-line Cisco Firepower 9300 SM-56 delivers 70 Gbps firewall performance and 27 Gbps IPsec VPN throughput. The unit allows 35 million concurrent sessions, 490K new connections per second, and a maximum of 20,000 VPN peers.
Cisco's Firepower Series firewalls accept software or hardware modules that support Firepower Services, which provide layered protection against multi-vector threats. Cisco's Firepower Services are powered by innovative technology adopted by Cisco from Sourcefire. Major features of Firepower Services include:
Simpler deployments of Firepower Series security appliances can be efficiently managed via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web tool included with all NGFW firewall versions. ASDM includes a convenient web console for deploying, managing, and debugging Firepower firewalls and service modules.
For multi-device and multi-site environments, NGFW appliances with Firepower Services can be administered with Cisco's Firepower Management Center, available as one or more physical or virtual devices. Firepower Management Center offers centralized firewall management, Application Visibility and Control, enhanced IPS, URL filtering, and Cisco's Advanced Malware Protection (AMP). Because of frequent rebranding after Cisco's acquisition of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under various names including Cisco Defense Center, FireSIGHT Defense Center, and FireSIGHT Management Center.
Cisco's Firepower Management Center appliance provides capabilities beyond those available with Cisco's on-device ASDM tool. Additional features include expanded context awareness, Cisco's Advanced Malware Protection with mitigation for user devices, a dashboard that offers real-time infrastructure visualization, automated policy optimization based on impact assessment of threats, advanced IPS, custom app detectors for Application Visibility and Control (AVC), customized health alerts, enhanced reporting options, and APIs for host input and databases. Hardware-dependent features like clustering, stacking, switching, routing, VPN, and NAT must be managed using Cisco's on-device ASDM or the Firepower command line interface.
Progent's Migration Consulting for Cisco Firepower Firewalls
Because Cisco has stopped selling the PIX 500 and ASA 5500 product lines, many businesses are uncomfortable with depending on a critical infrastructure component that may no longer be supported. Firepower Series security appliances offer the benefit of being current devices and also bring multiple technical and budgetary advantages in comparison to legacy devices. These benefits include substantially higher performance, optional SSL tunneling support, and a modular design that protects your investment by enabling you to self-install new security services when and if you require them. Progent's Cisco certified experts can assist your company to assess the strategic value of for upgrading from PIX 500 or Cisco ASA 5500 firewalls, design a migration plan that permits a quick and seamless upgrade, help your IT staff to deploy new Firepower NGFW Series firewalls, and provide online, consulting, and technical support services.
Other Ways Progent Can Support Your Cisco Firewalls
Cisco Firepower NGFW Series security appliances incorporate an array of setup, tracking, and analysis options which give you the ability to set up these security appliances to match your business requirements. Progent's CCIE authorized network experts can help you to build a cost-effective infrastructure that incorporates Cisco security appliances and that provides advanced security, fault tolerance, performance, and recoverability. Progent's GISA and CISSP-ISSP-certified information security professionals can assist you to create a security policy that makes sense for your situation and can set up your firewall to enforce your security policies. Progent's security assessment engineers can assess the effectiveness of your existing firewall deployment and validate the security of your whole IS network. Progent's Help Desk support team can provide urgent remote troubleshooting for Cisco products and offer quick access to a Cisco network engineer.
Progent offers remote or on-premises consulting services and can deliver occasional expertise to help you resolve a challenging IT impasse or Progent can provide comprehensive project management and co-management support to make sure your network security initiative is completed on schedule and within budget.
To see additional information concerning Progent's engineering expertise for Cisco solutions, select a subject: