Cisco is a perennial leader in delivering state-of-the-art firewall appliances for the broadest possible variety of environments. Cisco's Firepower Next Generation Firewall (NGFW) appliances provide a modern firewall platform that combines sophisticed hardware, cloud services, and next-generation intrusion protection system (NGIPS) to block, discover, and mitigate threats automatically. Progent's Cisco-certified CCIE-certified firewall experts can assist your organization to design and execute a smooth migration to Firepower firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX firewalls and show you how to integrate Firepower appliances with Cisco's security services to create and centrally manage IT ecosystems that encompass local offices, data centers, private clouds and public clouds. Progent can also help you to maintain and debug legacy Cisco security appliances. Progent's certified cybersecurity experts can help you with policy creation based on industry best practices in order to build a consistent security posture that applies to all your networked endpoints anywhere.
Cisco's Firepower NGFW Firewalls
Cisco's portfolio of Firepower Next-Generation Firewalls deliver modern security and unified management at price points, performance levels, and scale suitable for environments spanning telecommuters and small businesses to global enterprises and service providers. Cisco's Firepower NGFW appliances provide a major performance boost compared to Cisco's older firewalls and include centralized management of advanced cybersecurity features such as application visibility and control, next-generation intrusion protection with intelligent prioritization of risks, advanced malware protection (AMP), DDoS mitigation, and sandboxing.
All Firepower NGFW firewalls have a one-pass design and support continuous analysis and retrospective identification, which allows the firewalls to provide outbreak controls and to uncover patient zero. Firepower Next-Generation firewalls also have the option of URL Filtering and sandboxing for detecting evasive and sandbox-aware malware, actionable event correlations, and malware artifacts. NGIPS rule tuning and firewall policy creation can be performed automatically, requiring no time-consuming intervention by IT security experts. All Firepower Next-Generation security appliances give you the option of using either Cisco Firepower Threat Defense or Cisco Adaptive Security Appliance software. Unified configuration, logging, monitoring, and reporting capabilities can be managed either via Cisco's Management Center or in the cloud with Defense Orchestrator.
Cisco Firepower 1000 Series NGFW Firewalls
Cisco Firepower NGFW 1000 Series Firewalls are intended for small businesses, home offices, or branches. Appliances in this series deliver better value vs. corresponding Cisco ASA firewalls, providing 4-6X higher firewall throughput. Onsite management can be performed using Cisco Firepower Device Manager. These appliances include an integrated 10M/100M/1GBASE-T Ethernet interface for network management, an RJ-45 console port, a USB connection, and 200 Gbytes of storage. Active/active and Active/standby high availability is supported as well as VPN load balancing.
Cisco's Firepower 1010 model is a desktop, fanless appliance that delivers 890 Mbps throughput, Application Visibility/Control, and NGIPS. The appliance comes with 8 integrated RJ-45 I/O interfaces, two of them with POE+. IPsec VPN performance is 500 Mbps and the device allows 100K concurrent sessions, 6,000 new connections/second, and a maximum of 75 VPN peers. The Firepower 1120 firewall is a 1RU appliance that provides firewall throughput of 2.3 Gbps. The firewall features eight RJ45 built-in I/O interfaces and four SFP ports. IPsec VPN performance is 1.2 Gbps and the unit allows 200K concurrent sessions, 15,000 new connections per second with Application Visibility/Control, and up to 150 VPN peers.
The Firepower 1140 model firewall is a 1RU appliance that offers firewall performance of 3.3 Gbps. The appliance has 8 integrated RJ-45 interfaces and 4 SFP interfaces. IPsec VPN performance is 1.4 Gbps and the firewall allows 400K concurrent sessions, 22K new connections/second with AVC, and as many as 400 VPN peers. The Firepower 1150 model firewall is a 1RU device that delivers firewall performance of 5.3 Gbps. The unit comes with 8 built-in RJ-45 ports, two SFP interfaces, and two 10G SFP+ interfaces. IPsec VPN throughput is 2.4 Gbps and the unit supports 600K simultaneous sessions, 28,000 new connections per second, and a maximum of 800 VPN peers.
Cisco Firepower 2100 Series Next-Generation Firewalls
Cisco's Firepower 2100 Series Next-Generation Firewalls are 1RU units intended for deployment at the data center. Firewalls in this line have a dual multicore CPU architecture that allows them to offer 3-6X higher performance than Cisco ASA models they are designed to succeed. Local management can be performed with Cisco Firepower Device Manager. All Firepower 2100 Series NGFW Firewalls incorporate 12 RJ45 ports and four SFP interfaces. These firewalls include one integrated 10M/100M/1GBASE-T Ethernet port for management, an RJ-45 console port, and one USB port. High availability is supported along with virtual private network load balancing.
Cisco's Firepower 2110 firewall comes with 4 built-in 1 Gigabit SFP Ethernet ports and 100 GB of storage. The 2110 offers 2.6 Gbps firewall performance and 800 Mbps IPsec VPN performance and allows 1 million simultaneous sessions, 18,000 new connections per second, and as many as 1,500 VPN peers. Cisco's Firepower 2120 model firewall comes with 12 built-in 10M/100M/1GBASE-T RJ-45 ports, four built-in 1G SFP Ethernet interface ports, and 100 GB of storage. The 2120 offers 3.4 Gbps firewall performance and 1 Gbps IPsec VPN throughput and allows 1.5 million simultaneous sessions, 28,000 new connections/second and a maximum of 3,500 VPN peers.
Cisco's Firepower 2130 firewall comes with 4 built-in 10 Gigabit SFP+ interfaces and 200 GB of storage. The 2130 also accepts a network module with eight additional ports. The Firepower 2130 offers 5.4 Gbps firewall throughput and 1.9 Gbps IPsec VPN throughput and allows 2 million concurrent sessions, 30,000 new connections per second, and as many as 7,500 VPN peers. Cisco's high-end Firepower 2140 model firewall comes with four built-in 10 Gigabit SFP+ ports and 200 GB of storage. The 2140 also accepts a network module with eight extra ports for a total of 24 Ethernet interfaces. The 2140 model offers 10.4 Gbps firewall throughput and 3.6 1Gbps IPsec VPN performance and allows 3 million concurrent, 57,000 new connections/second, and a maximum of 10,000 VPN peers. Both the 2130 and 2140 appliances feature dual AC or DC power supplies.
Cisco Secure Firewall 3100 Series
Cisco's Secure Firewall 3100 Series models are modular 1RU devices designed for large companies who require performance, high port density, and zero-trust security at the Internet edge, the corporate data center, or a private cloud. For high uptime, all Secure Firewall 3100 Series models support 8-chassis clustering and work in Active/active or Active/standby mode. The appliances can run Cisco's ASA or Firewall Threat Defense software. Built-in I/O for each device includes eight 10M/100M/1GBASE-T ports (RJ-45) and eight 1/10 Gigabit Ethernet interface ports. Plug-in network modules support 1/10/25/40G expansion and all models come with 900 GB of storage as well as an additional storage expansion slot.
Cisco's 3110 Firewall model delivers 18 Gbps firewall performance and 8 Gbps IPsec VPN performance. The 3110 supports two million simultaneous sessions, 64,000 new connections per second, and up to 3,000 VPN peers. Cisco's Secure Firewall 3120 device delivers 22 Gbps firewall performance and 10 Gbps IPsec VPN performance. The 3120 firewall supports 4 million simultaneous sessions, 98K new connections/second, and a maximum of 7,000 VPN peers. Cisco's Secure Firewall 3130 device delivers 42 Gbps firewall performance and up to 14 Gbps IPsec VPN throughput. The 3130 firewall allows 6 million concurrent sessions, 200K new connections/second, and a maximum of 15,000 VPN peers. Cisco's 3140 Firewall appliance delivers 49 Gbps firewall throughput and up to 17 Gbps IPsec VPN throughput. The 3140 firewall supports 10 million simultaneous sessions, 200K new connections/second, and a maximum of 20K VPN peers.
Cisco Firepower 4100 Series NGFW Firewalls
Cisco's Firepower 4100 Series Next-Generation Firewalls are 1RU rack units intended for deployment at the Internet edge. Devices in this line deliver 5-10X faster performance than the Cisco ASA 5585-X device they are engineered to succeed. Local management can be done using Firepower Device Manager. All Firepower 4100 Series NGFW Firewalls include 8 integrated SFP+ ports and all can be expanded with a selection of plug-in network modules for a maximum of 24 ports. All Firepower 4100 Series Next-Generation Firewalls offer VPN load balancing, Active/standby high availability, and clustering of up to six chassis. These firewalls include an integrated 1 Gigabit Ethernet interface for management, one RJ-45 console port, and one USB 2.0 interface.
Cisco's Firepower 4110 firewall features 200 GB of storage and offers 13 Gbps firewall performance and 6 Gbps IPsec VPN throughput. The 4110 supports 10 million concurrent sessions, 64K new connections/second, and a maximum of 10K VPN peers. Cisco's Firepower 4112 firewall comes with 400 GB of storage and delivers 19 Gbps firewall performance and 8.5 Gbps IPsec VPN performance. The 4112 firewall supports 10 million simultaneous sessions, 98K new connections/second, and a maximum of 10,000 VPN peers. Cisco's newer Firepower 4115 device features 400 GB of storage and delivers 27 Gbps firewall performance and 8 Gbps IPsec VPN throughput. The 4115 unit supports 15 million simultaneous sessions, 200K new connections per second, and as many as 15,000 VPN peers. Cisco's Firepower 4120 appliance features 200 GB of storage and offers 22 Gbps firewall throughput and 19 Gbps IPsec VPN performance. The 4120 firewall allows 15 million concurrent sessions, 118K new connections per second, and up to 15,000 VPN peers. Cisco's more recent Firepower 4125 device has 800 GB of storage and delivers 40 Gbps firewall throughput and 14 Gbps IPsec VPN performance. The 4125 firewall supports 25 million concurrent sessions, 265K new connections per second, and a maximum of 20K VPN peers.
Cisco's Firepower 4140 firewall has 400 GB of storage and delivers 32 Gbps firewall performance and 13 Gbps IPsec VPN performance. The 4140 firewall supports 25 million concurrent sessions, 172K new connections/second, and a maximum of 20K VPN peers. Cisco's more recent Firepower 4145 device includes 800 GB of storage and offers 53 Gbps firewall throughput and 18 Gbps IPsec VPN performance. The 4145 unit supports 30 million simultaneous sessions, 350K new connections per second, and as many as 20K VPN peers. Cisco's Firepower 4150 firewall has 400 GB of storage and offers 45 Gbps firewall throughput and 14 Gbps IPsec VPN performance. The 4150 firewall supports 30 million simultaneous sessions, 263K new connections/second, and a maximum of 20K VPN peers.
Cisco Secure Firewall 4200 Series
Cisco's Secure Firewall 4200 Series devices are expandable 1RU firewalls designed for use at enterprise campuses and data centers that need best-in-class throughput, manageability, and scale. Cisco's Secure Firewall 4200 Series appliances deliver more than double the throughput of prior generation firewalls and offer high port density. As many as 8 chassis can be clustered for fault tolerance and scale. Crypto accelerator enables traffic decryption in real time, and zero trust application access can provide deep threat inspection for applications. 4200 Series firewalls can be managed by the Firewall Management Center or in the cloud with Cisco Defense Orchestrator. Each 4200 device includes 8x 1/10/25 Gigabit Ethernet (SFP28) on-chassis ports and has two interface module slots for rapid upscaling. Up to 24 total Ethernet connections are possible. Each firewall device includes 1.8 TB x 2 storage.
Cisco's Secure Firewall 4215 model is intended for large enterprise campuses with high growth expectations. The 4215 delivers 90 Gbps firewall stateful inspection throughput and 50 Gbps IPsec VPN performance. The Secure Firewall 4215 supports 15 million simultaneous firewall connections, 1.4 M new connections each second, and up to 20,000 VPN peers. The Secure Firewall 4225 device is designed for large enterprise data centers. The device offers 95 Gbps firewall throughput and 60 Gbps max IPsec VPN throughput. Cisco's 4225 firewall allows 30 million concurrent firewall connections, 1.7 M new connections each second, and as many as 25,000 VPN peers. The Secure Firewall 4245 device is designed for service providers who support a very high volume of traffic. Cisco's 4245 delivers 180 Gbps firewall throughput and 70 Gbps IPsec VPN throughput. The 4245 allows 60 million simultaneous firewall connections, 2.0 M new connections per second, and up to 30,000 VPN peers.
Cisco Firepower 9300 Series Next-Generation Firewalls
Cisco's Firepower 9300 Series NGFW Firewalls are highly scalable and ultra-high performing firewalls. The 3RU chassis of Firepower 9300 NGFW Series firewalls can hold two add-in network modules as well as three security modules. Altogether, the Firepower 9300 can hold 24 10-Gigabit Ethernet Enhanced Small Form-Factor Pluggable network interfaces or eight 100 Gigabit Ethernet connections. Clustering of up to 5 chassis allows up to 1.2 Tbps of firewall performance. The high-end Cisco Firepower 9300 SM-56 delivers 70 Gbps firewall performance and 27 Gbps IPsec VPN throughput. The unit allows 35 million simultaneous sessions, 490K new connections per second, and a maximum of 20,000 VPN peers.
Cisco's Firepower Services
Cisco's Firepower NGFW security appliances accept software or physical modules that enable Cisco's Firepower Services, which offer layered protection against multi-vector attacks. Firepower Services are based on technology acquired by Cisco from Sourcefire. Major capabilities of Firepower Services include:
- Layered protection against familiar and zero-day threats
- Advanced Malware Protection that utilizes big data techniques to find and mitigate intrusions
- Cisco's Next-Generation Intrusion Prevention System that provides contextual analysis that looks at users, infrastructure, apps, and content to detect attacks that incorporate multiple vectors
- Fine-grained Application Visibility and Control that is aware of thousands of apps and can automatically launch both standard and custom IPS policies depending on the degree of threats
Firepower Services for NGFW firewalls provide advanced multi-layered security
Smaller deployments of Firepower Series security appliances can be effectively administered via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based utility provided with all firewall models. ASDM provides a simple web console for deploying, administering, and debugging Firepower appliances and modules.
For more complex environments, Cisco's Next Gerneration firewalls with Firepower Services can be managed using Firepower Management Center, available as one or more physical or virtual devices. Cisco's Firepower Management Center provides unified firewall management, Application Visibility and Control, enhanced IPS, URL filtering, and Advanced Malware Protection. Due to ongoing rebranding after Cisco's acquisition of Sourcefire Defense Center, Cisco's Firepower Management Center has been delivered under various names that include Cisco Defense Center, FireSIGHT Defense Center, and Cisco Firesight Management Center.
Cisco Firepower Management Center unifies event and policy management for Firepower firewalls
Cisco's Firepower Management Center appliance offers capabilities unavailable with Cisco's on-box Adaptive Security Device Manager tool. Extra features include greater context awareness, Advanced Malware Protection with mitigation for client devices, a console that provides dynamic network infrastructure visualization, automated policy optimization based on impact evaluation of threats, comprehensive IPS, custom application discovery for Application Visibility and Control, customized health alerts, enhanced reporting options, and APIs for host input and databases. Hardware-dependent features such as clustering, stacking, switching, routing, VPN, and NAT must be managed using the on-box ASDM or the Firepower CLI.
Progent's Migration Consulting Services for Cisco Firepower Firewalls
Since Cisco has ceased selling the PIX and ASA 5500 product lines, many companies are concerned about depending on a key infrastructure component that might stop being supported. Firepower NGFW Series security appliances have the advantage of being current devices and also bring multiple functions and economic advantages in comparison to legacy devices. These benefits include significantly higher throughput, optional SSL tunneling support, and an expandable design that protects your investment by enabling you to self-install new security features when and if you need them. Progent's CCIE-certified network engineers can assist you to determine the business case for moving from PIX or Cisco ASA 5500 firewalls, create a migration plan that permits a quick and seamless upgrade, help you to install new Firepower NGFW Series appliances, and offer remote training, consulting, and troubleshooting services.
Additional Ways Progent Can Support Your Cisco Firewalls
Cisco's Firepower Next-Generation Series firewalls incorporate an array of setup, tracking, and troubleshooting options that offer you the ability to configure these security appliances to align optimally with your company's needs. Progent's CCIE authorized network experts can assist you to design a cost-effective infrastructure that includes Cisco firewalls and that offers world-class security, fault tolerance, performance, and recoverability. Progent's GISA and CISM-premier information security engineers can assist you to develop a security policy that makes sense for your situation and can set up your security appliance to enforce your security strategy. Progent's risk assessment experts can assess the effectiveness of your existing firewall deployment and audit the security of your entire IS network. Progent's Technical Response Center (TRC) can provide urgent online troubleshooting for Cisco technology and can give you quick access to a Cisco expert.
Progent can provide online or onsite consulting services and can deliver as-needed expertise to help you with a challenging technical bottleneck or Progent offers comprehensive project management services to ensure your firewall initiative is completed on schedule and on budget.
For more details about Progent's consulting expertise for Cisco solutions, select a topic:
Contact Progent for Cisco Firewall Solutions
To ask Progent about consulting help with Cisco Firepower NGFW firewalls, call 1-800-993-9400 or visit Contact Progent.