Cisco is a perennial leader in delivering cutting-edge firewall appliances for the widest possible range of deployments. Cisco's Firepower NGFWs Firewalls provide an advanced cybersecurity platform that combines sophisticed hardware, cloud services, and machine learning to anticipate, discover, and mitigate cyber attacks without manual intervention. Progent's Cisco-certified CCIE firewall consultants can help your organization to design and execute an efficient migration to Cisco Firepower Series firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX firewalls and help you enhance Firepower appliances with Cisco's subscription-based security services to build and centrally manage IT ecosystems that encompass local offices, data centers, and cloud resources. Progent can also assist you to maintain and debug older-generation Cisco security appliances. Progent's certified cybersecurity consultants can assist you with policy creation and tuning driven by industry best practices in order to establish a consistent and effective cybersecurity posture across all your endpoints at any location.
Cisco's Firepower NGFW Firewall Appliances
Cisco's extensive portfolio of Firepower NGFW firewall appliances offers advanced security and unified control at prices, performance levels, and scale to fit environments ranging from branch offices and small organizations to major enterprises and Internet service providers. Cisco's Firepower Next Generation Firewalls provide a major performance boost over Cisco's older security appliances and offer centralized management and automation of modern security features such as application visibility and control, next-generation intrusion protection with intelligent prioritization of risks, advanced malware protection (AMP), URL filtering, and multi-node sandboxing.
All Firepower NGFW firewalls have a single-pass design and support uninterrupted inspection and retrospective identification, which makes it possible to initiate outbreak controls and to pinpoint root causes. Firepower NGFW firewalls also offer URL Filtering and sandboxing for detecting evasive and sandbox-aware threats, IoCs, and malware artifacts. Next-Generation IPS rule tuning and firewall policy are performed automatically, requiring no time-consuming intervention by IT security experts. All Firepower NGFW firewalls offer the choice of using either Firepower Threat Defense (FTD) or Adaptive Security Appliance software. Centralized deployment, logging, system monitoring, and reporting functions can be managed either via Management Center or in the cloud with Cisco Defense Orchestrator.
Cisco Firepower 1000 Series Next-Generation Firewalls
Cisco Firepower NGFW 1000 Series Firewalls are targeted at small organizations, telecommuters, or branches. Devices in this series offer improved price/performance vs. comparable Cisco ASA 5506-X to ASA 5525-X firewalls, providing 4-6X faster firewall throughput. Onsite management can be done with Firepower Device Manager. These firewalls feature a built-in 10M/100M/1GBASE-T Ethernet port for network management, an RJ-45 console port, a USB 3.0 Type-A interface, and 200 Gbytes of storage. Active/active and Active/standby high availability is supported as well as VPN load balancing. For more specs, see Cisco Firepower 1000 Series NGFW firewalls consulting and management expertise.
Cisco Firepower 2100 Series Next-Generation Firewalls
Cisco's Firepower 2100 Series NGFW Firewalls are 1RU appliances intended for deployment at the Internet edge or the data center. Appliances in this line have a dual multicore processor architecture that allows them to offer 3-6X higher throughput than Cisco ASA 5545-X to ASA 5555-X firewalls they are engineered to replace. Local management can be done with Firepower Device Manager. All Firepower 2100 Series Next-Generation Firewalls incorporate 12 RJ45 ports and four SFP ports. These appliances include one integrated 10M/100M/1GBASE-T RJ-45 Ethernet port for network management, an RJ-45 console interface, and one USB 2.0 Type-A interface. High availability is supported along with VPN load balancing. For additional details, refer to Cisco Firepower 2100 Series NGFW firewalls consulting and management expertise.
Cisco Firepower 4100 Series Next-Generation Firewalls
Cisco's Firepower 4100 Series Next-Generation Firewalls are single-rack units designed for use at high-performance data centers. Devices in this series deliver 5-10X faster performance than the Cisco ASA 5585-X firewall they are engineered to replace. Onsite management can be done with Cisco Firepower Device Manager. All Firepower 4100 Series NGFW Firewalls have 8 integrated SFP+ interfaces and all can be expanded with a selection of plug-in network modules for up to 24 interfaces. All Firepower 4100 Series Next-Generation Firewalls support virtual private network load balancing, high availability, and clustering of up to six chassis. These devices include a built-in 1Gb Ethernet interface for management, one RJ-45 console interface, and one USB 2.0 port. For additional details, refer to Cisco Firepower 4100 Series Next-Generation firewalls consulting and troubleshooting expertise.
Cisco Firepower 9300 Series NGFW Firewalls
Cisco's Firepower 9300 Series Next-Generation Firewalls are massively scalable and carrier-grade firewalls. The 3 Rack Units chassis of Firepower 9300 Next-Generation Series firewalls can hold two network modules as well as three security modules. Fully loaded, the Firepower 9300 can support 24 10G Ethernet Enhanced Small Form-Factor Pluggable interfaces or eight 100G interfaces. Intrachassis clustering of up to 5 9300 chassis delivers a total 1.2 Tbps of firewall performance. The top-of-the-line Cisco Firepower 9300 SM-56 provides 70 Gbps firewall performance and 27 Gbps IPsec VPN throughput. The 9300 SM-56 allows 35 million simultaneous sessions, 490K new connections per second, and up to 000 VPN peers.
Cisco's Firepower Services
Cisco's Firepower NGFW security appliances work with either software or hardware modules that support Firepower Services, which provide layered defense against multi-vector threats. Cisco's Firepower Services are powered by technology acquired by Cisco from Sourcefire. Major features of Firepower Services include:
- Layered protection against both familiar and new attacks
- Advanced Malware Protection (AMP) that utilizes big data to discover and mitigate intrusions
- Cisco's Next-Generation Intrusion Prevention System (NGIPS) that provides contextual analysis that covers clients, infrastructure, software applications, and content to discover attacks that use multiple vectors
- Fine-grained Application Visibility and Control (AVC that is aware of thousands of apps and can automatically activate standard and custom IPS policies depending on the severity of threats
Firepower Services for Next Generation firewalls provide advanced multi-layered threat protection
Simpler deployments of Cisco's Firepower Series firewalls can be effectively administered via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based tool provided with all firewall versions. ASDM includes a convenient web console for configuring, administering, and debugging NGFW devices and service modules.
For multi-device and multi-site deployments, Cisco's Next Gerneration appliances with Firepower Services can be administered using Firepower Management Center, implemented as one or more physical or virtual devices. Cisco's Firepower Management Center provides unified firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Advanced Malware Protection. Due to ongoing rebranding since Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been delivered under several names including Defense Center, Cisco Firesight Defense Center, and Cisco Firesight Management Center.
Cisco Firepower Management Center unifies event and policy management for Cisco Firepower firewall appliances
Firepower Management Center appliance provides capabilities beyond those available with Cisco's on-box ASDM utility. Additional features include greater context awareness, Cisco's Advanced Malware Protection with remediation for client devices, a console that provides dynamic infrastructure visualization, automated policy tuning based on impact assessment of attacks, comprehensive IPS, custom app discovery for Application Visibility and Control (AVC), customized health notifications, enhanced reporting options, and application interfaces for host input and databases. Hardware-dependent capabilities such as clustering, stacking, switching, routing, VPN, and NAT must be handled using either Cisco's on-device ASDM or the Firepower command line interface.
Progent's Migration Support Services for Cisco Next Generation Firewalls
Since Cisco has ceased selling the PIX and ASA 5500 families of firewalls, many businesses are concerned about depending on a key security mechanism that might stop being supported. Firepower NGFW Series security appliances offer the advantage of being new products and also offer multiple functions and budgetary benefits in comparison to legacy devices. These benefits include substantially higher performance, optional SSL tunneling capability, and an expandable design that guards your investment by allowing you to add new security services whenever you need them. Progent's Cisco certified network engineers can help you to determine the business value of for moving from PIX or Cisco ASA 5500 firewalls, design a migration plan that permits a quick and seamless changeover, assist your IT staff to configure new Firepower NGFW Series appliances, and offer online, consulting, and technical support services.
Other Ways Progent Can Support Your Cisco Firewalls
Cisco Firepower NGFW Series firewalls provide a wealth of configuration, tracking, and analysis options that offer you the ability to set up these firewalls to align optimally with your business needs. Progent's CCIE certified network experts can show you how to configure and support a cost-effective infrastructure that includes Cisco security appliances and that offers advanced security, resilience, performance, and recoverability. Progent's GISA and CISM-premier information security experts can help your business to develop a security policy that makes sense for your environment and can set up your firewall to support your security strategy. Progent's risk evaluation professionals can evaluate the strength of your existing firewall solution and audit the overall security of your entire IT environment. Progentís Technical Response Center (TRC) can deliver emergency remote technical support for Cisco products and offer quick access to a Cisco CCIE network engineer.
Progent can provide online or onsite support and can deliver as-needed guidance to help you resolve a challenging IT bottleneck or Progent can provide comprehensive project management services to ensure your firewall initiative is completed on schedule and on budget.
To find out additional details concerning Progent's consulting support for Cisco solutions, pick a topic:
Contact Progent for Cisco Firewall Solutions
To ask Progent about consulting help with Cisco Firepower NGFW firewalls, call 1-800-993-9400 or visit Contact Progent.