Cisco Network Consultants

Cisco is a perennial front-runner in developing state-of-the-art firewall appliances for the broadest possible variety of environments. Cisco's Firepower Next Generation Firewalls (NGFWs) represent a modern cybersecurity solution that marshals dedicated hardware, cloud-based services, and machine learning to anticipate, discover, and respond to threats without manual intervention. Progent's Cisco-certified CCIE-certified firewall experts can help you to design and carry out an efficient upgrade to Firepower firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX firewalls and show you how to integrate Firepower firewalls with Cisco's subscription-based security services to create and centrally manage IT environments that encompass local offices, data centers, private clouds and public clouds. Progent's firewall consultants can also help you to maintain and debug legacy Cisco security appliances. Progent's certified cybersecurity consultants can help you with policy creation and tuning driven by industry best practices in order to establish a consistent security profile that applies to all your endpoints at any location.

Cisco's Firepower Next Generation Firewall Appliances
Cisco's comprehensive family of Firepower Next-Generation firewalls delivers advanced security and centralized management at price points, speed, and scale suitable for deployments spanning telecommuters and small businesses to major enterprises and Internet service providers. Cisco's Firepower NGFWs Firewalls provide a significant performance boost over Cisco's older security appliances and offer centralized management and automation of modern cybersecurity capabilities such as application visibility and control, next-generation intrusion protection with risk prioritization, advanced malware protection, URL filtering, and sandboxing.

All Firepower NGFW firewalls have a one-pass architecture and support continuous inspection and retrospective detection, which allows the firewalls to provide outbreak management and to pinpoint root causes. Firepower NGFW firewalls also offer URL Filtering and subscription-free sandboxing for finding elusive threats, actionable event correlations, and malware artifacts. Next-Generation IPS rule tuning and network firewall policy can be performed automatically, requiring no time-consuming intervention by IT security specialists. All Firepower Next-Generation security appliances offer the option of using either Firepower Threat Defense (FTD) or Cisco Adaptive Security Appliance (ASA) software. Unified configuration, logging, system monitoring, and reporting capabilities can be controlled either by Management Center or in the cloud with Defense Orchestrator.

Cisco Firepower 1000 Series NGFW Firewalls
Cisco Firepower NGFW 1000 Series Firewalls are targeted at small businesses, home offices, or branch offices. Devices in this family offer better price/performance vs. comparable Cisco ASA 5506-X to ASA 5525-X firewalls, providing 4-6X faster firewall throughput. Local management can be performed with Firepower Device Manager. These appliances include a built-in 10/100/1000 Ethernet interface for network management, an RJ-45 console port, a USB 3.0 Type-A connection, and 200 Gbytes of storage. Active/active and Active/standby high availability is provided as well as VPN load balancing. For more details, visit Cisco Firepower 1000 Series Next-Generation firewalls consulting and management expertise.

Cisco Firepower 2100 Series NGFW Firewalls
Cisco's Firepower 2100 Series Next-Generation Firewalls are 1RU appliances intended for use at the Internet edge or the data center. Appliances in this series have a dual multicore CPU architecture that enables them to offer 3-6X faster performance than Cisco ASA 5545-X to ASA 5555-X firewalls they are designed to succeed. Local management can be performed using Firepower Device Manager. All Firepower 2100 Series Next-Generation Firewalls incorporate 12 RJ45 ports and four SFP interfaces. These appliances include one build-in 10/100/1000 Ethernet port for network management, an RJ-45 console port, and one USB 2.0 Type-A port. Active/standby high availability is supported along with VPN load balancing. For additional details, see Cisco Firepower 2100 Series Next-Generation firewalls consulting and management expertise.

Cisco Firepower 4100 Series NGFW Firewalls
Cisco's Firepower 4100 Series NGFW Firewalls are single-rack units designed for deployment at the Internet edge or high-performance data centers. Firewalls in this family offer 5-10X higher performance than the Cisco ASA 5585-X firewall they are designed to replace. Onsite management can be done using Firepower Device Manager. All Firepower 4100 Series NGFW Firewalls include 8 integrated SFP+ ports and all can be expanded with a variety of plug-in network modules for up to 24 ports. All Firepower 4100 Series Next-Generation Firewalls support VPN load balancing, high availability, and clustering of up to six chassis. These firewalls include an integrated 1 Gigabit Ethernet port for network management, one RJ-45 console port, and one USB 2.0 port. For more specs, visit Cisco Firepower 4100 Series Next-Generation firewalls consulting and management expertise.

Cisco Firepower 9300 Series NGFW Firewalls
Cisco's Firepower 9300 Series Next-Generation Firewalls are highly scalable and ultra-high performing security appliances. The 3 Rack Units (3RU) enclosure of Firepower 9300 NGFW Series firewalls accepts two add-in network modules as well as three security modules. Fully loaded, the Firepower 9300 can support 24 10-Gigabit Ethernet Enhanced Small Form-Factor Pluggable interfaces or eight 100 Gigabit Ethernet connections. Intrachassis clustering of up to five chassis delivers up to 1.2 Tbps of firewall throughput. The top-of-the-line Cisco Firepower 9300 SM-56 delivers 70 Gbps firewall performance and 27 Gbps IPsec VPN throughput. The 9300 SM-56 allows 35 million concurrent sessions, 490K new connections per second, and a maximum of 20 VPN peers.

Cisco's Firepower Services
Firepower NGFW security appliances work with either software or hardware modules that support Cisco's Firepower Services, which offer layered protection against advanced threats. Cisco's Firepower Services are powered by technology adopted by Cisco from Sourcefire. Major features of Firepower Services include:

• Multi-layer defense against familiar and new threats
• Advanced Malware Protection (AMP) that utilizes big data to find and mitigate intrusions
• Cisco's Next-Generation Intrusion Prevention System (NGIPS) that performs contextual analysis that looks at users, network infrastructure, apps, and content to detect attacks that incorporate simultaneous vectors
• Fine-grained Application Visibility and Control that is aware of thousands of apps and can automatically launch standard and custom IPS policies based on the severity of threats

Simpler deployments of Cisco's Firepower Next Generation security appliances can be effectively managed using Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web tool included with all firewall versions. ASDM provides a simple web console for configuring, administering, and debugging NGFW appliances and modules.

For multi-device and multi-site environments, Cisco's Next Gerneration appliances with Firepower Services can be managed with Firepower Management Center, implemented as one or several physical or virtual appliances. Firepower Management Center provides centralized firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Advanced Malware Protection. Because of frequent rebranding since Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under various names that include Defense Center, FireSIGHT Defense Center, and Cisco Firesight Management Center.

Firepower Management Center appliance provides capabilities unavailable with Cisco's on-device ASDM tool. Extra features include greater context awareness, Advanced Malware Protection with remediation for user devices, a dashboard that provides real-time network infrastructure visualization, automated policy tuning driven by impact evaluation of threats, comprehensive IPS, custom app detectors for Application Visibility and Control, customized health alerts, improved reporting features, and APIs for host input and database access. Hardware-dependent options like clustering, stacking, switching, routing, VPN, and NAT must be managed via the on-device ASDM or the Firepower CLI.

Progent's Migration Consulting Support for Cisco Next Generation Firewalls
Since Cisco has discontinued offering the PIX and ASA 5500 product lines, many companies are uncomfortable with relying on a critical security component that might stop being supported. Firepower NGFW Series security appliances offer the advantage of being current devices and also offer multiple functions and financial advantages in comparison to legacy firewalls. These advantages include significantly better throughput, optional SSL tunneling capability, and an expandable architecture that guards your investment by enabling you to add more security services when and if you require them. Progent's Cisco network engineers can help your company to assess the strategic value of for moving from PIX or Cisco ASA 5500 security appliances, design a migration process that permits a quick and non-disruptive upgrade, help your IT staff to deploy new Firepower NGFW Series firewalls, and offer remote training, consulting, and troubleshooting services.

Other Ways Progent Can Support Your Cisco Firewalls
Cisco's Firepower Series security appliances incorporate an array of configuration, tracking, and troubleshooting features which give you the ability to set up these firewalls to match your business requirements. Progent's CCIE authorized network experts can show you how to design a cost-effective infrastructure that includes Cisco security appliances and that provides world-class security, fault tolerance, throughput, and recoverability. Progent's GISA and CISSP-ISSP-premier IS security consultants can assist you to create a security strategy that makes sense for your environment and can set up your PIX or ASA firewall to support your security strategy. Progent's risk assessment professionals can assess the strength of your current firewall solution and audit the overall security of your entire IT network. Progent’s Help Desk Call Center can provide emergency online troubleshooting for Cisco technology and can give you quick access to a Cisco CCIE expert.

Progent can provide remote or on-premises support and is available for as-needed guidance to help your organization with a stubborn IT bottleneck or Progent offers comprehensive project management and co-management services to ensure your firewall initiative is completed on schedule and within budget.

For additional information concerning Progent's consulting help for Cisco solutions, select a subject:

• Overview of Progent's Cisco Network Support
• Fast and Affordable Online Help from a CCIE Engineer
• Cisco ASA 5500-X Firewall with Firepower Services: Integration and Management Expertise
• ASA 5500 Firewall Engineering Assistance
• PIX 500 Series Firewall Maintenance Help
• Cisco Routers Consulting Expertise
• Cisco Wireless Engineering Support
• Cisco Aironet Wireless APs Deployment Support
• Cisco Small Business 100, 300 and 500 WiFi APs Deployment Services
• Cisco WiFi Controllers Experts
• Meraki Access Points Design Help
• Cisco Unified Communications Manager (CUCM or Unified CM) and CallManager Consulting and Troubleshooting
• Cisco VoIP Phones and IP Video Desktop Phones Consulting Services and Wireless VoIP Phone Configuration
• Cisco Jabber Deployment Expertise
• Catalyst Switches Engineering Services
• Cisco Nexus Switches Consulting and Support Services
• Meraki MS Switches Consulting and Support Expertise
• Cisco VPN Setup and Troubleshooting Assistance
• SIP and CUBE Infrastructure Solutions: SIP Trunking and Cisco CUBE Integration Expertise
• Design Expertise for Cisco-based Data Centers
• Network Design Services for ISPs
• Remote Management Strategies for Cisco-based Environments