Cisco is a long-time front-runner in delivering cutting-edge firewalls for the broadest possible range of deployments. Cisco's Firepower Next Generation Firewall (NGFW) appliances provide a modern firewall platform that marshals sophisticed hardware, cloud services, and next-generation intrusion protection system (NGIPS) to block, discover, and mitigate threats without manual intervention. Progent's Cisco-certified CCIE firewall experts can help you to design and execute an efficient migration to Cisco Firepower Series firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX firewalls and help you enhance Firepower firewalls with Cisco's subscription-based security services to create and centrally manage network environments that encompass branch offices, data centers, and cloud resources. Progent's firewall consultants can also help you to manage and debug legacy Cisco security appliances. Progent's certified network security experts can help you with policy creation based on leading practices so you can build a consistent cybersecurity profile across all your networked endpoints at any location.
Cisco's Firepower Next Generation Firewalls
Cisco's family of Firepower Next-Generation Firewalls deliver modern security and centralized management at price points, performance levels, and scale suitable for deployments spanning branch offices and small organizations to global enterprises and Internet service providers. Cisco's Firepower NGFW devices provide a major performance boost over Cisco's older firewalls and offer unified control of modern security capabilities like application visibility and control, next-generation intrusion protection (NGIPS) with risk prioritization, advanced malware protection, DDoS mitigation, and multi-node sandboxing.
All Firepower Next-Generation firewalls incorporate a single-pass architecture and support continuous analysis and retrospective detection, which makes it possible to initiate outbreak management and to pinpoint patient zero. Firepower NGFW firewalls also have the option of URL Filtering and sandboxing for finding elusive malware, IoCs, and malware artifacts. Next-Generation IPS rule tuning and firewall policy creation can be performed automatically, eliminating the need for time-consuming intervention by cybersecurity experts. All Firepower NGFW firewalls give you the choice of running either Cisco Firepower Threat Defense (FTD) or Adaptive Security Appliance (ASA) software. Unified configuration, logging, system monitoring, and reporting functions can be managed either via Management Center or in the cloud with Cisco Defense Orchestrator.
Cisco Firepower 1000 Series NGFW Firewalls
Firepower NGFW 1000 Series Firewalls are intended for small organizations, telecommuters, or branches. Appliances in this family offer better price/performance vs. comparable Cisco ASA 5506-X to ASA 5525-X firewalls, providing 4-6X higher firewall speed. Onsite management can be performed using Firepower Device Manager. 1000 Series firewalls feature an integrated 10M/100M/1GBASE-T RJ-45 Ethernet port for network management, an RJ-45 console interface, a USB connection, and 200 Gbytes of storage. High availability is supported along with virtual private network load balancing.
Cisco's Firepower 1010 firewall is a desktop, fanless device that offers 890 Mbps performance, Application Visibility/Control (AVC), and NGIPS. The appliance comes with 8 built-in RJ-45 I/O interfaces, two of them POE+ capable. IPsec VPN throughput is 400 Mbps and the device allows 100K concurrent sessions, 6,000 new connections per second, and up to 75 VPN peers. The Firepower 1120 firewall is a 1RU device that delivers firewall performance of 2.3 Gbps. The unit comes with eight RJ45 built-in I/O interfaces and four SFP ports. IPsec VPN performance is 1.2 Gbps and the firewall allows 200K simultaneous sessions, 15,000 new connections/second with AVC, and up to 150 VPN peers.
The Firepower 1140 model firewall is a 1RU device that offers firewall throughput of 3.3 Gbps. The firewall features 8 built-in RJ-45 interfaces and four SFP interface ports. IPsec VPN throughput is 1.4 Gbps and the appliance allows 400K concurrent sessions, 22K new connections/second with AVC, and as many as 400 VPN peers. The Firepower 1150 firewall is a 1RU device that offers firewall throughput of 5.3 Gbps. The unit comes with eight integrated RJ-45 ports, two SFP interfaces, and two 10G SFP+ interfaces. IPsec VPN performance is 2.4 Gbps and the device can handle 600K simultaneous sessions, 28,000 new connections/second, and up to 800 VPN peers.
Cisco Firepower 2100 Series Next-Generation Firewalls
Cisco's Firepower 2100 Series Next-Generation Firewalls are one-rack appliances designed for deployment at the data center. Devices in this series feature a dual multicore CPU architecture that enables them to offer 3-6X higher throughput than Cisco ASA firewalls they are engineered to replace. Onsite management can be done using Firepower Device Manager. All Firepower 2100 Series NGFW Firewalls incorporate 12 RJ45 ports and four SFP ports. These units include one build-in 10/100/1000 RJ-45 Ethernet interface for management, an RJ-45 console port, and one USB port. Active/standby high availability is supported as well as VPN load balancing.
The Firepower 2110 model firewall has four integrated 1 Gb SFP Ethernet interfaces and 100 GB of storage. The 2110 delivers 2.6 Gbps firewall throughput and 800 Mbps IPsec VPN throughput and supports 1 million simultaneous sessions, 18,000 new connections/second, and up to 1,500 VPN peers. Cisco's Firepower 2120 model firewall has 12 integrated 10M/100M/1GBASE-T Ethernet RJ-45 interfaces, four integrated 1G SFP Ethernet interface ports, and 100 GB of storage. The 2120 offers 3.4 Gbps firewall performance and 1 Gbps IPsec VPN throughput and allows 1.5 million concurrent sessions, 28,000 new connections per second and up to 3,500 VPN peers.
Cisco's Firepower 2130 model firewall includes four integrated 10 Gb SFP+ interface ports and 200 GB of storage. The 2130 also accepts a network module with 8 additional ports. The Firepower 2130 delivers 5.4 Gbps firewall throughput and 1.9 Gbps IPsec VPN performance and supports 2 million simultaneous sessions, 30,000 new connections per second, and as many as 7,500 VPN peers. Cisco's top-of-the-line Firepower 2140 firewall includes 4 integrated 10 Gigabit SFP+ ports and 200 GB of storage. The unit also accepts a network module with eight additional interfaces for a maximum of 24 Ethernet ports. The 2140 offers 10.4 Gbps firewall performance and 3.6 1Gbps IPsec VPN performance and allows three million concurrent, 57,000 new connections per second, and as many as 10,000 VPN peers. Both the 2130 and 2140 units have the option of redundant AC or DC power supplies.
Cisco Secure Firewall 3100 Series
Cisco's Secure Firewall 3100 Series appliances are modular 1RU units targeted at large companies who need performance, high port density, and zero-trust security at the Internet edge, the data center, or a private cloud. For high uptime, all Secure Firewall 3100 Series appliances support 8-device clustering and work in either Active/active or Active/standby mode. The units can run Cisco's ASA or Firewall Threat Defense (FTD) software. Integrated I/O for each unit includes eight 10M/100M/1GBASE-T Ethernet interfaces (RJ-45) and eight 1/10 Gigabit (SFP) Ethernet ports. Plug-in network modules offer 1/10/25/40G options and all versions have 900 GB of storage as well as an additional storage expansion slot.
Cisco's 3105 Firewall device delivers 10 Gbps firewall performance and 5.5 Gbps IPsec VPN performance. The 3105 supports 1.5 million concurrent sessions, 90,000 new connections/second, and as many as 2,000 VPN peers. Cisco's Secure Firewall 3110 model delivers 10 Gbps firewall throughput and 8 Gbps IPsec VPN throughput. The 3110 allows 2 million simultaneous sessions, 130,000 new connections per second, and up to 3,000 VPN peers. Cisco's Secure Firewall 3120 model offers 21 Gbps firewall performance and up to 10 Gbps IPsec VPN throughput. The 3120 firewall supports 4 million simultaneous sessions, 170,000 new connections/second, and as many as 7,000 VPN peers. Cisco's 3130 Firewall model delivers 42 Gbps firewall throughput and up to 14 Gbps IPsec VPN throughput. The 3130 allows 6 million simultaneous sessions, 200K new connections per second, and a maximum of 15,000 VPN peers. The 3130 includes eight 1/10/25G SFP+ ports. Cisco's 3140 Firewall model delivers 49 Gbps firewall throughput and up to 17 Gbps IPsec VPN throughput. The 3140 firewall allows 10 million simultaneous sessions, 200K new connections per second, and as many as 20K VPN peers. The 3140 model features eight 1/10/25G SFP+ interface ports.
Cisco Firepower 4100 Series Next-Generation Firewalls
Cisco's Firepower 4100 Series NGFW Firewalls are 1RU units intended for deployment at the Internet edge or high-performance data centers. Firewalls in this family offer 5-10X higher throughput than the Cisco ASA 5585-X firewall they are designed to succeed. Local management can be done with Cisco Firepower Device Manager. All Firepower 4100 Series Next-Generation Firewalls include 8 built-in SFP+ interfaces and all accept a variety of add-in network modules for up to 24 interfaces. All Firepower 4100 Series NGFW Firewalls support virtual private network load balancing, Active/Standby high availability, and clustering of as many as six chassis. These devices feature an integrated 1Gb Ethernet interface for management, one RJ-45 console interface, and one USB 2.0 interface.
The Firepower 4110 firewall includes 200 GB of storage and offers 13 Gbps firewall performance and 6 Gbps IPsec VPN performance. The 4110 supports 10 million concurrent sessions, 64K new connections/second, and as many as 10K VPN peers. Cisco's Firepower 4112 firewall includes 400 GB of storage and delivers 19 Gbps firewall throughput and 8.5 Gbps IPsec VPN throughput. The 4112 appliance supports 10 million concurrent sessions, 98K new connections per second, and up to 10,000 VPN peers. Cisco's Firepower 4115 device features 400 GB of storage and offers 33 Gbps firewall throughput and 8 Gbps IPsec VPN performance. The 4115 unit allows 15 million concurrent sessions, 210K new connections per second, and up to 15,000 VPN peers. Cisco's Firepower 4120 model has 200 GB of storage and offers 22 Gbps firewall performance and 19 Gbps IPsec VPN performance. The 4120 firewall allows 15 million simultaneous sessions, 118K new connections per second, and up to 15,000 VPN peers. Cisco's Firepower 4125 firewall features 800 GB of storage and offers 45 Gbps firewall performance and 19 Gbps IPsec VPN throughput. The 4125 firewall allows 25 million concurrent sessions, 269K new connections per second, and as many as 20K VPN peers.
The Firepower 4140 firewall has 400 GB of storage and offers 32 Gbps firewall throughput and 13 Gbps IPsec VPN throughput. The 4140 firewall supports 25 million concurrent sessions, 172K new connections/second, and up to 20K VPN peers. Cisco's more recent Firepower 4145 model has 800 GB of storage and offers 53 Gbps firewall throughput and 24 Gbps IPsec VPN throughput. The 4145 firewall allows 30 million simultaneous sessions, 365K new connections per second, and as many as 20K VPN peers. The Cisco Firepower 4150 firewall features 400 GB of storage and delivers 45 Gbps firewall performance and 14 Gbps IPsec VPN performance. The 4150 unit allows 30 million simultaneous sessions, 263K new connections/second, and as many as 20K VPN peers.
Secure Firewall 4200 Series
Cisco's Secure Firewall 4200 devices are expandable single rack units built for deployment at large enterprise campuses and data centers that need best-in-class performance, visibility, and scale. Cisco's Secure Firewall 4200 Series appliances offer over twice the performance of prior generation firewalls and feature high port density. Up to 8 units can be clustered for high availability and scale. Crypto accelerator enables SSL and VPN decryption in real time, and zero trust application access (ZTAA) permits deep threat inspection for applications. 4200 Series firewalls can be managed by the Firewall Management Center or in the cloud with Cisco Defense Orchestrator. Each 4200 firewall includes 8x 1/10/25 Gigabit Ethernet integrated ports and features two interface module slots for rapid upscaling. Up to 24 Ethernet connections are possible. Each firewall device includes 1.8 TB x 2 storage.
Cisco's Secure Firewall 4215 model is intended for large enterprise campuses with high growth potential. The 4215 offers 90 Gbps firewall performance and 45 Gbps max IPsec VPN performance. The 4215 allows 15 million concurrent firewall connections, 350 K new connections per second, and as many as 20,000 VPN peers. The Secure Firewall 4225 device is built for enterprise data centers. The model delivers 95 Gbps firewall throughput and 80 Gbps IPsec VPN throughput. Cisco's 4225 model allows 30 million concurrent firewall connections, 600 K new connections per second, and up to 25,000 VPN peers. Cisco's Secure Firewall 4245 model is built for service providers who need to handle a very high volume of traffic. The 4245 delivers 180 Gbps firewall performance and 140 Gbps IPsec VPN performance. The 4245 can support 60 million concurrent firewall connections, 800 K new connections per second, and as many as 30,000 VPN peers.
Cisco Firepower 9300 Series Next-Generation Firewalls
Cisco's Firepower 9300 Series NGFW Firewalls are highly scalable and ultra-high performing firewalls. The 3 Rack Units chassis of Firepower 9300 Next-Generation Series firewalls accepts two network modules and three security modules. Fully loaded, the Firepower 9300 can support 24 10-Gigabit Ethernet Enhanced Small Form-Factor Pluggable ports or eight 100G connections. Clustering of up to 5 9300 chassis allows up to 1.2 Tbps of firewall performance. The top-of-the-line Cisco Firepower 9300 SM-56 x 3 provides 235 Gbps firewall performance and 27 Gbps IPsec VPN performance. The 9300 SM-56 allows 195 million concurrent sessions, 4.75 M new connections per second, and a maximum of 20,000 VPN peers.
Cisco's Firepower Services
Firepower Series firewalls work with software or hardware modules that enable Firepower Services, which provide layered defense against advanced threats. Firepower Services are powered by technology adopted by Cisco from Sourcefire. Key capabilities of Firepower Services include:
Smaller deployments of Firepower Next Generation firewalls can be efficiently administered via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based tool which is provided with all firewall models. ASDM provides an easy-to-use web console for deploying, managing, and troubleshooting NGFW firewalls and service modules.
For more complex environments, NGFW appliances with Firepower Services can be managed with Firepower Management Center, implemented as one or more physical units or virtual devices. Cisco's Firepower Management Center offers unified firewall management, Application Visibility and Control (AVC, enhanced IPS, URL filtering, and Cisco's Advanced Malware Protection (AMP). Due to frequent rebranding since Cisco's purchase of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under various names that include Defense Center, Cisco Firesight Defense Center, and FireSIGHT Management Center.
Firepower Management Center appliance offers features unavailable with Cisco's on-device Adaptive Security Device Manager utility. Additional capabilities include expanded context awareness, Advanced Malware Protection (AMP) with remediation for user devices, a console that provides dynamic network infrastructure visualization, automated policy tuning driven by impact evaluation of threats, advanced IPS, custom application detectors for Application Visibility and Control, customized health alerts, improved reporting features, and application interfaces for host input and databases. Hardware-dependent features such as clustering, stacking, switching, routing, VPN, and NAT must be managed using either Cisco's on-device ASDM or the Firepower CLI.
Progent's Migration Support Services for Cisco Next Generation Firewalls
Since Cisco has stopped selling the PIX 500 and ASA 5500 product lines, many companies are uncomfortable with relying on a key security component that might stop being supported. Firepower Series firewalls have the benefit of being new devices and also bring important functions and economic advantages in comparison to legacy devices. These benefits include significantly higher performance, optional SSL tunneling capability, and a modular architecture that guards your investment by enabling you to self-install more security services when and if you need them. Progent's Cisco certified network engineers can assist your company to determine the strategic value of for moving from PIX 500 or Cisco ASA 5500 firewalls, create a migration process that allows for a fast and seamless upgrade, help you to set up new Firepower Series appliances, and offer online, consulting, and troubleshooting services.
Additional Ways Progent Can Support Your Cisco Firewalls
Cisco's Firepower Next-Generation Series firewalls provide an array of configuration, tracking, and analysis options which offer you the ability to set up these security appliances to align optimally with your business needs. Progent's CCIE authorized network professionals can show you how to design an efficient infrastructure that includes Cisco firewall technology and that offers advanced protection, fault tolerance, performance, and manageability. Progent's CISA and CISSP-ISSP-certified IS security consultants can assist you to create a security strategy appropriate for your situation and can set up your security appliance to enforce your security strategy. Progent's risk evaluation consultants can evaluate the effectiveness of your current firewall solution and audit the overall security of your whole IS network. Progent's Technical Response Center can deliver urgent online technical support for Cisco products and can give you quick access to a Cisco expert.
Progent can provide online or on-premises support and is available for as-needed expertise to help your organization with a challenging IT impasse or Progent can provide end-to-end project management support to ensure your network security initiative is performed on schedule and within budget.
To find out more information concerning Progent's engineering support for Cisco products, select a subject: