Cisco is a long-time leader in delivering state-of-the-art firewalls for the broadest possible variety of environments. Cisco's Firepower Next Generation Firewall (NGFW) security appliances provide an advanced cybersecurity platform that marshals dedicated hardware, cloud-based services, and machine learning to anticipate, identify, and respond to cyberthreats without manual intervention. Progent's Cisco-certified CCIE-certified firewall experts can assist your organization to plan and execute an efficient migration to Cisco Firepower Series firewalls from Cisco's legacy ASA 5500-X, ASA 5500, or PIX firewalls and show you how to enhance Firepower appliances with Cisco's cloud-based services to create and centrally manage IT ecosystems that encompass branch offices, data centers, and cloud resources. Progent's firewall consultants can also assist you to manage and troubleshoot legacy Cisco security appliances. Progent's certified cybersecurity experts can help you with policy creation and tuning based on industry best practices so you can establish a consistent cybersecurity posture that applies to all your networked devices at any location.
Cisco's Firepower Next Generation Firewalls
Cisco's family of Firepower Next-Generation Firewalls deliver modern protection and centralized control at price points, performance levels, and expandability suitable for environments spanning telecommuters and small organizations to major enterprises and Internet service providers. Cisco's Firepower NGFW devices provide a significant performance boost over Cisco's previous-generation security appliances and offer centralized control of advanced cybersecurity capabilities like application visibility and control, next-generation intrusion protection (NGIPS) with risk prioritization, advanced malware protection, DDoS mitigation, and sandboxing.
All Firepower Next-Generation firewalls incorporate a single-pass design and permit continuous analysis and retrospective identification, which makes it possible to provide outbreak management and to pinpoint root causes. Firepower Next-Generation firewalls also offer URL Filtering and sandboxing for finding elusive malware, IoCs, and malware artifacts. Next-Generation IPS rule tuning and network firewall policy are automated, eliminating the need for time-consuming intervention by IT security specialists. All Firepower NGFW security appliances give you the choice of using either Firepower Threat Defense (FTD) or Adaptive Security Appliance software. Centralized deployment, logging, system monitoring, and reporting capabilities can be controlled either via Cisco's Management Center or in the cloud with Defense Orchestrator.
Cisco Firepower 1000 Series NGFW Firewalls
Cisco Firepower Next-Generation 1000 Series Firewalls are targeted at small organizations, telecommuters, or branches. Devices in this family offer better value vs. comparable Cisco ASA 5506-X to ASA 5525-X firewalls, providing 4-6X faster firewall throughput. Local management can be performed using Cisco Firepower Device Manager. 1000 Series firewalls feature an integrated 10/100/1000 RJ-45 Ethernet port for management, an RJ-45 console interface, a USB 3.0 Type-A interface, and 200 GB of storage. Active/active and Active/standby high availability is supported as well as VPN load balancing.
Cisco's Firepower 1010 firewall is a desktop or wall-mount, quiet appliance that delivers 890 Mbps performance, Application Visibility/Control (AVC), and NGIPS. The appliance comes with eight integrated RJ-45 I/O interface ports, two of them POE+ capable. IPsec VPN throughput is 400 Mbps and the device supports 100K concurrent sessions, 6,000 new connections/second, and a maximum of 75 VPN peers. The Firepower 1120 firewall is a 1RU rack device that provides firewall performance of 2.3 Gbps. The unit comes with 8 RJ45 built-in I/O interfaces and four SFP interface ports. IPsec VPN throughput is 1.2 Gbps and the unit allows 200K simultaneous sessions, 15,000 new connections per second with Application Visibility/Control (AVC), and up to 150 VPN peers.
The Firepower 1140 model firewall is a 1RU rackmount appliance that offers firewall throughput of 3.3 Gbps. The unit has 8 built-in RJ-45 interface ports and four SFP interfaces. IPsec VPN throughput is 1.4 Gbps and the device allows 400K simultaneous sessions, 22K new connections per second with Application Visibility/Control, and up to 400 VPN peers. The Firepower 1150 model firewall is a 1RU appliance that delivers firewall throughput of 5.3 Gbps. The appliance features eight integrated RJ-45 interfaces, two SFP ports, and two 10G SFP+ interface ports. IPsec VPN performance is 2.4 Gbps and the firewall allows 600K simultaneous sessions, 28,000 new connections per second, and as many as 800 VPN peers.
Cisco Firepower 2100 Series NGFW Firewalls
Cisco's Firepower 2100 Series Next-Generation Firewalls are 1RU rack appliances intended for use at the Internet edge or the data center. Appliances in this line feature a dual multicore processor design that enables them to deliver 3-6X faster throughput than Cisco ASA 5545-X to ASA 5555-X firewalls they are engineered to succeed. Local management can be performed with Firepower Device Manager. All Firepower 2100 Series NGFW Firewalls incorporate 12 RJ45 ports and four SFP ports. These units include one integrated 10M/100M/1GBASE-T Ethernet interface for management, an RJ-45 console interface, and one USB 2.0 Type-A port. High availability is supported as well as virtual private network load balancing.
The Firepower 2110 model firewall features 4 integrated 1 Gigabit SFP Ethernet ports and 100 GB of storage. The 2110 delivers 2.6 Gbps firewall performance and 800 Mbps IPsec VPN performance and allows 1 million simultaneous sessions, 18,000 new connections per second, and a maximum of 1,500 VPN peers. Cisco's Firepower 2120 model firewall has 12 built-in 10M/100M/1GBASE-T RJ-45 interface ports, four built-in 1G SFP Ethernet interface ports, and 100 GB of storage. The 2120 delivers 3.4 Gbps firewall throughput and 1 Gbps IPsec VPN throughput and allows 1.5 million simultaneous sessions, 28,000 new connections per second and a maximum of 3,500 VPN peers.
Cisco's Firepower 2130 model firewall includes 4 built-in 10 Gb SFP+ interface ports and 200 GB of storage. The unit also scales via a network module with 8 extra ports. The Firepower 2130 offers 5.4 Gbps firewall performance and 1.9 Gbps IPsec VPN performance and allows two million simultaneous sessions, 30,000 new connections/second, and a maximum of 7,500 VPN peers. Cisco's top-of-the-line Firepower 2140 firewall comes with 4 integrated 10G SFP+ interfaces and 200 GB of storage. The unit also scales via a network module with eight additional interface ports for a maximum of 24 Ethernet ports. The 2140 model offers 10.4 Gbps firewall performance and 3.6 1Gbps IPsec VPN performance and supports 3 million simultaneous, 57,000 new connections/second, and a maximum of 10,000 VPN peers. Both the 2130 and 2140 appliances have the option of dual AC or DC power supplies.
Cisco Secure Firewall 3100 Series
Cisco's 3100 Firewall Series models are modular single-rack units intended for large companies who require throughput, high port density, and zero-trust cybersecurity at the Internet edge, the corporate data center, or a private cloud. For high uptime, all Secure Firewall 3100 Series appliances support 8-chassis clustering and operate in Active/active or Active/standby mode. The units can run Cisco's ASA or FTD software. Built-in I/O for each device includes 8 10M/100M/1GBASE-T interfaces (RJ-45) and 8 1/10 Gigabit (SFP) Ethernet interface ports. Available network modules support 1/10/25/40G expansion and all models feature 900 GB of storage as well as a spare storage expansion slot.
Cisco's Secure Firewall 3105 model offers 10 Gbps firewall throughput and 5.5 Gbps IPsec VPN throughput. The 3105 supports 1.5 million concurrent sessions, 90,000 new connections per second, and as many as 2,000 VPN peers. Cisco's 3110 Firewall device offers 10 Gbps firewall throughput and 8 Gbps IPsec VPN performance. The 3110 allows two million simultaneous sessions, 130,000 new connections/second, and as many as 3,000 VPN peers. Cisco's 3120 Firewall device offers 21 Gbps firewall performance and up to 10 Gbps IPsec VPN performance. The 3120 supports 4 million simultaneous sessions, 170,000 new connections/second, and up to 7,000 VPN peers. Cisco's Secure Firewall 3130 model delivers 42 Gbps firewall performance and up to 14 Gbps IPsec VPN performance. The 3130 supports 6 million concurrent sessions, 200K new connections per second, and up to 15,000 VPN peers. The 3130 firewall includes 8 1/10/25G SFP+ ports. Cisco's 3140 Firewall model offers 49 Gbps firewall throughput and up to 17 Gbps IPsec VPN throughput. The 3140 allows 10 million simultaneous sessions, 200K new connections per second, and a maximum of 20K VPN peers. The 3140 features 8 1/10/25G SFP+ ports.
Cisco Firepower 4100 Series Next-Generation Firewalls
Cisco's Firepower 4100 Series Next-Generation Firewalls are 1RU appliances intended for operation at high-performance data centers. Firewalls in this line deliver 5-10X faster performance than the Cisco ASA 5585-X firewall they are engineered to succeed. Onsite management can be performed using Firepower Device Manager. All Firepower 4100 Series NGFW Firewalls have 8 integrated SFP+ ports and all can be expanded with a selection of add-in network modules for a maximum of 24 ports. All Firepower 4100 Series Next-Generation Firewalls offer VPN load balancing, high availability, and clustering of as many as six chassis. These security appliances include a built-in 1Gb Ethernet interface for network management, an RJ-45 console port, and one USB 2.0 connection.
Cisco's Firepower 4110 model firewall has 200 GB of storage and offers 13 Gbps firewall throughput and 6 Gbps IPsec VPN performance. The 4110 model allows 10 million concurrent sessions, 64K new connections/second, and as many as 10K VPN peers. Cisco's Firepower 4112 firewall has 400 GB of storage and offers 19 Gbps firewall performance and 8.5 Gbps IPsec VPN performance. The 4112 firewall supports 10 million simultaneous sessions, 98K new connections/second, and as many as 10,000 VPN peers. Cisco's Firepower 4115 model firewall includes 400 GB of storage and offers 33 Gbps firewall performance and 8 Gbps IPsec VPN performance. The 4115 firewall supports 15 million simultaneous sessions, 210K new connections per second, and a maximum of 15,000 VPN peers. Cisco's Firepower 4120 device features 200 GB of storage and delivers 22 Gbps firewall throughput and 19 Gbps IPsec VPN throughput. The 4120 firewall allows 15 million concurrent sessions, 118K new connections/second, and as many as 15,000 VPN peers. Cisco's Firepower 4125 firewall has 800 GB of storage and delivers 45 Gbps firewall throughput and 19 Gbps IPsec VPN performance. The 4125 firewall supports 25 million concurrent sessions, 269K new connections per second, and as many as 20K VPN peers.
Cisco's Firepower 4140 model firewall includes 400 GB of storage and delivers 32 Gbps firewall throughput and 13 Gbps IPsec VPN performance. The 4140 firewall allows 25 million simultaneous sessions, 172K new connections/second, and a maximum of 20K VPN peers. Cisco's more recent Firepower 4145 appliance includes 800 GB of storage and delivers 53 Gbps firewall performance and 24 Gbps IPsec VPN performance. The 4145 unit supports 30 million concurrent sessions, 365K new connections per second, and as many as 20K VPN peers. Cisco's Firepower 4150 unit comes with 400 GB of storage and offers 45 Gbps firewall throughput and 14 Gbps IPsec VPN throughput. The 4150 unit allows 30 million simultaneous sessions, 263K new connections per second, and as many as 20K VPN peers.
Cisco Secure Firewall 4200 Family
Cisco's Secure Firewall 4200 Series devices are expandable single rack units intended for use at large enterprise campuses and data centers that need best-in-class throughput, manageability, and scalability. Secure Firewall 4200 Series appliances deliver over double the performance of prior generation firewalls from Cisco and offer high port density. Up to 8 units can be clustered for fault tolerance and scale. Crypto accelerator enables traffic decryption in real time, and zero trust application access (ZTAA) permits deep threat inspection for apps. 4200 Series firewalls can be managed by the Firewall Management Center or in the cloud using Cisco Defense Orchestrator. Every 4200 firewall includes 8x 1/10/25 Gigabit Ethernet built-in ports and has two interface module slots for easy upscaling. Up to 24 Ethernet connections are possible. Every 4200 device includes 1.8 TB x 2 storage.
Cisco's Secure Firewall 4215 model is built for enterprise campuses with high growth expectations. The device offers 90 Gbps firewall performance and 45 Gbps max IPsec VPN throughput. The 4215 allows 15 million simultaneous firewall connections, 350 K new connections per second, and as many as 20,000 VPN peers. The Secure Firewall 4225 device is built for large enterprise data centers. The device offers 95 Gbps firewall performance and 80 Gbps IPsec VPN throughput. Cisco's 4225 firewall supports 30 million simultaneous firewall connections, 600 K new connections each second, and as many as 25,000 VPN peers. Cisco's Secure Firewall 4245 appliance is designed for service providers who need to handle a high volume of traffic. The 4245 offers 180 Gbps firewall performance and 140 Gbps IPsec VPN performance. The 4245 can support 60 million simultaneous firewall connections, 800 K new connections per second, and as many as 30,000 VPN peers.
Cisco Firepower 9300 Series NGFW Firewalls
Cisco's Firepower 9300 Series NGFW Firewalls are highly scalable and ultra-high performing firewalls. The 3 Rack Units chassis of Firepower 9300 NGFW Series firewalls can hold two add-in network modules as well as three security modules. Altogether, the Firepower 9300 can support 24 10-Gigabit Ethernet Enhanced Small Form-Factor Pluggable network interfaces or eight 100G ports. Clustering of up to five 9300 chassis delivers up to 1.2 Tbps of firewall throughput. The top-of-the-line Cisco Firepower 9300 SM-56 x 3 delivers 235 Gbps firewall performance and 27 Gbps IPsec VPN performance. The unit allows 195 million concurrent sessions, 4.75 M new connections per second, and a maximum of 20,000 VPN peers.
Cisco's ASA 5500-X and Legacy Firewalls
Cisco's ASA 5500-X Series, ASA 5500, and PIX 500 firewalls offer integrated firewall, IPsec VPN, and IPS services in compact single-box packages, delivering a broad array of features to match the security and compliance requirements of companies ranging from small and mid-size businesses to enterprises and ISPs. Cisco's ASA 5500-X, ASA 5500 Series, and PIX firewalls allow network security staffs to protect their network edge and offer safe remote access while utilizing advanced management mechanisms built on Cisco's world-class firewall technology.
Cisco's ASA 5500 Series and PIX 500 firewall appliances have reached end-of-life but remain commonly used in small and mid-size organizations and in some enterprise data centers. The ASA 5500-X Series Next-Generation Firewalls deliver significantly more value and have supplanted the ASA 5500 and PIX lines of firewalls for new installations. However, Cisco's older model firewalls, if carefully managed, can deliver a high degree of security by providing a variety of services including stateful firewall, Virtual Private Network (VPN) connections, and IPS.
Since Cisco's purchase of Sourcefire, the entire family of Cisco ASA 5500-X firewalls can be provisioned to support Firepower Services, built on Sourcefire's Snort product, which is the market's most popular intrusion protection system (IPS). Firepower services bring powerful new capabilities including advanced malware protection (AMP), URL filtering, dynamic threat analytics, and automation.
Progent's Cisco-certified infrastructure consultants can assist you to maintain and debug legacy ASA 5500 and PIX firewalls and can also assist you to plan and implement an efficient upgrade to Cisco's ASA 5500-X firewalls with Firepower Services. Progent can also help you to design, configure, tune, manage and troubleshoot new firewall ecosystems built on Cisco's latest ASA 5500-X models with Firepower Services. Progent's firewall consultants can also help your organization to upgrade from your Cisco ASA 5500-X solution to Cisco's latest Firepower Next Generation Firewalls (NGFWs).
Cisco's ASA 5500-X Series Firewalls
Cisco's comprehensive family of ASA 5500-X security appliances includes an improved replacement for every rack-mountable unit in the older ASA 5500 generation of devices. Each ASA 5500-X firewall targets the identical market as the corresponding earlier models, which gives small and midsize businesses ample choice for selecting a solution that aligns with their security requirements and budgets. All ASA 5500-X firewalls are based on Cisco's proven stateful-inspection firewall technology and all incorporate purpose-built 64-bit hardware with multicore CPUs and support Cisco's powerful security services. All devices in Cisco's ASA 5500-X family deliver consistent security across any combination of physical, virtual, and cloud environments.
For additional details about ASA 5500-X firewalls, Firepower services, and Progent's support for ASA security appliances, see Firepower configuration and debugging expertise
Cisco's Firepower Services for ASA 5500-X Firewalls
Cisco ASA 5500-X security appliances work with software or physical modules that enable Cisco's Firepower Services, which provide layered protection against multi-vector attacks. Cisco's Firepower Services are powered by technology acquired by Cisco from Sourcefire. Key capabilities of Firepower Services for ASA 5500-X firewalls include:
Simpler deployments of ASA firewalls can be efficiently managed via Cisco's on-box Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web utility provided with all ASA 5500-X versions. ASDM includes a simple web dashboard for deploying, managing, and debugging ASA 5500-X appliances and service modules.
For multi-device and multi-site environments, ASA 5500-X firewalls with Firepower Services can be managed using Cisco's Firepower Management Center, available as one or several physical or virtual appliances. Cisco's Firepower Management Center provides unified firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Cisco's Advanced Malware Protection (AMP). Because of frequent rebranding since Cisco's acquisition of Sourcefire Defense Center, Firepower Management Center has been offered under several names that include Defense Center, FireSIGHT Defense Center, and Cisco Firesight Management Center.
Cisco's Firepower Management Center offers capabilities unavailable with Cisco's on-box Adaptive Security Device Manager tool. Additional capabilities include greater context awareness, Cisco's Advanced Malware Protection (AMP) with remediation for client devices, a console that offers real-time network visualization, automated policy optimization driven by risk assessment of threats, comprehensive IPS, custom application detectors for Application Visibility and Control, customized health alerts, improved reporting options, and APIs for host input and database access. Hardware-dependent options such as clustering, stacking, switching, routing, VPN, and NAT must be handled using either Cisco's ASA 5500-X on-device ASDM or the ASA CLI.
Cisco ASA 5500 Family of Firewalls
Cisco ASA 5500 Series Firewalls build on engineering behind the Cisco PIX 500 firewall, Cisco's IPS 4200 Intrusion Prevention System, and the Cisco VPN 3000 Series concentrator. These technologies enable the Cisco Adaptive Security Appliances Firewall product line to offer a platform that defends against the widest variety of attacks. Cisco Adaptive Security Appliances Firewalls provide application security, local containment and control, and clean VPN connectivity throughout Cisco's product line. This breadth of protection enables the guarding of any network area, including the most common threat conduits such as remote sites, locally-attached inside users, and off-site access VPNs.
Cisco Adaptive Security Appliances (ASA) firewalls deliver a high-level of application protection through smart, application-sensitive inspection processes that examine network flows at Layers 4-7. The result is a better protected network covering Web, voice, and 3G-mobile wireless connectivity. To protect networks against application-layer attacks and to provide stronger policing of the programs and protocols utilized in their environments, Cisco's inspection engines integrate extensive application and protocol knowledgebases and rely on security enforcement solutions that include protocol anomaly sensing and state tracking. Also incorporated are attack sensing and mitigation technology such as application/protocol command filters and URL deobfuscation. Cisco Adaptive Security Appliances 5500 Series firewall inspection engines also provide management of IM and peer-to-peer file sharing, enabling businesses to police usage policies and free up bandwidth for important business applications.
For more information about Progent's consulting services for ASA 5500 firewalls, go to ASA 5500 firewalls integration and troubleshooting consulting.
Cisco PIX Security Appliance Series
Based upon a hardened, purpose-built operating system that offers rich security services, Cisco PIX firewalls offer a high level of security and have received Common Criteria Evaluation Assurance Level (EAL) 4 status and ICSA Firewall and IP Security (IPsec) certification. Cisco PIX security appliances offer security for a broad range of Voice over IP and additional mixed-media conventions such as H.323 Version 4, Session Initiation Protocol, Cisco Skinny Client Control Protocol (SCCP), Real-Time Streaming Protocol, and Media Gateway Control Protocol, enabling organizations to protect installations of a wide array of contemporary and next-generation VoIP and mixed-media applications.
IT managers can furthermore remotely configure, monitor, and analyze PIX firewall appliances via a command-line interface (CLI). Safe command-line interface (CLI) communication is possible through several methods such as Secure Shell Protocol, Telnet over IPsec, and out-of-band via a console port. PIX firewall appliances also include robust auto-update features, a set of advanced secure remote-administration services that ensure firewall settings and software images are kept current.
For additional information about Progent's support services for Cisco PIX firewalls, see Cisco PIX 500 firewalls integration and troubleshooting support.
Progent's Migration Support for Cisco Firewalls
Because Cisco has ceased offering the PIX 500 and ASA 5500 families of firewalls, many companies are uncomfortable with relying on a critical security mechanism that may stop being supported by Cisco. ASA 5500-X and Firepower Series security appliances have the benefit of being current products and also offer a number of functions and financial benefits in comparison to PIX firewalls. These benefits include significantly better performance, optional SSL tunneling capability, and an expandable architecture that protects your investment by allowing you to self-install more security services whenever you need them. Progent's Cisco certified experts can assist you to determine the business value of for moving from PIX or ASA 5500 security appliances, create a migration plan that allows for a quick and seamless upgrade, help your IT staff to deploy new ASA 5500-x or Firepower NGFW Series firewalls, and provide remote training, consulting, and troubleshooting services.
Additional Ways Progent Can Help You with Cisco ASA and PIX Firewalls
Cisco Firepower NGFW Series, ASA 5500 Series, and PIX family security appliances provide an array of setup, monitoring, and analysis features that offer you the ability to set up these firewalls to match your company's needs. Progent's CCIE certified network consultants can help you to configure and support an efficient network infrastructure that incorporates Cisco firewalls and that provides world-class security, resilience, performance, and manageability. Progent's GISA and CISSP-ISSP-certified IS security engineers can assist you to create a security strategy appropriate for your situation and can set up your PIX or ASA firewall to enforce your security strategy. Progent's risk evaluation engineers can evaluate the effectiveness of your current firewall deployment and help determine the overall security of your whole IT environment. Progent's Help Desk support team can provide urgent online troubleshooting for Cisco products and can give you fast access to a Cisco CCIE network engineer.
Integration of Cisco and Third-party Firewall Technology
Progent offers expertise in firewall and VPN products from all major vendors and can help you integrate Cisco technology with additional security solutions to help you build a cost-effective network infrastructure that provides a level of security and flexibility appropriate for your business. Third-party firewall and VPN support services available from Progent include:
For more information about Progent's consulting and support services for Cisco technology, call
Ransomware 24x7 Hot Line: Call 800-462-8800
Progent's Ransomware 24x7 Hot Line is designed to assist organizations to complete the time-critical first phase in responding to a ransomware attack by putting out the fire. Progent's remote ransomware expert can assist businesses to identify and isolate breached servers and endpoints and guard undamaged resources from being compromised. If your network has been breached by any version of ransomware, act fast. Get help quickly by calling Progent's Ransomware Hot Line at 800-462-8800. For details, see Progent's Ransomware 24x7 Hot Line.