Cisco is a long-time leader in developing state-of-the-art firewall appliances for the widest possible range of deployments. Cisco's Firepower Next Generation Firewall (NGFW) security appliances provide an advanced firewall platform that combines sophisticed hardware, cloud-based services, and next-generation intrusion protection system (NGIPS) to anticipate, identify, and respond to cyber attacks without manual intervention. Progent's Cisco-certified CCIE-certified firewall consultants can assist you to design and execute a smooth upgrade to Cisco Firepower firewalls from Cisco's from ASA 5500-X, ASA 5500, or PIX firewalls and help you enhance Firepower firewalls with Cisco's security services to build and centrally control IT ecosystems that encompass local offices, data centers, private clouds and public clouds. Progent can also assist you to manage and debug older-generation Cisco security appliances. Progent's certified cybersecurity experts can help you with policy creation and tuning driven by industry best practices so you can establish a consistent cybersecurity profile that applies to all your networked endpoints at any location.
Cisco's Firepower NGFW Firewalls
Cisco's portfolio of Firepower Next-Generation Firewalls deliver advanced protection and unified control at prices, performance levels, and expandability to fit environments spanning home offices and small organizations to major enterprises and service providers. Cisco's Firepower NGFW devices provide a significant performance improvement over Cisco's older security appliances and include unified control of modern cybersecurity capabilities like application visibility, next-generation intrusion protection with intelligent prioritization of risks, advanced malware protection, URL filtering, and multi-node sandboxing.
All Firepower Next-Generation firewalls incorporate a single-pass design and permit continuous analysis and retrospective identification, which allows the firewalls to provide outbreak controls and to pinpoint patient zero. Firepower Next-Generation firewalls also have the option of URL Filtering and subscription-free sandboxing for detecting evasive and sandbox-aware malware, IoCs, and malware artifacts. NGIPS rule tuning and network firewall policy creation are performed automatically, requiring no manual intervention by IT security specialists. All Firepower Next-Generation firewalls give you the choice of using either Firepower Threat Defense (FTD) or Adaptive Security Appliance software. Centralized configuration, logging, system monitoring, and reporting functions can be managed either via Management Center or in the cloud with Cisco Defense Orchestrator.
Cisco Firepower 1000 Series NGFW Firewalls
Firepower NGFW 1000 Series Firewalls are targeted at small businesses, telecommuters, or branch offices. Firewalls in this series deliver improved value vs. corresponding Cisco ASA 5506-X to ASA 5525-X models, providing 4-6X faster firewall speed. Onsite management can be performed using Cisco Firepower Device Manager. These appliances include an integrated 10M/100M/1GBASE-T RJ-45 Ethernet interface for network management, an RJ-45 console port, a USB 3.0 Type-A port, and 200 Gbytes of storage. Active/active and Active/standby high availability is supported as well as VPN load balancing.
Cisco's Firepower 1010 model is a desktop, quiet appliance that delivers 890 Mbps performance, AVC, and Next Generation Intrusion Prevention System. The firewall features 8 integrated RJ-45 I/O interface ports, two of them POE+ capable. IPsec VPN throughput is 400 Mbps and the device supports 100K concurrent sessions, 6,000 new connections per second, and a maximum of 75 VPN peers. The Firepower 1120 firewall is a 1RU rack device that provides firewall throughput of 2.3 Gbps. The appliance features 8 RJ45 integrated I/O interfaces and four SFP interfaces. IPsec VPN throughput is 1.2 Gbps and the appliance supports 200K concurrent sessions, 15,000 new connections per second with Application Visibility/Control (AVC), and up to 150 VPN peers.
The Firepower 1140 model firewall is a 1RU appliance that offers firewall throughput of 3.3 Gbps. The firewall includes 8 built-in RJ-45 interfaces and 4 SFP interface ports. IPsec VPN performance is 1.4 Gbps and the appliance supports 400K concurrent sessions, 22K new connections per second with Application Visibility/Control, and as many as 400 VPN peers. The Firepower 1150 model firewall is a 1RU appliance that offers firewall throughput of 5.3 Gbps. The firewall includes 8 built-in RJ-45 ports, two SFP interfaces, and two 10G SFP+ ports. IPsec VPN performance is 2.4 Gbps and the appliance supports 600K concurrent sessions, 28,000 new connections/second, and a maximum of 800 VPN peers.
Cisco Firepower 2100 Series NGFW Firewalls
Cisco's Firepower 2100 Series Next-Generation Firewalls are single-rack units intended for deployment at the data center. Appliances in this series have a dual multicore CPU design that allows them to offer 3-6X faster performance than Cisco ASA 5545-X to ASA 5555-X models they are engineered to succeed. Local management can be done with Firepower Device Manager. All Firepower 2100 Series Next-Generation Firewalls include 12 RJ45 ports and four SFP interfaces. These firewalls include one build-in 10M/100M/1GBASE-T RJ-45 Ethernet port for network management, an RJ-45 console interface, and one USB 2.0 Type-A connection. High availability is supported as well as virtual private network load balancing.
Cisco's Firepower 2110 model firewall features 4 built-in 1 Gb SFP Ethernet interface ports and 100 GB of storage. The 2110 delivers 2.6 Gbps firewall performance and 800 Mbps IPsec VPN performance and supports 1 million concurrent sessions, 18,000 new connections per second, and a maximum of 1,500 VPN peers. Cisco's Firepower 2120 firewall has 12 built-in 10M/100M/1GBASE-T Ethernet RJ-45 interfaces, four built-in 1G SFP Ethernet interfaces, and 100 GB of storage. The 2120 delivers 3.4 Gbps firewall throughput and 1 Gbps IPsec VPN performance and allows 1.5 million concurrent sessions, 28,000 new connections per second and up to 3,500 VPN peers.
Cisco's Firepower 2130 model firewall features 4 built-in 10 G SFP+ interface ports and 200 GB of storage. The unit also accepts a network module with 8 additional ports. The Firepower 2130 delivers 5.4 Gbps firewall throughput and 1.9 Gbps IPsec VPN performance and supports two million simultaneous sessions, 30,000 new connections/second, and as many as 7,500 VPN peers. Cisco's top-of-the-line Firepower 2140 firewall includes 4 built-in 10G SFP+ interface ports and 200 GB of storage. The unit also scales via a network module with eight additional interfaces for a total of 24 Ethernet interface ports. The 2140 offers 10.4 Gbps firewall throughput and 3.6 1Gbps IPsec VPN throughput and allows 3 million simultaneous, 57,000 new connections/second, and a maximum of 10,000 VPN peers. Both the 2130 and 2140 units have the option of dual AC or DC power supplies.
Cisco Secure Firewall 3100 Series
Cisco's 3100 Firewall Series models are modular 1RU devices designed for large companies who require performance, high port density, and zero-trust cybersecurity at the Internet edge, the corporate data center, or a private cloud. For maximum availability, all Secure Firewall 3100 Series models allow 8-device clustering and work in either Active/active or Active/standby mode. The appliances can run Cisco's ASA or Firewall Threat Defense (FTD) software. Built-in I/O for each unit includes eight 10M/100M/1GBASE-T interfaces (RJ-45) and 8 1/10 Gigabit Ethernet ports. Plug-in network modules support 1/10/25/40G options and all models have 900 GB of storage plus a spare storage slot.
Cisco's Secure Firewall 3105 model offers 10 Gbps firewall throughput and 5.5 Gbps IPsec VPN throughput. The 3105 allows 1.5 million concurrent sessions, 90,000 new connections/second, and as many as 2,000 VPN peers. Cisco's Secure Firewall 3110 device offers 10 Gbps firewall performance and 8 Gbps IPsec VPN throughput. The 3110 allows two million concurrent sessions, 130,000 new connections/second, and as many as 3,000 VPN peers. Cisco's 3120 Firewall model delivers 21 Gbps firewall throughput and up to 10 Gbps IPsec VPN performance. The 3120 allows 4 million simultaneous sessions, 170,000 new connections/second, and a maximum of 7,000 VPN peers. Cisco's Secure Firewall 3130 device offers 42 Gbps firewall performance and 14 Gbps IPsec VPN throughput. The 3130 supports 6 million simultaneous sessions, 200K new connections/second, and as many as 15,000 VPN peers. The 3130 model has eight 1/10/25G SFP+ interface ports. Cisco's 3140 Firewall model offers 49 Gbps firewall performance and 17 Gbps IPsec VPN throughput. The 3140 firewall supports 10 million simultaneous sessions, 200K new connections/second, and a maximum of 20K VPN peers. The 3140 model includes eight 1/10/25G SFP+ interfaces.
Cisco Firepower 4100 Series NGFW Firewalls
Cisco's Firepower 4100 Series Next-Generation Firewalls are 1RU units designed for deployment at the Internet edge or high-performance data centers. Firewalls in this series offer 5-10X faster performance than the Cisco ASA 5585-X firewall they are engineered to succeed. Local management can be performed with Cisco Firepower Device Manager. All Firepower 4100 Series NGFW Firewalls have 8 built-in SFP+ interfaces and all can be expanded with a selection of add-in network modules for a maximum of 24 ports. All Firepower 4100 Series NGFW Firewalls support virtual private network load balancing, high availability, and clustering of as many as six chassis. These devices include an integrated 1 Gigabit Ethernet interface for network management, one RJ-45 console port, and one USB connection.
Cisco's Firepower 4110 model firewall includes 200 GB of storage and offers 13 Gbps firewall throughput and 6 Gbps IPsec VPN throughput. The 4110 model allows 10 million simultaneous sessions, 64K new connections/second, and as many as 10K VPN peers. Cisco's Firepower 4112 firewall features 400 GB of storage and delivers 19 Gbps firewall performance and 8.5 Gbps IPsec VPN performance. The 4112 firewall supports 10 million concurrent sessions, 98K new connections per second, and a maximum of 10,000 VPN peers. Cisco's Firepower 4115 firewall features 400 GB of storage and offers 33 Gbps firewall throughput and 8 Gbps IPsec VPN performance. The 4115 unit allows 15 million concurrent sessions, 210K new connections/second, and up to 15,000 VPN peers. Cisco's Firepower 4120 device comes with 200 GB of storage and delivers 22 Gbps firewall performance and 19 Gbps IPsec VPN throughput. The 4120 firewall allows 15 million concurrent sessions, 118K new connections per second, and as many as 15,000 VPN peers. Cisco's Firepower 4125 device includes 800 GB of storage and offers 45 Gbps firewall performance and 19 Gbps IPsec VPN throughput. The 4125 unit allows 25 million simultaneous sessions, 269K new connections per second, and a maximum of 20K VPN peers.
The Firepower 4140 firewall has 400 GB of storage and offers 32 Gbps firewall throughput and 13 Gbps IPsec VPN performance. The 4140 firewall allows 25 million concurrent sessions, 172K new connections per second, and as many as 20K VPN peers. Cisco's more recent Firepower 4145 firewall comes with 800 GB of storage and offers 53 Gbps firewall performance and 24 Gbps IPsec VPN throughput. The 4145 unit supports 30 million concurrent sessions, 365K new connections per second, and up to 20K VPN peers. The Cisco Firepower 4150 firewall has 400 GB of storage and delivers 45 Gbps firewall throughput and 14 Gbps IPsec VPN performance. The 4150 firewall supports 30 million simultaneous sessions, 263K new connections per second, and a maximum of 20K VPN peers.
Cisco Secure Firewall 4200 Series
Cisco's Secure Firewall 4200 Series appliances are modular single rack units intended for deployment at large enterprise campuses and data centers that require best-in-class throughput, visibility, and scalability. Cisco's Secure Firewall 4200 Series appliances offer over double the performance of prior generation firewalls from Cisco and feature high port density. Up to 8 chassis can be clustered for fault tolerance and future expansion. Crypto accelerator allows traffic decryption in real time, and zero trust application access can provide deep threat inspection for apps. 4200 Series appliances can be managed locally by the Firewall Management Center or in the cloud using Cisco Defense Orchestrator. Every 4200 firewall includes eight 1/10/25 Gigabit Ethernet on-chassis interfaces and has two module slots for rapid upscaling. As many as 24 Ethernet connections are possible. Every firewall device includes 1.8 TB x 2 storage.
Cisco's Secure Firewall 4215 product is intended for large enterprise campuses with strong growth potential. The 4215 offers 90 Gbps firewall stateful inspection performance and 45 Gbps max IPsec VPN performance. The 4215 allows 15 million simultaneous firewall connections, 350 K new connections each second, and as many as 20,000 VPN peers. Cisco's Secure Firewall 4225 appliance is intended for large enterprise data centers. The model offers 95 Gbps firewall throughput and 80 Gbps IPsec VPN throughput. The 4225 firewall can handle 30 million simultaneous firewall connections, 600 K new connections each second, and as many as 25,000 VPN peers. The Secure Firewall 4245 appliance is intended for service providers who need to handle a very high volume of traffic. Cisco's 4245 offers 180 Gbps firewall throughput and 140 Gbps IPsec VPN performance. The 4245 can support 60 million concurrent firewall connections, 800 K new connections each second, and as many as 30,000 VPN peers.
Cisco Firepower 9300 Series Next-Generation Firewalls
Cisco's Firepower 9300 Series Next-Generation Firewalls are massively scalable and carrier-grade firewalls. The 3 Rack Units enclosure of Firepower 9300 Next-Generation Series firewalls can hold two add-in network modules and three security modules. Fully loaded, the Firepower 9300 can hold 24 10G SFP+ network interfaces or eight 100G ports. Clustering of up to five chassis delivers a total 1.2 Tbps of firewall throughput. The top-of-the-line Cisco Firepower 9300 SM-56 x 3 provides 235 Gbps firewall throughput and 27 Gbps IPsec VPN throughput. The unit allows 195 million concurrent sessions, 4.75 M new connections per second, and up to 20,000 VPN peers.
Cisco's Firepower Services
Cisco's Firepower Next Generation firewalls work with software or physical modules that enable Cisco's Firepower Services, which offer layered protection against multi-vector attacks. Cisco's Firepower Services are powered by technology acquired by Cisco from Sourcefire. Major features of Firepower Services include:
Simpler implementations of Cisco's Firepower NGFW security appliances can be efficiently managed via Cisco's on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based tool included with all NGFW firewall models. ASDM provides an easy-to-use web console for deploying, administering, and debugging NGFW firewalls and service modules.
For more complex environments, NGFW appliances with Firepower Services can be managed with Cisco's Firepower Management Center, implemented as one or more physical or virtual devices. Cisco's Firepower Management Center provides unified firewall management, Application Visibility and Control, advanced IPS, URL filtering, and Advanced Malware Protection (AMP). Due to frequent rebranding since Cisco's acquisition of Sourcefire Defense Center, Cisco's Firepower Management Center has been offered under several names that include Defense Center, FireSIGHT Defense Center, and FireSIGHT Management Center.
Cisco's Firepower Management Center appliance offers capabilities unavailable with Cisco's on-box ASDM tool. Extra capabilities include expanded context awareness, Cisco's Advanced Malware Protection with remediation for client devices, a console that provides dynamic network infrastructure visualization, automated policy optimization based on risk evaluation of attacks, comprehensive IPS, custom application discovery for Application Visibility and Control, customized health notifications, improved reporting options, and APIs for host input and databases. Hardware-dependent capabilities such as clustering, stacking, switching, routing, VPN, and NAT must be handled using either the on-device ASDM or the Firepower command line interface.
Progent's Migration Support for Cisco Next Generation Firewalls
Because Cisco has stopped offering the PIX and ASA 5500 families of firewalls, many businesses are uncomfortable with depending on a critical security component that might no longer be supported by Cisco. Firepower Series firewalls offer the advantage of being current devices and also bring multiple technical and budgetary advantages in comparison to legacy firewalls. These advantages include substantially better performance, optional Secure Sockets Layer VPN support, and an expandable design that protects your investment by allowing you to add more security features when and if you require them. Progent's Cisco certified network engineers can help your company to determine the business value of for migrating from PIX 500 or ASA 5500 security appliances, create a migration process that allows for a quick and seamless changeover, help you to configure new Firepower Series firewalls, and provide online, consulting, and technical support services.
Additional Ways Progent Can Support Your Cisco Firewalls
Cisco's Firepower Next-Generation Series firewalls incorporate an array of setup, tracking, and analysis features which give you the ability to set up these security appliances to match your business requirements. Progent's CCIE certified network experts can assist you to configure and support a cost-effective infrastructure that incorporates Cisco firewalls and that offers world-class protection, fault tolerance, throughput, and manageability. Progent's GISA and CISSP-ISSP-certified IS security engineers can help your business to create a security strategy that makes sense for your business and can configure your PIX or ASA firewall to enforce your security strategy. Progent's security assessment experts can assess the effectiveness of your existing firewall deployment and validate the security of your whole IT network. Progent's Technical Response Center (TRC) can provide emergency online technical support for Cisco products and can give you fast access to a Cisco CCIE network engineer.
Progent can provide remote or on-premises support and is available for occasional guidance to help you with a stubborn IT impasse or Progent offers end-to-end project management and co-management support to ensure your firewall initiative is completed on schedule and on budget.
To see additional information about Progent's professional expertise for Cisco technology, choose a topic: