Cisco Firewalls: Advanced Security Solutions for You

Cisco is the world and industry leader in delivering state-of-the-art firewalls for the widest possible variety of environments. Cisco’s Firepower Next Generation Firewall (NGFW) security appliances provide an advanced firewall solution that combines sophisticated hardware, cloud-based services, and next-generation intrusion protection system (NGIPS) to block, discover, and respond to cyber-attacks without manual intervention. Proteus’s Cisco-certified CCIE-certified firewall consultants can help your organization to design and carry out an efficient upgrade to Firepower Series firewalls from Cisco’s from ASA 5500-X, ASA 5500, or PIX firewalls and help you integrate Firepower firewalls with Cisco’s subscription-based security services to create and centrally control IT environments that span local offices, data centers, and cloud resources. Proteus can also help you to manage and troubleshoot older-generation Cisco firewalls. Proteus’s certified cybersecurity experts can help you with policy creation and

tuning driven by industry best practices so you can establish a consistent and effective cybersecurity posture

across all your networked endpoints anywhere.

Cisco’s Firepower Next Generation Firewalls

Cisco’s family of Firepower Next-Generation Firewalls deliver modern security and centralized control at price points, speed, and expandability suitable for deployments spanning home offices and small organizations to global enterprises and Internet service providers. Cisco’s Firepower NGFW appliances provide a significant performance improvement compared to Cisco’s previous-generation firewalls and offer centralized management of advanced cybersecurity capabilities like application visibility and control (AVC), next-generation intrusion protection with intelligent prioritization of risks, advanced malware protection, DDoS mitigation, and multi-node sandboxing.

All Firepower Next-Generation firewalls have a single-pass design and permit continuous inspection and retrospective detection, which makes it possible to initiate outbreak management and to uncover patient zero. Firepower NGFW firewalls also offer URL Filtering and sandboxing for detecting evasive and sandbox-aware malware, actionable event correlations, and malware artifacts. Next-Generation IPS rule tuning and network firewall policy are automated, requiring no time-consuming intervention by cybersecurity specialists. All Firepower Next-Generation firewalls offer the choice of running either Cisco Firepower Threat Defense (FTD) or Cisco Adaptive Security Appliance (ASA) software. Centralized deployment, logging, system monitoring, and reporting functions can be controlled either via Management Center or in the cloud with Cisco Defense Orchestrator.

Cisco Firepower 1000 Series NGFW Firewalls

Firepower Next-Generation 1000 Series and Cisco’s Firepower Next-Generation 1000 Series Firewalls are targeted at small businesses, home offices, or branches. Appliances in this series offer improved value vs. comparable Cisco ASA 5506-X to ASA 5525-X models, providing 4-6X faster firewall throughput. Onsite management can be done with Cisco Firepower Device Manager. These appliances include a built-in 10M/100M/1GBASE-T RJ-45 Ethernet port for management, an RJ-45 console port, a USB connection, and 200 GB of storage. Active/active and Active/standby high availability is supported along with VPN load balancing.

Cisco’s Firepower 1010 model is a desktop, quiet device that delivers 890 Mbps performance, Application Visibility/Control, and NGIPS. The unit has eight built-in RJ-45 I/O interface ports, two of them POE+ capable. IPsec VPN throughput is 400 Mbps and the device supports 100K simultaneous sessions, 6,000 new connections per second, and a maximum of 75 VPN peers. The Firepower 1120 firewall is a 1RU appliance that provides firewall performance of 2.3 Gbps. The unit features eight RJ45 built-in I/O ports and four SFP interface ports. IPsec VPN performance is 1.2 Gbps and the unit allows 200K concurrent sessions, 15,000 new connections per second with Application Visibility/Control (AVC), and a maximum of 150 VPN peers.

The Firepower 1140 firewall is a 1RU rackmount appliance that offers firewall throughput of 3.3 Gbps. The firewall comes with 8 integrated RJ-45 interfaces and 4 SFP ports. IPsec VPN performance is 1.4 Gbps and the appliance allows 400K simultaneous sessions, 22K new connections per second with Application Visibility/Control, and up to 400 VPN peers. The Firepower 1150 model firewall is a 1RU appliance that offers firewall throughput of 5.3 Gbps. The appliance includes eight built-in RJ-45 interface ports, two SFP ports, and two 10G SFP+ ports. IPsec VPN throughput is 2.4 Gbps and the appliance supports 600K concurrent sessions, 28,000 new connections per second, and as many as 800 VPN peers.

Cisco Firepower 2100 Series NGFW Firewalls

Cisco Firepower 2100 Series Next-Generation and Cisco’s Firepower 2100 Series NGFW Firewalls are 1RU rack appliances designed for operation at the Internet edge or the data center. Appliances in this line have a dual multicore processor architecture that allows them to offer 3-6X higher throughput than Cisco ASA firewalls they are engineered to replace. Onsite management can be done with the Firepower Device Manager. All Firepower 2100 Series Next-Generation Firewalls incorporate 12 RJ45 interfaces and four SFP ports. These firewalls include one integrated 10M/100M/1GBASE-T RJ-45 Ethernet port for management, an RJ-45 console interface, and one USB interface. Active/standby high availability is supported as well as VPN load balancing.

Cisco’s Firepower 2110 firewall includes 4 built-in 1 Gigabit SFP Ethernet interfaces and 100 GB of storage. The 2110 delivers 2.6 Gbps firewall performance and 800 Mbps IPsec VPN throughput and supports 1 million concurrent sessions, 18,000 new connections per second, and as many as 1,500 VPN peers. Cisco’s Firepower 2120 firewall features 12 built-in 10M/100M/1GBASE-T RJ-45 ports, four integrated 1G SFP Ethernet interfaces, and 100 GB of storage. The 2120 offers 3.4 Gbps firewall throughput and 1 Gbps IPsec VPN performance and permits 1.5 million concurrent sessions, 28,000 new connections per second and as many as 3,500 VPN peers.

Cisco’s Firepower 2130 firewall includes 4 integrated 10 Gb SFP+ interface ports and 200 GB of storage. The 2130 also scales via a network module with eight additional interface ports. The Firepower 2130 offers 5.4 Gbps firewall performance and 1.9 Gbps IPsec VPN throughput and allows 2 million simultaneous sessions, 30,000 new connections per second, and a maximum of 7,500 VPN peers. Cisco’s high-end Firepower 2140 model firewall comes with 4 integrated 10 Gigabit SFP+ interfaces and 200 GB of storage. The 2140 also accepts a network module with 8 additional ports for a total of 24 Ethernet interfaces. The 2140 delivers 10.4 Gbps firewall throughput and 3.6 1Gbps IPsec VPN throughput and allows 3 million simultaneous, 57,000 new connections/second, and a maximum of 10,000 VPN peers. Both the 2130 and 2140 model firewalls feature redundant AC or DC power supplies.

Cisco 3100 Firewall Series

Cisco Secure Firewall 3100 Series and Cisco’s 3100 Firewall Series models are modular single-rack devices targeted at enterprises who need throughput, high port count, and zero-trust security at the Internet edge, the data center, or a private cloud. For maximum availability, all Secure Firewall 3100 Series appliances support 8-device clustering and operate in either Active/active or Active/standby mode. The units can run Cisco’s ASA or FTD software. Integrated I/O for each model includes 8 10M/100M/1GBASE-T Ethernet interface ports (RJ-45) and 8 1/10 Gigabit Ethernet interfaces. Plug-in network modules offer 1/10/25/40G expansion, and all versions come with 900 GB of storage plus an additional storage slot.

Cisco’s 3105 Firewall device offers 10 Gbps firewall performance and 5.5 Gbps IPsec VPN performance. The 3105 supports 1.5 million simultaneous sessions, 90,000 new connections per second, and a maximum of 2,000 VPN peers. Cisco’s Secure Firewall 3110 model delivers 10 Gbps firewall performance and 8 Gbps IPsec VPN throughput. The 3110 supports two million simultaneous sessions, 130,000 new connections/second, and as many as 3,000 VPN peers. Cisco’s Secure Firewall 3120 model delivers 21 Gbps firewall performance and 10 Gbps IPsec VPN throughput. The 3120 allows 4 million concurrent sessions, 170,000 new connections/second, and as many as 7,000 VPN peers. Cisco’s Secure Firewall 3130 device delivers 42 Gbps firewall performance and up to 14 Gbps IPsec VPN throughput. The 3130 supports 6 million simultaneous sessions, 200K new connections per second, and up to 15,000 VPN peers. The 3130 includes 8 1/10/25G SFP+ interfaces. Cisco’s Secure Firewall 3140 device delivers 49 Gbps firewall throughput and up to 17 Gbps IPsec VPN performance. The 3140 firewall allows 10 million simultaneous sessions, 200K new connections per second, and as many as 20K VPN peers. The 3140 model has 8 1/10/25G SFP+ interfaces.

Cisco Firepower 4100 Series NGFW Firewalls

Cisco Firepower 4100 Series NGFW Firewalls and Cisco’s Firepower 4100 Series Next-Generation Firewalls are single-rack appliances designed for deployment at the Internet edge. Appliances in this series deliver 5-10X higher performance than the Cisco ASA 5585-X device they are designed to succeed. Local management can be done with the Firepower Device Manager. All Firepower 4100 Series Next-Generation Firewalls include 8 integrated SFP+ interfaces and all can be expanded with a selection of add-in network modules for a maximum of 24 interfaces. All Firepower 4100 Series Next-Generation Firewalls support virtual private network load balancing, Active/standby high availability, and clustering of up to six chassis. These security appliances feature an integrated 1 Gigabit Ethernet port for network management, an RJ-45 console interface, and one USB 2.0 interface.

The Firepower 4110 model firewall comes with 200 GB of storage and offers 13 Gbps firewall throughput and 6 Gbps IPsec VPN performance. The 4110 model supports 10 million concurrent sessions, 64K new connections per second, and a maximum of 10K VPN peers. Cisco’s Firepower 4112 firewall has 400 GB of storage and delivers 19 Gbps firewall performance and 8.5 Gbps IPsec VPN performance. The 4112 firewall allows 10 million simultaneous sessions, 98K new connections/second, and as many as 10,000 VPN peers. Cisco’s more recent Firepower 4115 model firewall features 400 GB of storage and offers 27 Gbps firewall performance and 8 Gbps IPsec VPN throughput. The 4115 unit supports 15 million concurrent sessions, 200K new connections per second, and as many as 15,000 VPN peers. Cisco’s Firepower 4120 appliance features 200 GB of storage and offers 22 Gbps firewall throughput and 19 Gbps IPsec VPN throughput. The 4120 unit allows 15 million simultaneous sessions, 118K new connections per second, and as many as 15,000 VPN peers. Cisco’s more recent Firepower 4125 model has 800 GB of storage and offers 40 Gbps firewall performance and 14 Gbps IPsec VPN performance. The 4125 firewall allows 25 million concurrent sessions, 265K new connections per second, and a maximum of 20K VPN peers.

The Firepower 4140 firewall has 400 GB of storage and delivers 32 Gbps firewall performance and 13 Gbps IPsec VPN throughput. The 4140 firewall allows 25 million concurrent sessions, 172K new connections per second, and as many as 20K VPN peers. Cisco’s more recent Firepower 4145 appliance includes 800 GB of storage and offers 53 Gbps firewall throughput and 18 Gbps IPsec VPN throughput. The 4145 firewall supports 30 million simultaneous sessions, 350K new connections per second, and a maximum of 20K VPN peers. Cisco’s Firepower 4150 firewall comes with 400 GB of storage and delivers 45 Gbps firewall throughput and 14 Gbps IPsec VPN throughput. The 4150 unit allows 30 million concurrent sessions, 263K new connections/second, and a maximum of 20K VPN peers.

Secure Firewall 4200 Series

Cisco Secure Firewall 4200 and Cisco’s Secure Firewall 4200 Series devices are expandable single rack units intended for use at enterprise campuses and data centers that require best-in-class throughput, manageability, and scalability. Cisco’s Secure Firewall 4200 Series devices deliver more than double the performance of previous generation firewalls from Cisco and feature high port density. Up to 8 units can be clustered for fault tolerance and scale. Crypto accelerator allows traffic decryption in real time, and zero trust application access can provide comprehensive threat inspection for apps. 4200 Series appliances can be managed locally via the Firewall Management Center or in the cloud using Cisco Defense Orchestrator. Each 4200 firewall comes with 8x 1/10/25 Gigabit Ethernet (SFP28) integrated interfaces and has two module slots for rapid upscaling. Up to 24 Ethernet interfaces are supported. Each firewall model comes with 1.8 TB x 2 storage.

Cisco’s Secure Firewall 4215 product is intended for large enterprise campuses with strong growth potential. The 4215 offers 90 Gbps firewall performance and 50 Gbps IPsec VPN throughput. The 4215 can handle 15 million concurrent firewall connections, 1.4 M new connections each second, and up to 20,000 VPN peers. Cisco’s Secure Firewall 4225 device is built for large enterprise data centers. The appliance offers 95 Gbps firewall performance and 60 Gbps max IPsec VPN performance. The 4225 model allows 30 million concurrent firewall connections, 1.7 M new connections each second, and as many as 25,000 VPN peers. The Secure Firewall 4245 model is intended for service providers who support a very high volume of traffic. Cisco’s 4245 offers 180 Gbps firewall performance and 70 Gbps IPsec VPN throughput. The 4245 can support 60 million simultaneous firewall connections, 2.0 M new connections each second, and up to 30,000 VPN peers.

Cisco Firepower 9300 Series Next-Generation Firewalls

Cisco Firepower 9300 Series Next-Generation Firewalls and Cisco’s Firepower 9300 Series NGFW Firewalls are highly scalable and ultra-high performing firewalls. The 3 Rack Units enclosure of Firepower 9300 NGFW Series firewalls can hold two add-in network modules and three security modules. Fully loaded, the Firepower 9300 can support 24 10G Ethernet Enhanced Small Form-Factor Pluggable interfaces or eight 100 Gigabit Ethernet ports. Intrachassis clustering of up to five chassis allows a total of 1.2 Tbps of firewall throughput. The top-of-the-line Cisco Firepower 9300 SM-56 delivers 70 Gbps firewall throughput and 27 Gbps IPsec VPN performance. The 9300 SM-56 allows 35 million simultaneous sessions, 490K new connections per second, and a maximum of 20,000 VPN peers.

Firepower Services

Cisco’s Firepower NGFW firewalls work with software or physical modules that support Cisco’s Firepower Services, which offer layered defense against advanced threats. Cisco’s Firepower Services are powered by technology acquired by Cisco from Sourcefire. Major capabilities of Firepower Services include:

Layered protection against both familiar and new attacks.

Cisco’s Advanced Malware Protection that utilizes big data to find and mitigate intrusions.

A Next-Generation Intrusion Prevention System that performs contextual analysis that looks at clients, network infrastructure, software applications, and content to detect attacks that incorporate multiple approaches.

High-resolution Application Visibility and Control that is aware of thousands of apps and can automatically activate both standard and custom IPS policies based on the degree of threats.

Cisco Firepower Integration Expertise

Firepower Services for NGFW firewalls provide multi-layered threat protection.

Simpler implementations of Firepower Series firewalls can be efficiently managed via Cisco’s on-device Adaptive Security Device Manager (ASDM) Adaptive Security Device Manager, a web-based tool which is provided with all NGFW firewall versions. ASDM includes a simple web dashboard for configuring, managing, and debugging NGFW devices and service modules.

For multi-device and multi-site environments, NGFW appliances with Firepower Services can be managed using Cisco’s Firepower Management Center, available as one or more physical or virtual appliances. Firepower Management Center provides centralized firewall management, Application Visibility and Control, enhanced IPS, URL filtering, and Cisco’s Advanced Malware Protection (AMP). Because of frequent rebranding since Cisco’s purchase of Sourcefire Defense Center, Cisco’s Firepower Management Center has been delivered under several names that include Cisco Defense Center, Cisco Firesight Defense Center, and FireSIGHT Management Center.

Cisco Firepower Management Center Consulting

Cisco Firepower Management Center centralizes event and policy management for Firepower firewalls.

Cisco’s Firepower Management Center appliance offers capabilities unavailable with Cisco’s on-box Adaptive Security Device Manager utility. Additional capabilities include greater context awareness, Advanced Malware Protection with remediation for client devices, a dashboard that offers real-time infrastructure visualization, automated policy tuning driven by risk evaluation of attacks, advanced IPS, custom application discovery for Application Visibility and Control (AVC), customized health alerts, enhanced reporting options, and APIs for host input and database access. Hardware-dependent capabilities like clustering, stacking, switching, routing, VPN, and NAT must be managed using the on-box ASDM or the Firepower command line interface.

Proteus’s Migration Support Services for Cisco Next Generation Firewalls

Because Cisco has discontinued offering the PIX and ASA 5500 product lines, many companies are concerned about relying on a critical security mechanism that may no longer be supported by Cisco. Firepower Series security appliances have the benefit of being new products and offer important functions and economic advantages in comparison to legacy firewalls. These benefits include significantly better throughput, optional SSL VPN capability, and an expandable design that guards your investment by allowing you to add new security services whenever you need them. Proteus’s Cisco network engineers can help your company to determine the business case for upgrading from PIX 500 or ASA 5500 security appliances, design a migration process that permits a fast and seamless changeover, assist you to install new Firepower NGFW Series appliances, and offer remote training, consulting, and technical support services.

Additional Ways Proteus Can Support Your Cisco Firewalls

Cisco Firepower Series security appliances incorporate an array of setup, monitoring, and troubleshooting options which give you the ability to set up these security appliances to match your business requirements. Proteus’s CCIE certified network consultants can show you how to build an efficient infrastructure that includes Cisco firewall technology and that provides world-class protection, fault tolerance, throughput, and manageability. Proteus’s GISA and CISSP-ISSP-certified information security experts can assist you to develop a security strategy appropriate for your environment and can set up your security appliance to support your security policies. Proteus’s risk assessment consultants can evaluate the effectiveness of your current firewall deployment and validate the security of your whole IT network. Proteus’s Help Desk support team can deliver emergency online troubleshooting for Cisco products and can give you quick access to a Cisco expert.

Proteus can provide online or on-premises support and can deliver occasional expertise to help your organization resolve a stubborn technical bottleneck or Proteus offers comprehensive project management services to ensure your network security initiative is performed on time and on budget.

To see more information about Proteus’s consulting expertise for Cisco networking products, select a subject:

Introduction to Cisco Consulting Services
Fast and Affordable Online Help from a CCIE Consultant
Cisco ASA 5500-X Firewalls with Firepower: Configuration and Management Expertise
ASA 5500 Firewalls Troubleshooting Services
Cisco PIX 500 Firewall Troubleshooting Expertise
Cisco Routers Consulting Support
Cisco Wireless Network Design Help
Aironet Wireless Access Points Deployment Expertise
Cisco Small Business 100, 300 and 500 Wireless Access Points System Design Services
Catalyst 802.11ax Wi-Fi 6/6E Wireless Access Points Solution Design, Configuration and Troubleshooting Consulting
Cisco Wi-Fi Controllers Support Services
Meraki Wireless APs Engineering Support
Cisco Unified Communications Manager (CUCM or Unified CM) and CallManager Configuration and Technical Support
Cisco VoIP Phones and IP Video Phones Expertise and Cisco Wireless VoIP Phone Solutions
Cisco Jabber Integration Services
Cisco Catalyst Switches Deployment Services
Nexus Switches Deployment Services
Meraki Switches Configuration and Maintenance Expertise
Cisco VPN Integration Expertise
SIP and CUBE Infrastructure Solutions: SIP Trunks and CUBE Integration Consulting
Cisco Duo MFA Two-factor Authentication (2FA) Services for Remote Workers
Design Expertise for Cisco-powered Datacenters.
Data Center Optimization Services for ISPs
Centralized Cloud-based and Hybrid Network Management Techniques for Cisco Environments.

All Firewall products, images and features mentioned in page are trademark of Cisco Systems.