Cisco is developing its Next-Generation Firewalls, which can give you unprecedented threat defense. These Next-Generation Firewalls can help all kinds of organizations and businesses to build safer networks.
A next-generation firewall must include:
- Standard firewall capabilities like stateful inspection
- Integrated intrusion prevention
- Application awareness and control to see and block risky apps
- Upgrade paths to include future information feeds
- Techniques to address evolving security threats
The Cisco’s Next-Generation Firewalls (NGFW) has three main families: Cisco ASA with FirePOWER Services, Cisco Firepower 9000 Series and Firepower 4100 Series.
We talked about the Cisco ASA with FirePOWER Services and Cisco Firepower 9300 Series before. More details you can read these topics: Cisco Firepower 9300 Introduced to Service Providers, NGFW-Cisco ASA with FirePOWER Services.
So in this article we will share some main information and reviews about the Cisco’s new Next-Generation Firewalls. Yes, the Cisco Firepower Next-Generation Firewall.
How to find the best next-generation firewall for you?
Cisco ASA with FirePOWER Services
- Small business, branch office, enterprise
- Firewall throughput from 256 Mbps to 15 Gbps
- Threat inspection from 125 Mbps to 30 Gbps
- Stateful firewall, AVC, NGIPS, AMP, URL
Compare Models: Cisco ASA 5500-X Series Next-Generation Firewalls
More about the Compare Models-Cisco ASA 5500-X Series with FirePOWER Services and ASA 5585-X Series with FirePOWER Services you can visit here http://www.cisco.com/c/en/us/products/security/asa-firepower-services/models-comparison.html
Cisco Firepower 4100 Series, Better Security, Faster Speeds, Smaller Footprint
The Cisco Firepower 4100 Series is a family of four threat-focused NGFW security platforms. There are three main Firepower 4100 Models: Firepower 4110, Firepower 4120 and Firepower 4140.
Their maximum throughput ranges from 20 to more than 60 Gbps, addressing use cases from the Internet edge to the data center. They deliver superior threat defense, at faster speeds, with a smaller footprint.
Cisco Firepower 9000 Series, Modular Security Platform for Service Providers
The Cisco Firepower 9300 is a scalable (beyond 1Tbps), carrier-grade, modular platform designed for service providers, high-performance computing centers, data centers, campuses, high-frequency trading environments, and more that require low (less than 5-microsecond offload) latency and exceptional throughput. Cisco Firepower 9300 supports flow-offloading, programmatic orchestration, and management of security services with RESTful APIs.
It is also available in NEBS- compliant configurations.
The Main Firepower 9300 Models
- 1.2 Tbps clustered throughput
- 10/40/100 Gb Network Interfaces
- 57 million concurrent connections, with application control
- 500,000 new connections per second
- Security services options: AVC, NGIPS, AMP, URL Filtering, DDos Mitigation
The following table summarizes the performance highlights of the Cisco Firepower NGFW 4100 Series and 9300 Series.
|Cisco Firepower Model|
|Features||4110||4120||4140||41501||9300 with 1 SM-24 Module||9300 with 1 SM-36 Module||9300 with 3 SM-36 Modules|
|Maximum firewall throughput (ASA)||20 Gbps||40 Gbps||60 Gbps||–||75 Gbps||80 Gbps||225 Gbps|
|Maximum throughput FW + AVC (Firepower Threat Defense)2||12 Gbps||20 Gbps||25 Gbps||–||25 Gbps||35 Gbps||100 Gbps|
|Maximum throughput: FW + AVC + NGIPS (Firepower Threat Defense)2||10 Gbps||15 Gbps||20 Gbps||–||20 Gbps||30 Gbps||90 Gbps|
1 Cisco Firepower 4150 is scheduled for release in the first half of 2016; specifications to be announced
2 HTTP sessions with average packet size of 1024-bytes
Cisco Firepower 4100 Series and Firepower 9300 NGFW appliances use the Cisco Firepower Threat Defense software image. Alternatively, these appliances can support the Cisco Adaptive Security Appliance (ASA) software image. The Cisco Firepower Management Center (formerly FireSIGHT) provides unified management of the Cisco Firepower NGFW, as well as Cisco Firepower NGIPS and Cisco AMP. Also available, on select Cisco Firepower appliances, and direct from Cisco, is the Radware DefensePro distributed denial of service (DDoS) mitigation capability.
More data sheet info of Cisco Firepower Next-Generation Firewall: the Cisco Firepower NGFW 4100 Series and 9300 appliances, such as the Performance Specifications and Feature Highlights, Firepower 4100 and Firepower 9300 Series Hardware Specifications, and Ordering Information you can read at http://www.cisco.com/c/en/us/products/collateral/security/firepower-4100-series/datasheet-c78-736661.html