The latest Cisco Next-Generation Firewall, the Firepower 2100 Series, has been introduced on February 22, 2017.
The 2100 series is designed for businesses that perform high volumes of sensitive transactions, such as banking and retail, and supports their need to maintain uptime and protect critical business functions and data.
The series aims to end the industry tug of war between performance and protection–with incorporation of a new scalable architecture and improvements of up to 200 percent greater throughput to eliminate bottlenecks – from the Internet edge to the data center.
The new Cisco Firepower 2100 Series provides businesses with the confidence to pursue new digitization opportunities, knowing they have a security architecture designed to protect against the greatest threats, without affecting the performance of critical business functions.
As the industry’s first architecture with dual multicore CPU complexes that accelerate key cryptographic, firewall, and threat defense functions, the 2100s are purpose-built to meet customers’ ongoing protection and performance needs without compromise.
The Cisco Firepower 2100 Series delivers up to 200 percent greater throughput than similarly priced offerings, even when threat inspection is turned on.
“The Cisco Next-Generation Firewalls have been proven to be the most effective on the market, but we also know that businesses everywhere are struggling with a number of factors, including lack of talent and expanding attack surfaces, which can impact the effectiveness of even the best solutions. The New Cisco Firepower 2100 Series addresses these challenges, making it easier for enterprises to manage their architecture and ensure that they have the best performance at all times.”
– David Ulevitch, Vice President and General Manager, Security Business Group, Cisco
The Cisco Firepower 2100 Series appliances can be deployed either as a Next-Generation Firewall (NGFW) or as a Next-Generation IPS (NGIPS). They are perfect for the Internet edge and all the way in to the data center. Four new models are available. Their maximum stateful firewall throughput, ranges from 1.9-8 Gbps.
The 2100 Series addresses mid-market use cases from the Internet edge to the data center. The 2100 Series NGFWs deliver superior threat defense, at faster speeds, with a smaller footprint than their predecessors the ASA-5525-X. ASA 5545-X, ASA 5555-X, ASA 5585-X S10 and FirePOWER 70XX and 71XX appliances.
- The Firepower 2110 and 2120 models offer 1.9 and 3 Gbps of firewall throughput, respectively. They provide increased port density and can provide up to sixteen (16) 1 Gbps ports in a 1 rack unit (RU) form factor.
- The Firepower 2130 and 2140 models provide 5 and 8.5 Gbps of firewall throughput, respectively. These models differ from the others in that they can be customized through the use of network modules, or NetMods. They can provide up to twenty-four (24) 1 Gbps ports in a 1 RU appliance, or to provide up to twelve (12) 10 Gbps ports.
- Firepower 2100 NGFWs uniquely provide sustained performance when supporting threat functions, such as IPS. This is done using an innovative dual multi-core architecture. Layer 2 and 3 functionality is processed on one NPU (Network Processing Unit). Threat inspection and other services are processed on a separate multi-core x86 CPU. By splitting the workload, we eliminate the performance degradation that you see with competing solutions when turning on threat inspection.
A ‘No Compromises’ Security Architecture
Key to the performance sustaining abilities of the Firepower 2100 Series is a dual, multi-core CPU architecture and software optimization that enables:
- Sustained throughput performance when threat functions are enabled vs. competing designs
- Flexibility and future-proofing versus ASIC-based designs that inhibit the ability to add new defenses and functions
- Fast path accelerates flows not requiring threat inspection, further enhancing performance through the appliance
By applying purpose-built processing for the tasks at hand, the Firepower 2100 Series NGFWs optimize performance and threat protection, without burdening network operators to architect around security bottlenecks. This reduces the need to overprovision and fosters deeper inspection levels than otherwise might be possible.
The design employs Intel multi-core CPUs for Layer 7 threat inspections (app visibility, intrusion detection, URL filtering, malware and file inspection, user identity, etc.) and a combination of merchant and a Network Processing Unit (NPU) for layer 2-4 traffic (stateful firewall, NAT, VPN-SSL encryption/decryption, and more.).
Traffic first traverses the NPU, and may be blocked based on access controls, obviating the need to inspect further. Flows requiring advanced inspection are copied and sent to the x86 complex – and flow handling is optimized regarding required inspection services, utilizing security group tags as one method to make this determination. In addition, a ‘fast path’ option allows intelligent re-routing of trusted traffic dynamically.
If it isn’t obvious by now, Cisco Firepower NGFW isn’t just another firewall. Across the entire family – and now the new 2100 Series – Cisco Firepower NGFW combines our effective security architecture with the power of the network for superior business resilience and protection.
Compare Firepower 2100 Models
Firepower 2110 vs. Firepower 2120
Watch the video below to learn more about the various form factors, speeds and feeds, and more.
More Related Topics