Cisco touts next-gen firewall gear for midsize installations
Firepower hardware architecture makes for more efficient processing, fewer bottlenecks
Cisco is coming out with four next-generation firewall boxes aimed at giving smaller organizations protection that is better sized to their needs and engineered to minimize performance hits as additional security services are turned on.
The devices make up a family called the Cisco Firepower 2100 series and are built around dual, multi-core processors. That architecture enables custom processing of traffic requiring threat inspection, and also supports tagging traffic that doesn’t need threat inspection so it flows through only the separate network processing unit.
These features combine to provide ample processing power for services such as IPS and also lighten the total load on that processor by diverting traffic that doesn’t require those services, Cisco says.
The Firepower 2100 series competes against midrange devices made by Check Point, Fortinet and Palo Alto Networks.
Cisco says it doesn’t have numbers yet for how performance is affected when Cisco Advanced Malware Protection and SSL acceleration are turned on. Advertised throughput for the devices ranges from 1.9G to 8.5Gbps.
Management for the new devices can be handled by the onboard Cisco Device Manager, Management Center appliances for managing multiple devices, and Cisco Defense Orchestrator, its cloud-based policy management tool.
The appliances can automate security tasks including assessment, tuning and remediation. Through integration with Cisco’s Threat Intelligence Director, the management center can absorb and act on threat intelligence via third parties that use industry standards for formatting and sending.
The orchestrator can apply individual policies throughout an organization that uses multiple Cisco security products.
Cisco Firepower 2100 Series Next-Generation Firewall starts at $10,995 for the 1.9Gbps 2110 model and ranges upward to $64,995 for the 8.5 Gbps 2140 model.