The latest Cisco Next-Generation Firewall, the Firepower 2100 Series, has been introduced on February 22, 2017.
The 2100 series is designed for businesses that perform high volumes of sensitive transactions, such as banking and retail, and supports their need to maintain uptime and protect critical business functions and data.
The series aims to end the industry tug of war between performance and protection–with incorporation of a new scalable architecture and improvements of up to 200 percent greater throughput to eliminate bottlenecks – from the Internet edge to the data center.
The new Cisco Firepower 2100 Series provides businesses with the confidence to pursue new digitization opportunities, knowing they have a security architecture designed to protect against the greatest threats, without affecting the performance of critical business functions.
As the industry’s first architecture with dual multicore CPU complexes that accelerate key cryptographic, firewall, and threat defense functions, the 2100s are purpose-built to meet customers’ ongoing protection and performance needs without compromise.
The Cisco Firepower 2100 Series delivers up to 200 percent greater throughput than similarly priced offerings, even when threat inspection is turned on.
“The Cisco Next-Generation Firewalls have been proven to be the most effective on the market, but we also know that businesses everywhere are struggling with a number of factors, including lack of talent and expanding attack surfaces, which can impact the effectiveness of even the best solutions. The New Cisco Firepower 2100 Series addresses these challenges, making it easier for enterprises to manage their architecture and ensure that they have the best performance at all times.”
– David Ulevitch, Vice President and General Manager, Security Business Group, Cisco
The Cisco Firepower 2100 Series appliances can be deployed either as a Next-Generation Firewall (NGFW) or as a Next-Generation IPS (NGIPS). They are perfect for the Internet edge and all the way in to the data center. Four new models are available. Their maximum stateful firewall throughput, ranges from 1.9-8 Gbps.
The 2100 Series addresses mid-market use cases from the Internet edge to the data center. The 2100 Series NGFWs deliver superior threat defense, at faster speeds, with a smaller footprint than their predecessors the ASA-5525-X. ASA 5545-X, ASA 5555-X, ASA 5585-X S10 and FirePOWER 70XX and 71XX appliances.
A ‘No Compromises’ Security Architecture
Key to the performance sustaining abilities of the Firepower 2100 Series is a dual, multi-core CPU architecture and software optimization that enables:
By applying purpose-built processing for the tasks at hand, the Firepower 2100 Series NGFWs optimize performance and threat protection, without burdening network operators to architect around security bottlenecks. This reduces the need to overprovision and fosters deeper inspection levels than otherwise might be possible.
The design employs Intel multi-core CPUs for Layer 7 threat inspections (app visibility, intrusion detection, URL filtering, malware and file inspection, user identity, etc.) and a combination of merchant and a Network Processing Unit (NPU) for layer 2-4 traffic (stateful firewall, NAT, VPN-SSL encryption/decryption, and more.).
Traffic first traverses the NPU, and may be blocked based on access controls, obviating the need to inspect further. Flows requiring advanced inspection are copied and sent to the x86 complex – and flow handling is optimized regarding required inspection services, utilizing security group tags as one method to make this determination. In addition, a ‘fast path’ option allows intelligent re-routing of trusted traffic dynamically.
If it isn’t obvious by now, Cisco Firepower NGFW isn’t just another firewall. Across the entire family – and now the new 2100 Series – Cisco Firepower NGFW combines our effective security architecture with the power of the network for superior business resilience and protection.