The New Threat-Centric Firepower 9300 & Firepower 4100 Series Platforms

Service providers have told us that APIs are no longer enough. Security services integration is too costly, and the efficacy is inadequate.

Until now, service providers’ only viable security approach has been the deployment of scalable point solutions. This approach limits integration, leaving gaps in threat visibility and correlation. Furthermore, disparate security appliances hinder the dynamic protection of workloads and data flows as they traverse physical, virtual, and cloud topologies.

Cisco reimagines service provider security by integrating its own security services and those of its partners. With intelligent service stitching, the capability helps optimize both threat defense and network performance. This approach supports the full realization of open and programmable networks. Security policies consistently follow data flows and workloads across the network fabric.

Security is central to the Cisco Evolved Programmable Network architecture for service providers (Figure1). The architecture protects data and availability for service providers and their customers.

As well, Cisco’s rapid provisioning makes new security services practical to deploy. Security thus becomes a value-added strategic business differentiator.

Figure1.The Cisco Service Provider Architecture

Our unique threat-focused approach is available with the Cisco Firepower 9300 Security Appliance and the Cisco Firepower 4100 Series high-performance carrier-class platforms. Both platforms can deliver multiple Cisco security services, including the Cisco ASA firewall, Cisco Firepower next-generation firewall, Cisco next-generation IPS (NGIPS), and Cisco Advanced Malware Protection (AMP). The platforms can support the Cisco Firepower Threat Defense or the ASA software image and the Radware DefensePro distributed-denial-of-service mitigation capability.

Transforming Best-in-Class Solutions

Deploying point solutions has been critical to fulfilling service-level agreements. However, this approach relies on manual and inefficient processes (Figure2).

Figure2. Previous Approach with Point Solutions

Our Unique Approach

Figure3. Tight Integration and Intelligent Service Stitching

Cisco’s threat-centric security approach tightly integrates security services beyond APIs across physical, virtual, and cloud topologies (Figure4).

Figure4. Integration Protection Across the Network Fabric

With Cisco’s approach, costs are lowered and the operations of service providers and their customers are protected with scalable, dynamic, and threat-centric security.

Cisco Firepower 9300 is a carrier-class platform that scales with security modules to meet business needs. It provides:

• Performance that is 600 percent higher and a port density 30 percent greater than the Cisco ASA 5585-X Adaptive Security Appliance

• Terabit backplane and high power efficiency

• Low latency and high efficiency through intelligent service stitching of multiservice and multivendor (Cisco and third-party) security applications

• Swappable application-blade architecture for flexible configuration and easy performance scaling

• 10, 40, or 100 Gigabit Ethernet

Cisco Firepower 4100 Series carrier-class platforms deliver:

• Performance that is 200 percent higher and a port density 30 percent greater than the Cisco ASA 5585-X Adaptive Security Appliance

• High efficiency through intelligent service stitching of multiservice and multivendor (Cisco and third-party) security applications

• 10 or 40 Gigabit Ethernet (GE) I/O Next Steps

Reference from https://www.cisco.com/c/dam/en/us/products/collateral/security/firepower-9300-security-appliance/at-a-glance-c45-734810.pdf

More info

http://d2zmdbbm9feqrf.cloudfront.net/2016/anz/pdf/BRKSEC-2020.pdf

More Cisco Security & Firewall Topics

Cisco’s High-end Next Generation Firewalls-Firepower 4100 and 9300 Series

Cisco Firepower 9300 Introduced to Service Providers

The Most Common NGFW Deployment Scenarios

Migration to Cisco NGFW

The New Cisco Firepower 2100 Series

Why Migrate to the Cisco Catalyst 2960-X/XR?

Cisco Catalyst 2960-X/XR , these stackable Gigabit Ethernet Layer 2 and Layer 3 access switches give you enterprise-class features at a great price.

Designed for simplicity, they are easy to deploy, manage, and troubleshoot and offer automated software installation and port configuration. Improvements over previous generations include:

• Better customer and employee experiences through higher performance and improved support for mobility

• Advanced security to handle increasing threats

• Reduced cost and complexity through support for software defined networking (SDN) and innovations in energy efficiency

Without the right switching solutions—the applications, services, and devices you deploy cannot live up to their potential. Digital transformation makes having the right foundation to stay competitive more important than ever before. See the benefits you could be receiving now by comparing the Cisco Catalyst 2960-X and 2960 XR Series to older switches (see table below).

Trends

Features

Previous Access Switches

Latest Access Switches

Benefits

2950 (EOL)

2960G (EOL)

2960 (EOL)

2960-S

2960-X

2960-XR

Scale/ Performance

Switching capacity

13.6 Gbps

32 Gbps

17.6 Gbps

176 Gbps

216 Gbps

216 Gbps

Support gigabit access growth for wired and wireless/802.11ac

Full line rate for all 48 ports

N/A

N/A

√

√

√

√

Gigabit downlinks

N/A

√

N/A

√

√

√

1G/10G uplinks

2x1G

4x1G

2x1G or 4x1G

2x10G or 4x1G

2x10G or 4x1G

2x10G or 4x1G

Stacking bandwidth

N/A

N/A

N/A

40 Gbps 4 members

80 Gbps 8 members

80 Gbps 8 members

PoE/PoE+

N/A

N/A

PoE up to 370W

PoE/PoE+, up to 740W

PoE/PoE+, up to 740W

PoE/PoE+, up to 740W

Easy and rapid deployment of more IP endpoints, supported on all ports

Layer 3 dynamic routing (RIP1 , OSPF2 )

N/A

N/A

N/A

N/A

√

Convenience with Layer 2 and Layer 3 in a single switch

IPv6 ready

N/A

N/A

N/A

√

√

√

Support more traffic through IP address scalability

BYOD/Mobility

NetFlow Lite

N/A

N/A

N/A

N/A

√

√

Superior user experience through application visibility and control

Advanced Security

Cisco TrustSec with SXP3

N/A

N/A

N/A

√

√

√

Orchestrate role based access to corporate resources

Flexible 802.1x authentication

N/A

N/A

N/A

√

√

√

Enable port-based network access control

MACsec4 (hardware ready)

N/A

N/A

N/A

N/A

√

√

For encryption compliance

IPv6 First Hop Security

N/A

N/A

N/A

√

√

√

Protect against IPv6 address theft and malicious attacks

Simplicity and SDN

Smart Install

N/A

N/A

√

√

√

√

Zero-touch configuration and Cisco IOS Software updates when deploying new switches

Auto SmartPorts and Auto QoS

N/A

√

√

√

√

√

Automatically configures interfaces based on the type of device connected

Cross-stack QoS

N/A

N/A

N/A

√

√

√

Simplify operations by propagating QoS settings consistently across the stack

SDN/programmability • Cisco onePK ready

N/A

N/A

N/A

N/A

√

√

Simplicity and business agility

Energy Efficiency

Green features • Switch hibernation • Energy Efficient Ethernet (EEE)

N/A

N/A

N/A

N/A

√

√

Rapid ROI – saved over 50% in annual energy operating costs compared to the industry Average (Source: Miercom report)5

¹RIP – Routing Information Protocol

² OSPF – Open Shortest Path First Protocol

³ SXP – Security Group Tag Exchange Protocol

⁴ MACsec – IEEE Media Access Control Security Standard

⁵ http://miercom.com/pdf/reports/20131112.pdf

Box Contents-Cisco Catalyst 2960-X/XR

1	Catalyst 2960-X switch1 or Catalyst 2960-XR switch (power supply modules not shown)	9	Four number-10 Phillips pan-head screws (48-0627-01)
2	AC power cord	10	Four number-8 Phillips flat-head screws (48-2927-01) for Catalyst 2960-X switches Eight number-8 Phillips flat-head screws (48-2927-01) for Catalyst 2960-XR switches
3	Four rubber mounting feet	11	Two number-4 pan-head screws (48-0482-01)3
4	Documentation	12	One black Phillips machine screw (48-0654-01)
5	Two 19-inch mounting brackets	13	(Optional)2 Console cable or USB cable
6	Connector3 cover for redundant power system	14	(Optional)2 Cisco FlexStack-Plus module 4
7	Cable guide	15	(Optional)2 4Cisco FlexStack cable
8	Four number-12 Phillips pan-head screws (48-0523-01)	16	(Optional) 2Power cord retainer (PWR-CLP)

¹ Catalyst 2960X-48FPD-L switch is shown for example. Your switch model might look different.

² Item is orderable.

³ Item is only available for models that have an RPS port.

⁴ Item is available only for switches with a FlexStack-Plus port.

From http://www.cisco.com/c/dam/en/us/products/collateral/switches/catalyst-2960-x-series-switches/feature-comparison-c83-731053.pdf

More Related

Cisco’s New ‘Light Switch’-The Catalyst Digital Building Series

With Cisco Compact Switches You Can…

Cisco Catalyst 2960-X/XR vs. Catalyst 3650 vs. Cisco 3850 Series