Cisco Rolls Out New Firepower Next-Gen Firewall Series, Bringing High Performance Security Appliances To The Midmarket

Cisco rolled out a new line of Firepower next-generation firewall solutions, aimed at bringing better throughput and protections down to the midmarket.

The Cisco Firepower 2100 Series, launched Wednesday, includes four new next-generation firewall appliances: 2110, 2120, 2130 and 2140. The lower cost models – the 2110 and 2120 – include 1 RU, fixed 16-port 1 GbE connectivity. The 2130 and 2140 models include 1 RU next-generation firewall modularity, up to 24-port 1 GbE and 12-port 10 GbE connectivity.

Dave Stuart, director of product marketing, network security, at Cisco, said the new 2100 Series is focused on bringing ease of deployment, ease of management and performance to the midrange next-generation firewall market. To do that, Cisco has employed a dual multi-core CPU architecture that Stuart said allows for companies to layer on IPS, advanced threat detection and more without sacrificing performance.

[Related: 10 Things You Need To Know About Cisco's Clock Signal Failure And Product Replacement Priorities]

Sponsored post

"This really demonstrates Cisco's ongoing commitment to make security complete and effective. We are now widening the audience of who this applies to both in our partners and in commercial deployments," Stuart said.

The Cisco Firepower next-generation firewall line is not included in the list of security appliances affected by the recent clock signal component issue that is causing some firewall models to malfunction and fail after 18 months. The specific security products containing the clock signal issue include ASA firewall models 5506, 5506W, 5560H, 5508 and 5516. Additionally, Cisco's ISA3000 Industrial Security Appliance (ISA) and its Meraki MX84 cloud-managed security appliance have the faulty component.

Alongside the new appliances, Cisco also announced the launch of new Cisco Firepower Threat Defense 6.2.1, which includes 2100 Series support, virtual next-generation firewalls for Azure and AWS, Radware load balancing and DDoS mitigation, and remote access VPN support.

Cisco also announced the launch of three new management centers. The Firepower Management Center – available March 2017 – includes the ability to support 50 percent more devices in a single console and adds new 1000, 2500 and 4500 appliances. The Cisco Threat Intelligence Director allows companies to import third-party threat intelligence sources and feed normalized data through FMC. Finally, Cisco launched the Cloud Defense Orchestrator for bringing together on-box and cloud-delivery capabilities, as well as adding EMEAR (Europe, Middle East, Africa and Russia) cloud support, WSA v.11 support and low-touch provisioning.

Dave Gronner, senior manager of security-go-to-market, global partner organization at Cisco, said the benefit for partners of the new 2100 Series is that it will allow partners to sell Cisco Security solutions down into the midmarket and commercial markets. He said that, combined with the Cisco Firepower Threat Defense 6.2.1 release, will allow partners migrate customers from the Cisco ASA firewall solution set to the Firepower threat defense or next-generation firewall lines.

What's important for partners, Gronner said, is that the Series 2100 allows for that migration to happen without sacrificing security performance. He said customers are looking to consolidate down the number of vendors they work with and are turning to broader, platform-oriented security partners like Cisco.

"We are not only excellent in best of breed products … It's really providing partners with an architectural solution, something that provides layered, end-to-end security … You can think of this as one more arsenal in the kit," Gronner said.

Joe Leonard, chief information security officer at Presidio, a New York City-based Cisco partner, said the new 2100 Series would provide better visibility for his customers, an area he said customers are looking to improve as more mobile, cloud, and IoT technologies enter the environment. He said the price point is a good fit for the midmarket and smaller enterprise customers.

"I find that to be a really good advantage for our customers," Leonard said.

Leonard said the 2100 Series distinguishes itself from other offerings in the market by offering higher performance that isn't degraded by also running other security technologies, such as IPS and application visibility controls.

"I think this will be a very attractive platform, especially when someone looks at it and see that they can run all these concurrent services with zero-percent degradation. I think that will be very attractive," Leonard said.

As a partner, Leonard said the 2100 Series also opens the door for firewall migration services, including moving to a new platform, policy configuration and more. He said he also sees additional services opportunities around traffic analysis.

Gronner said Cisco would be wrapping partner profitability measures for partners around the 2100 Series, including deal registration and front-end partner margins. He said Cisco would also provide a backend bonus rebate for the 2100 Series through the VIP partner program for deals registered and booked through Account Breakaway-FTD (Firepower Threat Defense).