Cisco Next Generation Firewalls

Cisco's Next Generation Firewalls (NGFW) are key components needed to achieve a robust defense in today's elevated threat environment. Cisco offers two separate product lines, each with their own unique features and the capability to deliver the needed performance and protection.

The Cisco Meraki MX and the Cisco ASA each have unique capabilities that could serve to make them the ideal choice, depending upon the characteristics of the organization.

The Case For Cisco Meraki

The Cisco Meraki MX is the Unified Threat Management component of the Meraki line of devices. A family of switches, wireless access points, security cameras, and phones completes the product lineup. The entire line is distinguished by the fact that their cloud-based management capabilities. The ease-of-use attributes of the unified cloud management interface means that devices can be confinured before they are deployed, and get them up and running fast. Once deployed, devices at many locations can be manged through a rich and intuitive central managment interface.

Another unique feature of Meraki security and networking products is related to licensing. Devices and licenses are purchased separately, providing the benefit of simplicity, choice of features and automatic updates when new versions become available.

Organizational Value

  • Out-of-the-box protection using self-optomizinsourceg security technology with automatic over-the-web updates and new features delivered quarterly.
  • Rapid deployment with zero-touch provisioning and configuration templates.
  • Streamlined management of thousands of distributed devices via a built-in cloud dashboard.
  • All-in-one gateway functionality with built in SD-WAN feature set at no extra cost.

Key Capabilities

  • Centralized, cloud-based management and monitoring with zero-touch provisioning and extensive built-in network visibility.
  • Layer 7 security with SourceFire Snort-based IPS engine. BrightCloud content filtering (85 categories), MaxMInd Geo-IP security, and Cisco Advanced Malware Protection (AMP) with Threat Grid sandboxing.
  • Integrated SD-WAN capabilities with three-click VPN configuration, traffic load balancing, performance and policy-based routing, and automatic link failover.
  • Bandwidth optimization (traffic shaping) and QoS, enabling faster web access via caching and business-critical app prioritization.

Organizational Characteristics

  • Limited IT Staff: Organization has a small IT team relative to the size of the network.
  • Distributed footprint: Organization needs to connect and/or secure many sites (e.g. remote clinics).
  • Willingness to use cloud: Organization is open to cloud-based management and can see value in remote management capabilities.
  • Track record of rapid growth: Part of growing organization that needs to be able to scale its operations.

The Case for Cisco ASA

Cisco ASA is the industry-leading NGFW with enterprise-grade protection at a competitive price. The ASA Cisco Firepower NGFW (next-generation firewall) is the industry’s first fully integrated, threat-focused next-gen firewall with unified management. It uniquely provides advanced threat protection before, during, and after attacks.

The Cisco Firepower NGFW appliances deliver business resiliency through superior threat defense. They provide sustained network performance when threat inspection features are activated to keep your business running securely. And they are now simpler to manage for improved IT efficiency and a lower total cost of ownership.

Organizational Value

  • Customizable threat defense with the same enterprise-grade security technology found in all Cisco next-generation firewalls.
  • Flexible management with on-device management for single instance deployments, and centralized management where required.
  • Extensive integration options with other Cisco solutions and third-party tools.

Key Capabilities

ASA Hardware

  • Stateful firewall stops threats with enterprise-class inspection and NGFW capabilities.
  • VPN Capabilities protect both site-to-site connections and remote users, extending secure network access.

FirePOWER Services

  • Application Visibility and Control (AVC) enables app usage managment to reduce attack surface and risk of data loss, with 3,500 application-layer and risk-based controls.
  • Next-Gen Intrusion Prevention System (NGIPS) (dynamically detects and prevents threats from entering the network, delivering deep contextual awareness.
  • Advanced Malware Protection (AMP) quickly identifies and eliminates malware and other threats, and reduces remediation time.
  • URL Filtering restricts access to hundreds of millions of sites and sub-sites based on 80+ categories.

Organizational Characteristics

  • Dedicated Security expertise: Organization is personally accountable for preventing breaches and ensuring swift remediation.
  • Wants Controlistributed footprint: Organization needs to connect and/or secure many sites (e.g. remote clinics).
  • Has a centralized enterprise with some remote offices: Organization needs a solution to manage their remote locations from a central location.
  • Prefers on-premises solution: Organization needs an on-premises security solution due to data security requirements..


230 Northgate Street #145,
Lake Forest, IL 60045
(888) 772-2685