为何选择思科防火墙?
世界一流的安全控制无处不在
保护网络免受日益复杂的威胁入侵需要业界领先的情报和始终如一的无处不在的保护。借助思科下一代防火墙,立即改善您的安全状况。
统一的策略和可视性
随着网络互联程度的提高,实现全面的威胁可视性和一致的策略管理变得困难。简化安全管理,并获得跨分布式网络和混合网络的可视性。
集成网络和安全
思科下一代防火墙为将强大的威胁防御功能集成到您现有的网络基础设施奠定了基础 (sysin),使网络成为您防火墙解决方案的逻辑扩展。
在 Gartner 的《2019 年企业网络防火墙魔力象限》中,思科荣列领导者象限。
思科防火墙在 Ovum Firewall Market Radar 报告中获得高度评价。
思科荣获 Gartner Peer Insights 企业网络防火墙的“客户之选”称号。
了解思科解决方案如何凭借检测时间和威胁响应速度引领行业。
管理
思科防御协调器
简单一致地从云端管理安全策略。
Firepower 管理中心
对防火墙、应用控制、入侵防御、URL 过滤和高级恶意软件防护进行统一管理。
Firepower 设备管理器
为小型思科下一代防火墙部署获得易于使用的本地防火墙配置和管理。
思科威胁响应
充分发挥思科集成安全架构的全部潜力 (sysin)。
Cisco Firepower NGFW Virtual (NGFWv)
Features and specifications
Table 1. Features and specifications for NGFWv
Features | Specifications |
---|---|
Cisco Firepower Device Manager (local management) | ESXi and KVM; Azure: Version 6.5 and above; AWS: 6.6 and above |
Centralized management | Centralized configuration, logging, monitoring, and reporting are performed by the Cisco Firepower Management Center (all platforms including on-premises and in AWS and Azure) or alternatively in the cloud with Cisco Defense Orchestrator (ESXi and KVM; Azure: Version 6.5 and above) |
Application Visibility and Control (AVC) | Standard, supporting more than 4000 applications, as well as geolocations, users, and websites |
AVC: OpenAppID support for custom, open-source, application detectors | Standard |
Cisco Security Intelligence | Standard, with IP, URL, and DNS threat intelligence |
Cisco Firepower Next-Generation Intrusion Prevention System (NGIPS) | Available; can passively detect endpoints and infrastructure for threat correlation and Indicators of Compromise (IoC) intelligence |
Cisco Advanced Malware Protection (AMP) for Networks | Available; enables detection, blocking, tracking, analysis, and containment of targeted and persistent malware, addressing the attack continuum both during and after attacks. Integrated threat correlation with Cisco AMP for Endpoints is also optionally available. |
Cisco AMP Threat Grid sandboxing | Available |
URL filtering: number of categories | More than 80 |
URL filtering: number of URLs categorized | More than 280 million |
Automated threat feed and IPS signature updates | Yes: Class-leading Collective Security Intelligence (CSI) from the Cisco Talos® group (https://www.cisco.com/c/en/us/products/security/talos.html) |
Third-party and open-source ecosystem | Open API for integrations with third-party products; Snort® and OpenAppID community resources for new and specific threats |
High availability and clustering | Active/standby (ESXi and KVM only) |
Deployment modes | Routed, transparent (inline set — IPS-only), and passive; AWS and Azure: routed mode only |
Note: Performance will vary depending on features activated, network traffic protocol mix, and packet size characteristics. Performance is subject to change with new software releases. Consult your Cisco representative for detailed sizing guidance.
Product performance guidelines
Note: Your performance may vary from the below. These should be considered general guidelines. Your actual performance will depend on your test environment, including CPU type, CPU speed, cache, number of interfaces, etc.
Table 2. Performance specifications for NGFWv
Specification | 4 vCPU | 8 vCPU | 12 vCPU |
---|---|---|---|
Throughput: FW + AVC (1024B) | 3 Gbps | 5.5 Gbps | 10 Gbps |
Throughput: FW + AVC + IPS (1024B) | 3 Gbps | 5.5 Gbps | 10 Gbps |
Throughput: FW + AVC (450B) | 1.5 Gbps | 3 Gbps | 5 Gbps |
Throughput: FW + AVC + IPS (450B) | 1 Gbps | 2 Gbps | 3 Gbps |
Maximum concurrent sessions | 100,000 | 250,000 | 500,000 |
Maximum new connections per second | 20,000 | 20,000 | 40,000 |
Maximum VPN peers | 250 | 250 | 750 |
System requirements
Table 3. System requirements for NGFWv
Specification | Description |
---|---|
VMware and KVM: Virtual CPUs and memory (6.4 and above) | ● 4 vCPU/8GB ● 8 vCPU/16GB ● 12 vCPU/24GB |
VMware and KVM: Virtual CPUs and memory (6.3 and earlier) | 4 vCPU/8GB |
Storage | 50GB for all FTDv configurations |
Hypervisor support | ESXi 6.0, 6.5, 6.7; KVM |
AWS Support | ● Instances: c3.xlarge, c4.xlarge ● Instances: c5.xlarge, c5.2xlarge, & c5.4xlarge (6.6 and above) ● Gov Marketplace ● China Marketplace ● Auto-Scale ● Enhanced Networking |
Azure Support | ● Instances: D3, D3_V2, ● Instances: D4_v2 and D5_v2 (6.5 and above) ● Gov Marketplace ● China Marketplace ● Auto-Scale |
Ordering information
Table 4. Ordering information for NGFWv
Part number | Description |
---|---|
FPRTD-V-K9 | Cisco Firepower Threat Defense (TD) Virtual Appliance |
L-FPRTD-V-T | Cisco Firepower TD Virtual Threat Protection |
L-FPRTD-V-TM | Cisco Firepower TD Virtual Threat and Malware Protection |
L-FPRTD-V-TC | Cisco Firepower TD Virtual Threat Protection and URL |
L-FPRTD-V-TMC | Cisco Firepower TD Virtual Threat, Malware, and URL Filtering |
L-FPRTD-V-AMP | Cisco Firepower TD Virtual Malware Protect |
L-FPRTD-V-URL | Cisco Firepower Threat Defense Virtual URL Filtering |
下载体验
百度网盘链接:https://pan.baidu.com/s/1VqF2KP9cbwwy18WYa7ia4A 提取码:isa8
关于许可
-
Base License 永久许可
Includes: Base Firewall Capabilities, Application Visibility and Control
-
Subscription Licenses 订阅许可免费90天试用
下载仅供下载体验和测试学习,不得商用和正当使用。
下载体验