Cisco Firewalls are Hot Right Now and Here's Why!
The recent testing of Cisco Secure Firewalls in the Advanced Technology Center (ATC) has been an ongoing initiative throughout 2024. The goal was to really test Cisco's Next Generation Firewall (NGFW) solutions to see how they performed under pressure and in real-world environments. Here are the key advantages derived from the testing:
Performance Under Load:
- The Cisco Secure Firewalls performed well under various load conditions. For instance, during policy pushes under heavy load, the large physical platform experienced minimal packet loss, with packets received being above 99.9%. The price-per-performance for TLS encrypted packet handling also performed well, handling flows on smaller models that comparatively required larger boxes when compared to other firewall vendors. Our tests showed that the firewall can handle high traffic volumes without significant performance degradation, regardless of encryption.
High Availability (HA) Support:
- The ATC tests demonstrated robust HA capabilities, ensuring that the system maintains session state and experiences minimal packet loss during failover. This was evident in scenarios such as link failures, policy pushes under light and heavy loads, and power supply failures. The tests showed that the system could maintain session state and correct minimal packet loss using the TCP protocol, ensuring continuous and reliable network performance.
Remote Upgrade Capabilities:
- The testing validated the efficiency of remote upgrades. The upgrades were performed from the Firepower Management Center (FMC) and pushed to each firewall HA pair. The process was automated, with the standby device upgrading first, followed by a failover to upgrade the primary device. This process ensured minimal packet loss and no significant impact on established sessions, demonstrating the firewall's ability to handle remote upgrades seamlessly.
Policy Management:
- The firewall supports multi-domain and hierarchical policy management, allowing administrators to create and manage policies across different domains and layers. This flexibility in policy management helps in maintaining a structured and available security framework regardless of how the organization is structured.
Comprehensive Threat Protection:
- Cisco Secure Firewalls provide comprehensive threat protection, including on-box DDoS protection tests. Although some virtual appliances failed under high load conditions, the physical appliances, particularly the medium and large ones, passed the tests, indicating their robustness in protecting against DDoS attacks.
Robust API Options:
- The Cisco Secure Firewall Manager passed all tests given for configuration and load on its RESTful API. With hundreds of API calls available, estreamer options, vetted automation playbooks, and deep SIEM/SOAR integration, the Cisco Secure Firewall also performed very well in the API and integration categroy for brownfield environments.
User Authentication and Authorization:
- The tests confirmed the firewall's ability to implement user authentication using TACACS, RADIUS or SAML for access. Role-based access controls, policy editing locks, and change management features all performed at scale, demonstrating multi-user capabilities for firewall management. Ensuring multiple users can concurrently modify configurations without impacting each other, incorporating the firewall into the existing approval pipeline, and providing granular permissions based on the user's job role.
In conclusion, the recent testing of Cisco Secure Firewalls in the ATC has highlighted their robust performance, holistic API and integration options, comprehensive threat protection, and flexible management capabilities all make Cisco Secure Firewalls a reliable choice for organizations looking to enhance their network security infrastructure.