Cisco NGFW and Cisco NGIPS


Cisco NGFW (Next Generation Firewalls)


Firewalls are the important devices of a network that protect your network towards any maliciousthreats. By doing stateful inspection, firewalls decide to allow or deny network traffic based aon protocols, ports etc. Now, with the changing threats network need more than this. And Next Generation Firewalls (NGFW) have designed to overcome this need. If you would like tom visit Cisco website, you can visit here. NGFW is recently added Cisco CCNA Certification Lessons also.


Cisco NGFW can do what a classical firewall do. But they are more than this. Beside stateful inspection, Next Generation Firewalls (NGFW) provid any other additional features. They can block not only traditional attacks, threats but also advanced mallwares, threats and attacks.


So what are the main properties of a Cisco NGFW (Next Generation Firewall)? These Cisco NGFW properties are:


  • Statefull Inspection
  • IPS (Intrution Preventation System)
  • Application Awareness and Control
  • Threat Intelligence Source
  • Upgrade Paths for Future Information Feeds
  • Techniques for Advanced Security Threats and Attacks


A Cisco NGFW (Next Generation Firewalls) has more benefits if you compare with traditional firewalls. The benefits are given below.


  • Advanced Security
  • Good Security Monitoring
  • Flexible Management According to your need
  • Fast Threat Detection Time
  • Nice Integration with other Security Mechanisms
  • Automation


Cisco has a good product portfolio as Next Generation Firewalls (NGFW). These NGFW Products are given below:


  • Firepower 1000 Series
  • Firepower 2100 Series
  • Firepower 4100 Series
  • Firepower 9300 Series


Firepower 1000 Series are good for Small to Medium Branch Offices. Firepower 2100 Series is a NGFW for Large Branch Offices. Firepower 4100 Series and Firepower 9300 Series are used for high performace campus and datacenters.


There are also other Cisco NGFW (Next Generation Firewall) products that work with Virtualization and Cloud Technologies. These are:


  • Cisco Next-Generation Firewall Virtual (NGFWv)
  • Cisco Adaptive Security Virtual Appliance (ASAv)
  • Cisco Meraki MX Series


For virtual datacenter and puclic cloud services protection, Cisco Next-Generation Firewall Virtual (NGFWv) is used. For datacenter extension with Microsoft Azure and Amazeon Web Services (AWS), Cisco Adaptive Security Virtual Appliance (ASAv) has developed.


For small to medium offices, Cisco Meraki MX Serias are good choices to protect their Cloud Managed Infrastructure.


Another product for small to medium offices is ASA 5500-X with FirePOWER Services. This service protects these offices by combining hardware and advanced protection mechanisms.


  • ASA 5500-X with FirePOWER Services



Cisco NGIPS (Next-Generation Intrusion Prevention System)


Network security is becoming more important day by day. New attack types and threats are being used by attackers and old systems are not enough to mitigate these advanced malicious threats. To overcome these vulnerabilities, advanced security products are used. One of them was Intrution Preventatiion Systems (IPS). Now, a next generation products are used which are called Cisco NGIPS (Next-Generation Intrusion Prevention Systems).


Basically a Cisco NGIPS (Next-Generation Intrusion Prevention System) provides network visibility, more security, advanced protection, automation and security intelligence.



Cisco Firepower NGIPS provides network information that helps network security engineres about making decision about the network. It builds a network map with devices, files, applications, operating systems, users etc. It analyze your network with all its vulnerabilities and offer you security solutions.


So what do we gain by using such an advanced Intrusion Prevention System. Main features that you can benefit by using Cisco NGIPS are given below:


  • Industry leading thread protection for advanced threads
  • Perfect awareness on network, users, applications vulnerabilities etc.
  • Advanced threat protection and rapid remediation
  • Security automation
  • Granular application visibility and control
  • Global threat intelligence from Cisco’s Talos Security Intelligence and Research Group


There are Cisco products that can be used as Cisco NGIPS (Next Generation Intrusion Preventation System). These NGIPS Products are given below:


  • Firepower 1000 Series
  • Firepower 2100 Series
  • Firepower 4100 Series
  • Firepower 9000 Series
  • NGIPSv for VMWare
  • Firepower Threat Defence for ISR





Lesson tags: Cisco NGFW, Cisco NGIPS, Next Generation Firewall
Back to: CCNA 200-301 > Network Fundamentals

Leave a Reply

Your email address will not be published. Required fields are marked *

CCNA 200-301