Cisco: Fresh firewalls from 1.5 to 400 Gbit/s throughput

Contents

Cisco is completing its hardware portfolio for hybrid mesh firewalls at both the lower and upper end of the performance scale. From September 2025, the network equipment provider will also be launching the Live Protect feature for data center switches to roll out security policies to switches at the touch of a button. This is intended to block traffic patterns that correspond to a CVE on a connected server. A Mesh Policy Engine is also designed to create uniform policies for different firewalls via an interface, which can even be applied to third-party manufacturers.

With the new Secure Firewalls of the 6100 and 200 series, Cisco is completing the hardware refresh in the firewall environment. The 6160 and 6170 Secure Firewalls will be available to order from October 2025. Both come with a height of two height units. However, the two models differ in terms of maximum throughput rates. The smaller 6160 delivers up to 280 Gbit/s firewall and IPSec throughput, as well as 90 Gbit/s TLS decryption throughput. The 6170, on the other hand, delivers up to 400 Gbit/s firewall and IPSec throughput and 120 Gbit/s TLS decryption throughput. Cisco has not yet provided any information on IPS throughput.

The same applies to the available WAN/LAN ports. Pictures of the keynote show 14 SFP(+/28) and 4 QSFP(+/28) slots integrated onboard, as well as two additional slots that accommodate either 8 SFP(+/28) or 4 QSFP(+/28) transceivers. In terms of load balancing and high availability, Cisco provides active-active and N+1 clustering architectures. Up to 16 6100 units can be combined in clustering, allowing customers to achieve over 4 Tbps throughput.

The firewalls have an AI-supported Encrypted Visibility Engine (EVE) for the inspection of encrypted data traffic and selective decryption with hardware crypto accelerators.

For smaller requirements

At the lower end of the performance spectrum, the Cisco Secure Firewall 220 will be available for small branch offices from December 2025. It delivers up to 1.5 Gbit/s firewall and IPS throughput, decreasing to one Gbit/s for IPSec and 750 Mbit/s for TLS decryption. These firewalls also offer AI/ML-based visibility for encrypted traffic, which can inspect the data traffic locally on the hardware or in the cloud. Snort ML on Snort 3 is available for this purpose. Central management can be carried out via Cisco Security Cloud Control (formerly Defense Orchestrator) and the firewall supports SD-WAN. Power is supplied via an external power supply unit. Again, there is no information on the ports yet. On pictures of the keynote, we could see four RJ45 copper ports for LAN, an additional RJ45 copper port for WAN and an SFP(+) slot for WAN.

This means that there are now five different series of hardware firewalls from 1.5 to 400 Gbit/s throughput and over 20 virtualized variants for private and public clouds.

More openness for third-party firewalls

As Cisco has now also understood that there is a world outside the Cisco cosmos, it is now possible to implement intent-based policies via a so-called mesh policy engine in Cisco's security management platform Security Cloud Control. They are then applied to Cisco's own firewalls as well as those of third-party providers. However, Cisco has not yet revealed which third-party providers are supported.

With Cisco Live Protect, which will be available for NX-OS-based data center switches from September 2025, Cisco is announcing a kind of compensatory control at the push of a button for reported CVEs for servers for which no patch is yet available. If necessary, appropriate security guidelines are to be set up on the switch to block attack patterns that correspond to the CVE before they reach the vulnerable servers.

Integration of ACI into the security architecture

Cisco is now extending the possible investigation points of the Cisco Hybrid Mesh Firewall from classic hardware and virtual firewalls to the SDN data center solution Application-Centric Infrastructure (ACI). The Secure Workload component in the Cisco Hybrid Mesh Firewall is designed to generate microsegmentation policies based on network topology, workload metadata, data flows and AI/ML integrations.

The policy is then enforced either agentlessly on the switches in the Cisco ACI fabric or by using the Cisco ACI fabric together with other security components such as the in-house secure firewalls, cloud providers and application delivery controllers. Alternatively, a secure workload agent for different operating systems would also be possible.

However, there is now also a lot happening in the area of ACI management. The new Unified Fabric Experience for the Nexus data center switches in the Nexus Dashboard is a long-awaited feature for customers. It should make it possible to manage the classic VXLAN/EVPN approach in the Nexus Dashboard and ACI in a unified management solution without changing the management level and additional logins.

New routers with NGFW

With the new secure routers in the Catalyst 8000 series, Cisco is also introducing a Next-Generation Firewall (NGFW) on the routers. Previously, either stateless packet filters (ACL) or the simpler zone-based stateful firewalling functions were integrated. Cisco now also includes NGFW functions. They also have SD-WAN functions and an integrated ThousandEyes agent for increased visibility of application and network performance metrics. Specifically, these are the 8400 and 8500 routers, with the top model achieving up to 95 Gbit/s IPsec and up to 61 Gbit/s SD-WAN throughput.

(kbe)