Cisco Secure 3100 Series: Just Another Firewall?

The Cisco Secure Firewall 3100 series represents a significant advancement in Cisco's firewall technology. While the physical form factor may appear familiar, the internal architecture boasts groundbreaking innovations designed to address the evolving security needs of today's organizations.

Software-Driven Hardware Evolution

The 3100 Series leverages the power of Cisco's Secure Firewall Threat Defense (FTD) 7.x software suite. Version 7.0 of FTD was released in 2021 to do something incredibly special. At the time, it significantly improved both threat protection and VPN performance across all firewall appliances, including the aging ASA devices, through a simple software upgrade. Since then, Cisco has continuously improved FTD, with version 7.2 delivering hundreds of bug fixes and stability enhancements.

Hardware Innovation for Unparalleled Performance

The 3100 series signifies a paradigm shift in Cisco firewall hardware. It's one of the first to utilize an AMD processor (replacing Intel), offering a substantial increase in core count. This translates to superior performance in critical areas like deep packet inspection with Snortv3 and threat intelligence powered by Cisco Talos. Additionally, the 3100 series introduces a custom-built Field Programmable Gate Array (FPGA) for next-generation flow offload. This offloads encryption and decryption tasks from the CPU, resulting in industry-leading single-flow throughput and low latency. The raw numbers detailing the improvements seen for these architecture changes speak for themselves, and these can be seen below.

Enhanced Visibility and Control

The 3100 series addresses the challenge of encrypted traffic inspection, without the need to proxy traffic, through Encrypted Visibility Engine (EVE). This innovative feature utilizes application fingerprinting to identify client applications and processes that leverage TLS encryption. This empowers administrators with granular control and policy enforcement within their networks. EVE works by fingerprinting the Client Hello packet in the TLS handshake to identify specific application fingerprints within the TLS session establishment. This allows the system to identify the encrypted client process and take appropriate action (allow/block). EVE also supports Quick UDP Internet Connection protocol (QUIC) fingerprinting. The QUIC protocol is the default protocol for popular sites such as google and Facebook with almost 10% of all sites today supporting transport over this protocol.

Multi-Instance and Clustering for Scalability

The 3100 series, starting with FTD 7.4, extend functionalities previously exclusive to high-end models. It introduces multi-instance, providing full resource separation between individually configured firewall instances - similar to ASA contexts. Additionally, clustering allows for a fully distributed forwarding plane across up to eight 3100 appliances, effectively creating a single logical unit. These features are availble to 3100 appliances managed via Firewall Management Center (FMC)

Simplified Management and Improved Security Insights

FMC, the management platform for Cisco Secure Firewalls, benefits from ongoing enhancements. Notably, from version 7.3 onwards IPS now includes rule groups mapped to the MITRE ATT&CK framework, enabling targeted protection and clear identification of attacker tactics and techniques. Furthermore, reporting highlights events mapped to specific MITRE ATT&CK techniques.

Recognizing the prevalence of remote work, Cisco has introduced a consolidated VPN dashboard in FMC 7.3. This dashboard offers real-time insights into active Remote Access VPN sessions, facilitating troubleshooting and proactive certificate management. Historically, one of the issues with FMC and it's reporting was a lack of visibility into VPN connectivity however Cisco have now looked to bridge the gap, giving network administrators an easier troubleshooting experience.

Conclusion

The Cisco Secure Firewall 3100 series marks a turning point in firewall technology. Its innovative architecture, combined with the feature rich FTD software, delivers unmatched performance, security, and manageability for organizations navigating the complexities of today's threat landscape.

Additional Information

• Cisco Secure Firewall 3100 Series Data Sheet: https://www.cisco.com/c/en/us/products/collateral/security/firewalls/secure-firewall-3100-series-ds.html

• Cisco Secure Firewall Threat Defense Software: https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-firewalls/212420-configure-firepower-threat-defense-ftd.html

• Encrypted Visibility Engine: https://secure.cisco.com/secure-firewall/docs/encrypted-visibility-engine

• MITRE ATT&CK Framework: https://attack.mitre.org/