Data sheetCisco publicCisco Firepower 4100 SeriesEnterprise FirewallNext Generation FirewallNext Generation IPS 2019 Cisco and/or its affiliates. All rights reserved.Page 1 of 9
ContentsCisco Firepower 4100 Series appliances3Model overview3Detailed performance specifications and feature highlights4Hardware specifications6Cisco Capital9 2019 Cisco and/or its affiliates. All rights reserved.Page 2 of 9
Cisco Firepower 4100 Series appliancesThe Cisco Firepower 4100 Series is a family of seven threat-focused NGFW security platforms. Their throughput rangeaddresses data center and internet edge use cases. They deliver superior threat defense, at faster speeds, with a smallerfootprint. Cisco Firepower 4100 Series supports flow-offloading, programmatic orchestration, and the management ofsecurity services with RESTful APIs. Network Equipment Building Standards (NEBS)-compliance is supported by the CiscoFirepower 4120 platform. The 4100 Series platforms can run either the Cisco ASA Firewall or Cisco Firepower ThreatDefense (FTD) software.Model overviewCisco Firepower 4100 Series summary:ModelFirewallNGFWNGIPSInterfacesOptional InterfacesFPR-411035G11G15G8 x SFP on-chassis2 x NM’s: 1/10/40G, FTWFPR-4115(New)80G26G27G8 x SFP on-chassis2 x NMs: 1/10/40G, FTWFPR-412060G19G27G8 x SFP on-chassis2 x NM’s: 1/10/40G, FTWFPR-4125(New)80G35G41G8 x SFP on-chassis2 x NMs: 1/10/40G, FTWFPR-414070G27G38G8 x SFP on-chassis2 x NM’s: 1/10/40G, FTWFPR-4145(New)80G45G55G8 x SFP on-chassis2 x NMs: 1/10/40G, FTWFPR-415075G39G52G8 x SFP on-chassis2 x NM’s: 1/10/40G, FTW 2019 Cisco and/or its affiliates. All rights reserved.Page 3 of 9
Detailed performance specifications and feature highlightsTable 1.Performance specifications and feature highlights for Firepower 4100 with the Cisco Firepower Threat defense t: FW AVC (1024B)13 Gbps27 Gbps22 Gbps40 Gbps32 Gbps53 Gbps45 GbpsThroughput: FW AVC IPS(1024B)11 Gbps26 Gbps19 Gbps35 Gbps27 Gbps45 Gbps39 GbpsMaximum concurrent sessions,with AVC10 million15 million15 million25 million25 million30 million30 millionMaximum new connections persecond, with AVC64K200K118K265K172K350K263KTLS (Hardware Decryption)14.5 Gbps6.5 Gbps7.1 Gbps8 Gbps7.3 Gbps10 Gbps7.5 GbpsThroughput: NGIPS (1024B)15 Gbps27 Gbps27 Gbps41 Gbps38 Gbps55 Gbps52 GbpsIPSec VPN Throughput (1024BTCP w/Fastpath)6 Gbps8 Gbps10 Gbps14 Gbps13 Gbps18 Gbps14 GbpsMaximum VPN ti-Instance CapableYesCentralized managementCentralized configuration, logging, monitoring, and reporting are performed by the ManagementCenter or alternatively in the cloud with Cisco Defense OrchestratorApplication Visibility and Control Standard, supporting more than 4000 applications, as well as geolocations, users, and websites(AVC)AVC: OpenAppID support forcustom, open source,application detectorsStandardCisco Security IntelligenceStandard, with IP, URL, and DNS threat intelligenceCisco Firepower NGIPSAvailable; can passively detect endpoints and infrastructure for threat correlation and Indicators ofCompromise (IoC) intelligenceCisco AMP for NetworksAvailable; enables detection, blocking, tracking, analysis, and containment of targeted and persistentmalware, addressing the attack continuum both during and after attacks. Integrated threat correlationwith Cisco AMP for Endpoints is also optionally availableCisco AMP Threat GridsandboxingAvailableURL Filtering: number ofcategoriesMore than 80URL Filtering: number of URLscategorizedMore than 280 millionAutomated threat feed and IPSsignature updatesYes: class-leading Collective Security Intelligence (CSI) from the Cisco Talos ity/talos.html) 2019 Cisco and/or its affiliates. All rights reserved.Page 4 of 9
Features4110411541204125414041454150Third-party and open-sourceecosystemOpen API for integrations with third-party products; Snort and OpenAppID community resources fornew and specific threatsHigh availability and clusteringActive/standby. Cisco Firepower 4100 Series allows clustering of up to 6 chassisCisco Trust Anchor Technologies Firepower 4100 Series platforms include Trust Anchor Technologies for supply chain and softwareimage assurance.NOTE: Performance will vary depending on features activated, and network traffic protocol mix, and packet sizecharacteristics. Performance is subject to change with new software releases. Consult your Cisco representative fordetailed sizing guidance.1Throughput measured with 50% TLS 1.2 traffic with AES256-SHA with RSA 2048B keysTable 2.ASA Performance and capabilities on Firepower 4100 appliancesFeatures411041154120412541404145415035 GbpsStateful inspectionfirewall throughput180 Gbps60 Gbps80 Gbps70 Gbps80 Gbps75 GbpsStateful inspectionfirewall throughput(multiprotocol)215 Gbps40 Gbps30 Gbps45 Gbps40 Gbps50 Gbps50 GbpsConcurrent firewallconnections10 million15 million15 million25 million25 million40 million35 millionFirewall latency(UDP 64Bmicroseconds)126.96.36.199.188.8.131.52New connectionsper second150,000848K250,0001.1 million350,0001.5 million800,000IPsec VPNthroughput (450BUDP L2L test)8 Gbps15 Gbps10 Gbps19 Gbps14 Gbps23 Gbps15 GbpsMaximum Security contexts(included;maximum)10; 25010; 25010; 25010; 25010; 25010; 25010; 250High availabilityActive/active and active/standbyClusteringUp to 16 appliancesScalabilityVPN Load Balancing, Firewall Clustering.CentralizedmanagementCentralized configuration, logging, monitoring, and reporting are performed by Cisco Security Manager oralternatively in the cloud with Cisco Defense OrchestratorAdaptive SecurityWeb-based, local management for small-scale deployments 2019 Cisco and/or its affiliates. All rights reserved.Page 5 of 9
Features4110411541204125414041454150Device Manager1Throughput measured with 1500B User Datagram Protocol (UDP) traffic measured under ideal test conditions.2“Multiprotocol” refers to a traffic profile consisting primarily of TCP-based protocols and applications like HTTP, SMTP, FTP, IMAPv4, BitTorrent, andDNS.3In unclustered configuration.Performance testing methodologies LINKHardware specificationsTable 3.Cisco Firepower 4100 Series hardware specificationsFeatures4110Dimensions (H x W x D)1.75 x 16.89 x 29.7 in. (4.4 x 42.9 x 75.4 cm)Form factor (rack units)1RUSupervisorCisco Firepower 4000 Supervisor with 8 x 10 Gigabit Ethernet ports and 2 Network Module(NM) slots for I/O expansionNetwork modules411541204125414041454150 8 x 10 Gigabit Ethernet Enhanced Small Form-Factor Pluggable (SFP ) network modules 4 x 40 Gigabit Ethernet Quad SFP network modules 8-port 1Gbps copper, FTW (fail to wire) Network Module 6-port 1 Gbps SX Fiber FTW (fail to wire) Network Module 6-port 10Gbps SR Fiber FTW (fail to wire) Network Module 6-port 10Gbps LR Fiber FTW (fail to wire) Network ModuleMaximum number of interfacesUp to 24 x 10 Gigabit Ethernet (SFP ) interfaces; up to 8 x 40 Gigabit Ethernet (QSFP )interfaces with 2 network modulesIntegrated network management ports1 Gigabit EthernetSupports 1-G fiber or copper SFPsSerial port1 x RJ-45 consoleUSB1 x USB 2.0Storage200 GB 2019 Cisco and/or its affiliates. All rights reserved.400 GB200 GB800 GB400 GB800 GB400 GBPage 6 of 9
onfigurationSingle1100W AC,dualoptional.Single/dual950W DCoptional1, 2optional.Single/dual950W DCoptional1, 2SingleDual 1100W Dual 1100W Dual 1100W Dual 1100W1100W AC, AC1AC1AC1AC1dualoptional.Single/dual950W DCoptional1AC input voltage100 to 240V ACAC maximum input current13AAC maximum output power1100WAC frequency50 to 60 HzAC efficiency 92% at 50% loadDC input voltage-40V to -60VDCDC maximum input current27ADC maximum output power950WDC efficiency 92.5% at 50% loadRedundancy1 1Fans6 hot-swappable fansNoise78 dBARack mountableYes, mount rails included (4-post EIA-310-D rack)Weight36 lb (16 kg): 2 x power supplies, 2 x NMs, 6x fans; 30 lb (13.6 kg): no power supplies, no NMs,no fansTemperature: operating32 to 104 F 32 to 104 F 32 to 104 F 32 to 104 F 32 to 95 F(0 to 40 C) (0 to 40 C) (0 to 40 C) (0 to 40 C) (0 to 35 C),or NEBSat sea leveloperation(see below)Temperature: nonoperating-40 to 149 F (-40 to 65 C)Humidity: operating5 to 95% noncondensingHumidity: nonoperating5 to 95% noncondensingAltitude: operating10,000 ft(max)Altitude: nonoperating40,000 ft (max)NEBS operation (FPR 4120 only)Operating altitude: 0 to 13,000 ft (3960 m)10,000 ft(max)10,000 ft(max) orNEBSoperation(see below)10,000 ft(max)32 to 95 F(0 to 35 C),at sea level10,000 ft(max)32 to 95 F(0 to 35 C),at sea level10,000 ft(max)Operating temperature:Long term: 0 to 45 C, up to 6,000 ft (1829 m) 2019 Cisco and/or its affiliates. All rights reserved.Page 7 of 9
Features4110411541204125414041454150Long term: 0 to 35 C, 6,000 to 13,000 ft (1829 to 3964 m)Short term: -5 to 50 C, up to 6,000 ft (1829 m)1Dual power supplies are hot-swappable.Table 4.Cisco Firepower 4100 Series NEBS, Regulatory, Safety, and EMC ComplianceSpecificationDescriptionRegulatory complianceProducts comply with CE markings per directives 2004/108/EC and 2006/108/ECSafety UL 60950-1 CAN/CSA-C22.2 No. 60950-1 EN 60950-1 IEC 60950-1 AS/NZS 60950-1 GB4943EMC: emissions 47CFR Part 15 (CFR 47) Class A (FCC Class A) AS/NZS CISPR22 Class A CISPR22 CLASS A EN55022 Class A ICES003 Class A VCCI Class A EN61000-3-2 EN61000-3-3 KN22 Class A CNS13438 Class A EN300386 TCVN7189EMC: Immunity EN55024 CISPR24 EN300386 KN24 TVCN 7317 EN-61000-4-2, EN-61000-4-3, EN-61000-4-4, EN-61000-4-5, EN-61000-4-6, EN-61000-4-8, EN61000-4-11 2019 Cisco and/or its affiliates. All rights reserved.Page 8 of 9
Cisco CapitalFlexible payment solutions to help you achieve your objectivesCisco Capital makes it easier to get the right technology to achieve your objectives, enable business transformationand help you stay competitive. We can help you reduce the total cost of ownership, conserve capital, and accelerategrowth. In more than 100 countries, our flexible payment solutions can help you acquire hardware, software, services andcomplementary third-party equipment in easy, predictable payments. Learn more.Printed in USA 2019 Cisco and/or its affiliates. All rights reserved.C78-742474-01 08/19Page 9 of 9
Stateful inspection firewall throughput (multiprotocol)2 15 Gbps 40 Gbps 30 Gbps 45 Gbps 40 Gbps 50 Gbps 50 Gbps Concurrent firewall connections 10 million 15 million 15 million 25 million 25 million 40 million 35
CONTENTS Regulatory Compliance and Safety Information—Cisco Firepower 4100 Series 1 Gesetzliche Auflagen und Sicherheitshinweise—Cisco Firepower 4100 Series 17 Cumplimiento de las normas e información de seguridad—Cisco Firepower 4100 Series 29 Säädösten noudattaminen ja turvallisuustiedot—Cisco Firepower 4100 Series 41 Informations relatives à la conformité et à la sécurité .
Oct 30, 2019 · Cisco ASA 5506W-X with FirePOWER Services Cisco ASA 5508-X with FirePOWER Services Cisco ASA 5516-X with FirePOWER Services Cisco Firepower 2100 Series Cisco Firepower 4000 Series Cisco Firepower 9000 Series 10Gbps Optical Encryption Line Card for the Cisco NCS 2000 Series a
FireSIGHT Management Center Software Versions Available for Reimage Cisco FirePOWER 7000 Series Cisco FirePOWER 7100 Series Cisco FirePOWER 8100 Series Cisco FirePOWER 8200 Series FS 750 FS 1500 FS 3500 5.2 or later Firepower 8300 Series Cisco AMP 7150 Cisco AMP 8150 5.3 or later
Cisco Nexus 7706 Cisco ASR1001 . Cisco ISR 4431 Cisco Firepower 1010 Cisco Firepower 1140 Cisco Firepower 2110 Cisco Firepower 2130 Cisco FMC 1600 Cisco MDS 91485 Cisco Catalyst 3750X Cisco Catalyst 3850 Cisco Catalyst 4507 Cisco 5500 Wireless Controllers Cisco Aironet Access Points .
The Cisco Firepower NGFW includes Application Visibility and Control (AVC), optional Next-Gen IPS (NGIPS), Cisco Advanced Malware Protection (AMP) for Networks, and URL Filtering. The Cisco Firepower 2100 Series, 4100 Series, and 9300 appliances use the Cisco Firepower Threat Defense software image. Alternatively, Cisco Firepower 2100 Series .
Cisco Systems, Inc. www.cisco.com Firepower 7000 Series Getting Started Guide 1 Cisco Firepower 7000 Series Getting Started Guide For the 70x0 and 71xx Firepower and AMP models Updated: August 22, 2018 This guide is organized as follows: Package Contents Deploying the Appliance Cabling the Device Installing the Firepower 7000 Series Device
Cisco ASA FirePOWER Module Quick Start Guide 1. About the ASA FirePOWER Module 2 Figure 1 ASA FirePOWER Module Traffic Flow in the ASA Note: If you have a connection between hosts on two ASA interfaces, and the ASA FirePOWER service policy is only configured for one of the interfaces, then all traffi c between these hosts is sent to the ASA FirePOWER module,
2. Introducción FirePower 2.1 SourceFire 2.2 FirePower 2.2 FirePower Threat Defense (FTD) 3. Introducción Hardware/Virtual 3.1 FMC / FMCv 3.2 SourceFire Series 7000 & 8000 3.2 ASA 5500-X 3.3 FirePower Series 1000, 1100, 2100, 4100, 9300 3.5 FTDv 4. Introducción Firewall/IPS 4.1 NGIPS 4.2 NGFW 5. Firewall Modes 5.1 Routed 5.2 Transparent 5.3 .