Cisco Firepower 1000 License

  • Technical Support
  • Last updated on: 07 Jan 2020

Enterprise Firewall

Next-Generation Firewall

Cisco Firepower 1000 Series Appliances The Cisco Firepower 1000 Series is a family of four threat-focused Next-Generation Firewall (NGFW) security platforms that deliver business resiliency through superior threat defense. It offers exceptional sustained performance when advanced threat functions are enabled. The 1000 Series’ throughput range addresses use cases from the small office, home office, remote branch office to the Internet edge. The 1000 Series platforms run Cisco Firepower Threat Defense (FTD) and Cisco Adaptive Security Appliance (ASA) software.

Model overview

Cisco Firepower 1000 License

Cisco Firepower 1000 Series summary

Cisco Firepower 1000 Series summary

ModelNGFWNext-Generation Intrusion Prevention System- NGIPSInterfaces
FPR-1010650 Mbps650 Mbps8 x RJ45
FPR-11201.5 Gbps1.5 Gbps8 x RJ45, 4 x SFP
FPR-11402.2 Gbps2.2 Gbps8 x RJ45, 4 x SFP
FPR-11503 Gbps3 Gbps8 x RJ45, 2 x SFP, 2 x 10G SFP+

Detailed performance specifications and feature highlights

Table 1. Performance specifications and feature highlights for Cisco Firepower 1000 with the Cisco Firepower Threat Defense image

Detailed performance specifications and feature highlights

Feature1010112011401150
Throughput: Firewall (FW) + Application Visibility and Control (AVC) (1024B)650 Mbps1.5 Gbps2.2 Gbps3 Gbps
Throughput: FW + AVC + Intrusion Prevention System (IPS) (1024B)650 Mbps1.5 Gbps2.2 Gbps3 Gbps
Maximum concurrent sessions, with AVC100K200K400K600K
Maximum new connections per second, with AVC6K15K22K28K
Transport Layer Security (TLS)150 Mbps700 Mbps1 Gbps1.4 Gbps
Throughput: NGIPS (1024B)650 Mbps1.5 Gbps2.2 Gbps3 Gbps
IPSec VPN throughput (1024B TCP w/Fastpath)300 Mbps1 Gbps1.2 Gbps1.4 Gbps
Maximum VPN Peers75150400800
Cisco Firepower Device Manager (local management)YesYesYesYes
Centralized managementCentralized configuration, logging, monitoring, and reporting are performed by the Management Center or alternatively in the cloud with Cisco Defense Orchestrator
AVCStandard, supporting more than 4000 applications, as well as geolocations, users, and websites
AVC: OpenAppID support for custom, open-source application detectorsStandard

 

Cisco Security IntelligenceStandard, with IP, URL, and DNS threat intelligence
Cisco Firepower NGIPSAvailable; can passively detect endpoints and infrastructure for threat correlation and Indicators of Compromise (IoC) intelligence
Cisco Advanced Malware Protection (AMP) for NetworksAvailable; enables detection, blocking, tracking, analysis, and containment of targeted and persistent malware, addressing the attack continuum both during and after attacks. Integrated threat correlation with Cisco AMP for Endpoints is also optionally available
Cisco AMP Threat Grid sandboxingAvailable
URL filtering: number of categoriesMore than 80
URL filtering: number of URLs categorizedMore than 280 million
Automated threat feed and IPS signature updatesYes: class-leading Collective Security Intelligence (CSI) from the Cisco Talos® group (https://www.cisco.com/c/en/us/products/security/talos.html)
Third-party and open-source ecosystemOpen API for integrations with third-party products; Snort and OpenAppID community resources for new and specific threats
High availability and clusteringActive/standby
Cisco Trust Anchor TechnologiesCisco Firepower 1000 Series platforms include Trust Anchor Technologies for supply chain and software image assurance. Please see the section below for additional details

Note: Performance will vary depending on features activated, and network traffic protocol mix, and packet size characteristics. Performance is subject to change with new software releases. Consult your Cisco representative for detailed sizing guidance.

Table 2. ASA Performance and capabilities on Firepower 1000 appliances

 

ASA Performance and capabilities on Firepower 1000 appliances

Features1010112011401150
Stateful inspection firewall throughput12 Gbps 4.5 Gbps6 Gbps7.5 Gbps
Stateful inspection firewall throughput (multiprotocol)21.4 Gbps2.5 Gbps3.5 Gbps4.5 Gbps
Concurrent firewall connections100,000200,000400,000600,000
Firewall latency (UDP 64B microseconds)
New connections per second25,00075,000 100,000150,000
IPsec VPN throughput (450B UDP L2L test)500 Mbps1 Gbps1.2 Gbps1.7 Gbps
Maximum VPN Peers75150400800
Security contexts (included; maximum)NA2; 52; 52; 25
High availabilityActive/standbyActive/active and Active/standbyActive/active and Active/standbyActive/active and Active/standby
Clustering
ScalabilityVPN Load Balancing
Centralized managementCentralized configuration, logging, monitoring, and reporting are performed by Cisco Security Manager or alternatively in the cloud with Cisco Defense Orchestrator
Adaptive Security Device ManagerWeb-based, local management for small-scale deployments

Performance testing methodologies LINK

  1. Throughput measured with 1500B User Datagram Protocol (UDP) traffic measured under ideal test conditions.
  2. “Multiprotocol” refers to a traffic profile consisting primarily of TCP-based protocols and applications like HTTP, SMTP, FTP, IMAPv4, BitTorrent, and DNS.

Hardware specifications

Table 3. Cisco Firepower 1000 Series hardware specifications

Cisco Firepower 1000 Series hardware specifications

Features1010112011401150
Dimensions (H x W x D)1.82 x 7.85 x 8.07 in.1.72 x 17.2 x 10.58 in.1.72 x 17.2 x 10.58 in.1.72 x 17.2 x 10.58 in.
Form factor (rack units)DT1RU1RU1RU
Integrated I/O8 x RJ-45 (Includes 2 POE+ capable ports)8 x RJ-45, 4 x SFP8 x RJ-45, 4 x SFP8 x RJ-45, 2 x 1Gbps SFP, 2 x 1/10Gbps SFP+
Integrated network management ports1 x 10M/100M/1GBASE-T Ethernet port (RJ-45)1 x 10M/100M/1GBASE-T Ethernet port (RJ-45)1 x 10M/100M/1GBASE-T Ethernet port (RJ-45)1 x 10M/100M/1GBASE-T Ethernet port (RJ-45)
Serial port1 x RJ-45 console1 x RJ-45 console1 x RJ-45 console1 x RJ-45 console
USB1 x USB 3.0 Type-A (500mA)1 x USB 3.0 Type-A (500mA)1 x USB 3.0 Type-A (500mA)1 x USB 3.0 Type-A (500mA)
Storage1 x 200 GB1 x 200 GB1 x 200 GB1 x 200 GB
Power supply configuration+12V and -53.5V+12V+12V+12V
AC input voltage100 to 240V AC100 to 240V AC100 to 240V AC100 to 240V AC
AC maximum input current< 2A at 100V, < 1A at 240V< 2A at 100V, < 1A at 240V< 2A at 100V, < 1A at 240V< 2A at 100V, < 1A at 240V
AC maximum output power115W (55W of +12V and 60W of -53.5V)100W100W100W
AC frequency50 to 60 Hz50 to 60 Hz50 to 60 Hz50 to 60 Hz
AC efficiency>88% at 50% load>85% at 50% load>85% at 50% load>85% at 50% load
RedundancyNoneNoneNoneNone
FansNone1 integrated fan21 integrated fan21 integrated fan2
Noise0 dBA31.7 dBA @ 25C, 56.8 dBA at highest system performance34.2 dBA @ 25C, 56.8 dBA at highest system performance34.2 dBA @ 25C, 56.8 dBA at highest system performance
Rack mountableYes. Separate kit must be ordered.Yes. Fixed mount brackets included (2-post).Yes. Fixed mount brackets included (2-post).Yes. Fixed mount brackets included (2-post).
Weight3 lb (1.36 kg)8 lb (3.63 kg)8 lb (3.63 kg)8 lb (3.63 kg)
Temperature: operating32 to 104°F (0 to 40°C)32 to 104°F (0 to 40°C)32 to 104°F (0 to 40°C)32 to 104°F (0 to 40°C)
Temperature: nonoperating-13 to 158°F (-25 to 70°C)-13 to 158°F (-25 to 70°C)-13 to 158°F (-25 to 70°C)-13 to 158°F (-25 to 70°C)
Humidity: operating90% noncondensing90% noncondensing90% noncondensing90% noncondensing
Humidity: nonoperating10 to 90% noncondensing10 to 90% noncondensing10 to 90% noncondensing10 to 90% noncondensing
Altitude: operating9843 ft (max)

3000 m (max)

9843 ft (max)

3000 m (max)

9843 ft (max)

3000 m (max)

9843 ft (max)

3000 m (max)

Altitude: nonoperating15,000 ft (max)15,000 ft (max)15,000 ft (max)15,000 ft (max)

Table 4. Cisco Firepower 1000 Series regulatory, safety, and EMC compliance

Cisco Firepower 1000 Series regulatory, safety, and EMC compliance

SpecificationDescription
Regulatory complianceProducts comply with CE markings per directives 2004/108/EC and 2006/108/EC
Safety●  UL 60950-1

●  CAN/CSA-C22.2 No. 60950-1

●  EN 60950-1

●  IEC 60950-1

●  AS/NZS 60950-1

●  GB4943

EMC: emissions●  47CFR Part 15 (CFR 47) Class A (FCC Class A)

●  AS/NZS CISPR22 Class A

●  CISPR22 CLASS A

●  EN55022 Class A

●  ICES003 Class A

●  VCCI Class A

●  EN61000-3-2

●  EN61000-3-3

●  KN22 Class A

●  CNS13438 Class A

●  EN300386

●  TCVN7189

EMC: immunity●  EN55024

●  CISPR24

●  EN300386

●  KN24

●  TVCN 7317

●  EN-61000-4-2, EN-61000-4-3, EN-61000-4-4, EN-61000-4-5, EN-61000-4-6, EN-61000-4-8, EN61000-4-11