Cisco Firepower 1000 License

Enterprise Firewall

Next-Generation Firewall

Cisco Firepower 1000 Series Appliances The Cisco Firepower 1000 Series is a family of four threat-focused Next-Generation Firewall (NGFW) security platforms that deliver business resiliency through superior threat defense. It offers exceptional sustained performance when advanced threat functions are enabled. The 1000 Series’ throughput range addresses use cases from the small office, home office, remote branch office to the Internet edge. The 1000 Series platforms run Cisco Firepower Threat Defense (FTD) and Cisco Adaptive Security Appliance (ASA) software.

Model overview

Firepower 1000

Cisco Firepower 1000 Series summary

Cisco Firepower 1000 Series summary
Model NGFW Next-Generation Intrusion Prevention System- NGIPS Interfaces
FPR-1010 650 Mbps 650 Mbps 8 x RJ45
FPR-1120 1.5 Gbps 1.5 Gbps 8 x RJ45, 4 x SFP
FPR-1140 2.2 Gbps 2.2 Gbps 8 x RJ45, 4 x SFP
FPR-1150 3 Gbps 3 Gbps 8 x RJ45, 2 x SFP, 2 x 10G SFP+

Detailed performance specifications and feature highlights

Table 1. Performance specifications and feature highlights for Cisco Firepower 1000 with the Cisco Firepower Threat Defense image

Detailed performance specifications and feature highlights
Feature 1010 1120 1140 1150
Throughput: Firewall (FW) + Application Visibility and Control (AVC) (1024B) 650 Mbps 1.5 Gbps 2.2 Gbps 3 Gbps
Throughput: FW + AVC + Intrusion Prevention System (IPS) (1024B) 650 Mbps 1.5 Gbps 2.2 Gbps 3 Gbps
Maximum concurrent sessions, with AVC 100K 200K 400K 600K
Maximum new connections per second, with AVC 6K 15K 22K 28K
Transport Layer Security (TLS) 150 Mbps 700 Mbps 1 Gbps 1.4 Gbps
Throughput: NGIPS (1024B) 650 Mbps 1.5 Gbps 2.2 Gbps 3 Gbps
IPSec VPN throughput (1024B TCP w/Fastpath) 300 Mbps 1 Gbps 1.2 Gbps 1.4 Gbps
Maximum VPN Peers 75 150 400 800
Cisco Firepower Device Manager (local management) Yes Yes Yes Yes
Centralized management Centralized configuration, logging, monitoring, and reporting are performed by the Management Center or alternatively in the cloud with Cisco Defense Orchestrator
AVC Standard, supporting more than 4000 applications, as well as geolocations, users, and websites
AVC: OpenAppID support for custom, open-source application detectors Standard
Cisco Security Intelligence Standard, with IP, URL, and DNS threat intelligence
Cisco Firepower NGIPS Available; can passively detect endpoints and infrastructure for threat correlation and Indicators of Compromise (IoC) intelligence
Cisco Advanced Malware Protection (AMP) for Networks Available; enables detection, blocking, tracking, analysis, and containment of targeted and persistent malware, addressing the attack continuum both during and after attacks. Integrated threat correlation with Cisco AMP for Endpoints is also optionally available
Cisco AMP Threat Grid sandboxing Available
URL filtering: number of categories More than 80
URL filtering: number of URLs categorized More than 280 million
Automated threat feed and IPS signature updates Yes: class-leading Collective Security Intelligence (CSI) from the Cisco Talos® group ()
Third-party and open-source ecosystem Open API for integrations with third-party products; Snort and OpenAppID community resources for new and specific threats
High availability and clustering Active/standby
Cisco Trust Anchor Technologies Cisco Firepower 1000 Series platforms include Trust Anchor Technologies for supply chain and software image assurance. Please see the section below for additional details

Note: Performance will vary depending on features activated, and network traffic protocol mix, and packet size characteristics. Performance is subject to change with new software releases. Consult your Cisco representative for detailed sizing guidance.
Table 2. ASA Performance and capabilities on Firepower 1000 appliances

ASA Performance and capabilities on Firepower 1000 appliances
Features 1010 1120 1140 1150
Stateful inspection firewall throughput1 2 Gbps 4.5 Gbps 6 Gbps 7.5 Gbps
Stateful inspection firewall throughput (multiprotocol)2 1.4 Gbps 2.5 Gbps 3.5 Gbps 4.5 Gbps
Concurrent firewall connections 100,000 200,000 400,000 600,000
Firewall latency (UDP 64B microseconds)
New connections per second 25,000 75,000 100,000 125,000
IPsec VPN throughput (450B UDP L2L test) 500 Mbps 1 Gbps 1.2 Gbps 1.7 Gbps
Maximum VPN Peers 75 150 400 800
Security contexts (included; maximum) NA 2; 5 2; 5 2; 25
High availability Active/standby Active/active and Active/standby Active/active and Active/standby Active/active and Active/standby
Clustering
Scalability VPN Load Balancing
Centralized management Centralized configuration, logging, monitoring, and reporting are performed by Cisco Security Manager or alternatively in the cloud with Cisco Defense Orchestrator
Adaptive Security Device Manager Web-based, local management for small-scale deployments

Performance testing methodologies LINK

  • Throughput measured with 1500B User Datagram Protocol (UDP) traffic measured under ideal test conditions.
  • “Multiprotocol” refers to a traffic profile consisting primarily of TCP-based protocols and applications like HTTP, SMTP, FTP, IMAPv4, BitTorrent, and DNS.

Hardware specifications

Table 3. Cisco Firepower 1000 Series hardware specifications

Cisco Firepower 1000 Series hardware specifications
Features 1010 1120 1140 1150
Dimensions (H x W x D) 1.82 x 7.85 x 8.07 in. 1.72 x 17.2 x 10.58 in. 1.72 x 17.2 x 10.58 in. 1.72 x 17.2 x 10.58 in.
Form factor (rack units) DT 1RU 1RU 1RU
Integrated I/O 8 x RJ-45 (Includes 2 POE+ capable ports) 8 x RJ-45, 4 x SFP 8 x RJ-45, 4 x SFP 8 x RJ-45, 2 x 1Gbps SFP, 2 x 1/10Gbps SFP+
Integrated network management ports 1 x 10M/100M/1GBASE-T Ethernet port (RJ-45) 1 x 10M/100M/1GBASE-T Ethernet port (RJ-45) 1 x 10M/100M/1GBASE-T Ethernet port (RJ-45) 1 x 10M/100M/1GBASE-T Ethernet port (RJ-45)
Serial port 1 x RJ-45 console 1 x RJ-45 console 1 x RJ-45 console 1 x RJ-45 console
USB 1 x USB 3.0 Type-A (500mA) 1 x USB 3.0 Type-A (500mA) 1 x USB 3.0 Type-A (500mA) 1 x USB 3.0 Type-A (500mA)
Storage 1 x 200 GB 1 x 200 GB 1 x 200 GB 1 x 200 GB
Power supply configuration +12V and -53.5V +12V +12V +12V
AC input voltage 100 to 240V AC 100 to 240V AC 100 to 240V AC 100 to 240V AC
AC maximum input current < 2A at 100V, < 1A at 240V < 2A at 100V, < 1A at 240V < 2A at 100V, < 1A at 240V < 2A at 100V, < 1A at 240V
AC maximum output power 115W (55W of +12V and 60W of -53.5V) 100W 100W 100W
AC frequency 50 to 60 Hz 50 to 60 Hz 50 to 60 Hz 50 to 60 Hz
AC efficiency >88% at 50% load >85% at 50% load >85% at 50% load >85% at 50% load
Redundancy None None None None
Fans None 1 integrated fan2 1 integrated fan2 1 integrated fan2
Noise 0 dBA 31.7 dBA @ 25C, 56.8 dBA at highest system performance 34.2 dBA @ 25C, 56.8 dBA at highest system performance 34.2 dBA @ 25C, 56.8 dBA at highest system performance
Rack mountable Yes. Separate kit must be ordered. Yes. Fixed mount brackets included (2-post). Yes. Fixed mount brackets included (2-post). Yes. Fixed mount brackets included (2-post).
Weight 3 lb (1.36 kg) 8 lb (3.63 kg) 8 lb (3.63 kg) 8 lb (3.63 kg)
Temperature: operating 32 to 104°F (0 to 40°C) 32 to 104°F (0 to 40°C) 32 to 104°F (0 to 40°C) 32 to 104°F (0 to 40°C)
Temperature: nonoperating -13 to 158°F (-25 to 70°C) -13 to 158°F (-25 to 70°C) -13 to 158°F (-25 to 70°C) -13 to 158°F (-25 to 70°C)
Humidity: operating 90% noncondensing 90% noncondensing 90% noncondensing 90% noncondensing
Humidity: nonoperating 10 to 90% noncondensing 10 to 90% noncondensing 10 to 90% noncondensing 10 to 90% noncondensing
Altitude: operating
  • 9843 ft (max)
  • 3000 m (max)
  • 9843 ft (max)
  • 3000 m (max)
  • 9843 ft (max)
  • 3000 m (max)
  • 9843 ft (max)
  • 3000 m (max)
Altitude: nonoperating 15,000 ft (max) 15,000 ft (max) 15,000 ft (max) 15,000 ft (max)

Table 4. Cisco Firepower 1000 Series regulatory, safety, and EMC compliance

Cisco Firepower 1000 Series regulatory, safety, and EMC compliance
Specification Description
Regulatory compliance Products comply with CE markings per directives 2004/108/EC and 2006/108/EC
Safety
  • UL 60950-1
  • CAN/CSA-C22.2 No. 60950-1
  • EN 60950-1
  • IEC 60950-1
  • AS/NZS 60950-1
  • GB4943
EMC: emissions
  • 47CFR Part 15 (CFR 47) Class A (FCC Class A)
  • AS/NZS CISPR22 Class A
  • CISPR22 CLASS A
  • EN55022 Class A
  • ICES003 Class A
  • VCCI Class A
  • EN61000-3-2
  • EN61000-3-3
  • KN22 Class A
  • CNS13438 Class A
  • EN300386
  • TCVN7189
EMC: immunity
  • EN55024
  • CISPR24
  • EN300386
  • KN24
  • TVCN 7317
  • EN-61000-4-2, EN-61000-4-3, EN-61000-4-4, EN-61000-4-5, EN-61000-4-6, EN-61000-4-8, EN61000-4-11
  • Cisco Hardware License
  • Ready to take the next step?

    Leave a Reply

    Your email address will not be published. Required fields are marked *