Cisco Firepower 4100 License

Table of Contents

For more information, Cisco Firepower 4100 License Part Number

Cisco Firepower 4100 Series appliances

The Cisco Firepower 4100 Series is a family of seven threat-focused NGFW security platforms. Their throughput range addresses data center and internet edge use cases. They deliver superior threat defense, at faster speeds, with a smaller footprint. Cisco Firepower 4100 Series supports flow-offloading, programmatic orchestration, and the management of security services with RESTful APIs. Network Equipment Building Standards (NEBS)-compliance is supported by the Cisco Firepower 4120 platform. The 4100 Series platforms can run either the Cisco ASA Firewall or Cisco Firepower Threat Defense (FTD) software.

Model overview

Cisco Firepower 4100

Cisco Firepower 4100 Series summary:

Cisco Firepower 4100 Series summary
Model	Firewall	NGFW	NGIPS	Interfaces	Optional Interfaces
FPR-4110	35G	11G	15G	8 x SFP+ on-chassis	2 x NM’s: 1/10/40G, FTW
FPR-4115(New)	80G	26G	27G	8 x SFP+ on-chassis	2 x NMs: 1/10/40G, FTW
FPR-4120	60G	19G	27G	8 x SFP+ on-chassis	2 x NM’s: 1/10/40G, FTW
FPR-4125(New)	80G	35G	41G	8 x SFP+ on-chassis	2 x NMs: 1/10/40G, FTW
FPR-4140	70G	27G	38G	8 x SFP+ on-chassis	2 x NM’s: 1/10/40G, FTW
FPR-4145(New)	80G	45G	55G	8 x SFP+ on-chassis	2 x NMs: 1/10/40G, FTW
FPR-4150	75G	39G	52G	8 x SFP+ on-chassis	2 x NM’s: 1/10/40G, FTW

Detailed performance specifications and feature highlights
Table 1. Performance specifications and feature highlights for Firepower 4100 with the Cisco Firepower Threat defense image

Detailed performance specifications and feature highlights
								Features	4110	4115	4120	4125	4140	4145	4150
								Throughput: FW + AVC (1024B)	13 Gbps	27 Gbps	22 Gbps	40 Gbps	32 Gbps	53 Gbps	45 Gbps
								Throughput: FW + AVC + IPS (1024B)	11 Gbps	26 Gbps	19 Gbps	35 Gbps	27 Gbps	45 Gbps	39 Gbps
								Maximum concurrent sessions, with AVC	10 million	15 million	15 million	25 million	25 million	30 million	30 million
								Maximum new connections per second, with AVC	64K	200K	118K	265K	172K	350K	263K
								TLS (Hardware Decryption)1	4.5 Gbps	6.5 Gbps	7.1 Gbps	8 Gbps	7.3 Gbps	10 Gbps	7.5 Gbps
								Throughput: NGIPS (1024B)	15 Gbps	27 Gbps	27 Gbps	41 Gbps	38 Gbps	55 Gbps	52 Gbps
								IPSec VPN Throughput (1024B TCP w/Fastpath)	6 Gbps	8 Gbps	10 Gbps	14 Gbps	13 Gbps	18 Gbps	14 Gbps
Maximum VPN Peers	10,000	15,000	15,000	20,000	20,000	20,000	20,000
Multi-Instance Capable	Yes
Centralized management	Centralized configuration, logging, monitoring, and reporting are performed by the Management Center or alternatively in the cloud with Cisco Defense Orchestrator
Application Visibility and Control (AVC)	Standard, supporting more than 4000 applications, as well as geolocations, users, and websites
AVC: OpenAppID support for custom, open source, application detectors	Standard
Cisco Security Intelligence	Standard, with IP, URL, and DNS threat intelligence
Cisco Firepower NGIPS	Available; can passively detect endpoints and infrastructure for threat correlation and Indicators of Compromise (IoC) intelligence
Cisco AMP for Networks	Available; enables detection, blocking, tracking, analysis, and containment of targeted and persistent malware, addressing the attack continuum both during and after attacks. Integrated threat correlation with Cisco AMP for Endpoints is also optionally available
Cisco AMP Threat Grid sandboxing	Available
URL Filtering: number of categories	More than 80
URL Filtering: number of URLs categorized	More than 280 million
Automated threat feed and IPS signature updates	Yes: class-leading Collective Security Intelligence (CSI) from the Cisco Talos Group (https://www.cisco.com/c/en/us/products/security/talos.html)
Third-party and open-source ecosystem	Open API for integrations with third-party products; Snort® and OpenAppID community resources for new and specific threats
High availability and clustering	Active/standby. Cisco Firepower 4100 Series allows clustering of up to 6 chassis
Cisco Trust Anchor Technologies	Firepower 4100 Series platforms include Trust Anchor Technologies for supply chain and software image assurance.

NOTE: Performance will vary depending on features activated, and network traffic protocol mix, and packet size characteristics. Performance is subject to change with new software releases. Consult your Cisco representative for detailed sizing guidance.

For more information, Cisco firepower License

Table 2. ASA Performance and capabilities on Firepower 4100 appliances

ASA Performance and capabilities on Firepower 4100 appliances
Features	4110	4115	4120	4125	4140	4145	4150
Stateful inspection firewall throughput1	35 Gbps	80 Gbps	60 Gbps	80 Gbps	70 Gbps	80 Gbps	75 Gbps
Stateful inspection firewall throughput (multiprotocol)2	15 Gbps	40 Gbps	30 Gbps	45 Gbps	40 Gbps	50 Gbps	50 Gbps
Concurrent firewall connections 10 million	10 million	15 million	15 million	25 million	25 million	40 million	35 million
Firewall latency (UDP 64B microseconds)	3.5	3.5	3.5	3.5	3.5	3.5	3.5
New connections per second	150,000	848K	250,000	1.1 million	350,000	1.5 million	800,000
IPsec VPN throughput (450B UDP L2L test)	8 Gbps	15 Gbps	10 Gbps	19 Gbps	14 Gbps	23 Gbps	15 Gbps
Maximum VPN Peers	10,000	15,000	15,000	20,000	20,000	20,000	20,000
Security contexts (included; maximum)	10; 250	10; 250	10; 250	10; 250	10; 250	10; 250	10; 250
High availability	Active/active and active/standby
Clustering	Up to 16 appliances
Scalability	VPN Load Balancing, Firewall Clustering.
Centralized management	Centralized configuration, logging, monitoring, and reporting are performed by Cisco Security Manager or alternatively in the cloud with Cisco Defense Orchestrator
Adaptive Security Device Manager	Web-based, local management for small-scale deployments

Hardware specifications

Table 3. Cisco Firepower 4100 Series hardware specifications

Cisco Firepower 4100 Series hardware specifications
Features		4110	4115	4120	4125	4140	4145	4150
Dimensions (H x W x D)		1.75 x 16.89 x 29.7 in. (4.4 x 42.9 x 75.4 cm)
Form factor (rack units)		1RU
Supervisor		Cisco Firepower 4000 Supervisor with 8 x 10 Gigabit Ethernet ports and 2 Network Module (NM) slots for I/O expansion
Network modules		8 x 10 Gigabit Ethernet Enhanced Small Form-Factor Pluggable (SFP+) network modules 4 x 40 Gigabit Ethernet Quad SFP+ network modules 8-port 1Gbps copper, FTW (fail to wire) Network Module 6-port 1 Gbps SX Fiber FTW (fail to wire) Network Module 6-port 10Gbps SR Fiber FTW (fail to wire) Network Module 6-port 10Gbps LR Fiber FTW (fail to wire) Network Module
Maximum number of interfaces		Up to 24 x 10 Gigabit Ethernet (SFP+) interfaces; up to 8 x 40 Gigabit Ethernet (QSFP+) interfaces with 2 network modules
Integrated network management ports		1 Gigabit Ethernet Supports 1-G fiber or copper SFPs
Serial port		1 x RJ-45 console
USB		1 x USB 2.0
Storage		200 GB	400 GB	200 GB	800 GB	400 GB	800 GB	400 GB
Power supplies	Configuration	Single 1100W AC, dual optional. Single/dual 950W DC optional1, 2	optional. Single/dual 950W DC optional1, 2	Single 1100W AC, dual optional. Single/dual 950W DC optional1	Dual 1100W AC1	Dual 1100W AC1	Dual 1100W AC1	Dual 1100W AC1
	AC input voltage	100 to 240V AC
	AC maximum input current	13A
	AC maximum output power	1100W
	AC frequency	50 to 60 Hz
	AC efficiency	>92% at 50% load
	DC input voltage	-40V to -60VDC
	DC maximum input current	27A
	DC maximum output power	950W
	DC efficiency	>92.5% at 50% load
	Redundancy	1+1
Fans		6 hot-swappable fans
Noise		78 dBA
Rack mountable		Yes, mount rails included (4-post EIA-310-D rack)
Weight		36 lb (16 kg): 2 x power supplies, 2 x NMs, 6x fans; 30 lb (13.6 kg): no power supplies, no NMs, no fans
Temperature: operating		(0 to 40°C) 32 to 104°F	(0 to 40°C) 32 to 104°F/td>	(0 to 40°C) or NEBS operation (see below) 32 to 104°F	(0 to 40°C) 32 to 95°F	(0 to 35°C), at sea level 32 to 95°F	(0 to 35°C), at sea level 32 to 95°F	(0 to 35°C), at sea level 32 to 95°F
Temperature: nonoperating		-40 to 149°F (-40 to 65°C)
Humidity: operating		5 to 95% noncondensing
Humidity: nonoperating		5 to 95% noncondensing
Altitude: operating		10,000 ft (max)	10,000 ft (max)	10,000 ft (max) 10,000 ft (max) or NEBS operation (see below)		10,000 ft (max)	10,000 ft (max)	10,000 ft (max)
Altitude: nonoperating		40,000 ft (max)
NEBS operation (FPR 4120 only)		Operating altitude: 0 to 13,000 ft (3960 m) Operating temperature: Long term: 0 to 45°C, up to 6,000 ft (1829 m) Long term: 0 to 35°C, 6,000 to 13,000 ft (1829 to 3964 m) Short term: -5 to 50°C, up to 6,000 ft (1829 m)

Table 4. Cisco Firepower 4100 Series NEBS, Regulatory, Safety, and EMC Compliance

Cisco Firepower 4100 Series NEBS, Regulatory, Safety, and EMC Compliance
		Specification	Description
		Regulatory compliance	Products comply with CE markings per directives 2004/108/EC and 2006/108/EC
		Safety	UL 60950-1 CAN/CSA-C22.2 No. 60950-1 EN 60950-1 IEC 60950-1 AS/NZS 60950-1 GB4943
		EMC: emissions	47CFR Part 15 (CFR 47) Class A (FCC Class A) AS/NZS CISPR22 Class A CISPR22 CLASS A EN55022 Class A ICES003 Class A VCCI Class A EN61000-3-2 EN61000-3-3 KN22 Class A CNS13438 Class A EN300386 TCVN7189
		EMC: Immunity	EN55024 CISPR24 EN300386 KN24 TVCN 7317 EN-61000-4-2, EN-61000-4-3, EN-61000-4-4, EN-61000-4-5, EN-61000-4-6, EN-61000-4-8, EN61000-4-11