Cisco Firepower 4100 License
Cisco Firepower 4100 Series appliances
The Cisco Firepower 4100 Series is a family of seven threat-focused NGFW security platforms. Their throughput range addresses data center and internet edge use cases. They deliver superior threat defense, at faster speeds, with a smaller footprint. Cisco Firepower 4100 Series supports flow-offloading, programmatic orchestration, and the management of security services with RESTful APIs. Network Equipment Building Standards (NEBS)-compliance is supported by the Cisco Firepower 4120 platform. The 4100 Series platforms can run either the Cisco ASA Firewall or Cisco Firepower Threat Defense (FTD) software.
Model overview
Cisco Firepower 4100 Series summary:
Cisco Firepower 4100 Series summary | |||||
| Model | Firewall | NGFW | NGIPS | Interfaces | Optional Interfaces |
| FPR-4110 | 35G | 11G | 15G | 8 x SFP+ on-chassis | 2 x NM’s: 1/10/40G, FTW |
| FPR-4115(New) | 80G | 26G | 27G | 8 x SFP+ on-chassis | 2 x NMs: 1/10/40G, FTW |
| FPR-4120 | 60G | 19G | 27G | 8 x SFP+ on-chassis | 2 x NM’s: 1/10/40G, FTW |
| FPR-4125(New) | 80G | 35G | 41G | 8 x SFP+ on-chassis | 2 x NMs: 1/10/40G, FTW |
| FPR-4140 | 70G | 27G | 38G | 8 x SFP+ on-chassis | 2 x NM’s: 1/10/40G, FTW |
| FPR-4145(New) | 80G | 45G | 55G | 8 x SFP+ on-chassis | 2 x NMs: 1/10/40G, FTW |
| FPR-4150 | 75G | 39G | 52G | 8 x SFP+ on-chassis | 2 x NM’s: 1/10/40G, FTW |
Detailed performance specifications and feature highlights
Table 1. Performance specifications and feature highlights for Firepower 4100 with the Cisco Firepower Threat defense image
Detailed performance specifications and feature highlights | |||||||
| Features | 4110 | 4115 | 4120 | 4125 | 4140 | 4145 | 4150 |
| Throughput: FW + AVC (1024B) | 13 Gbps | 27 Gbps | 22 Gbps | 40 Gbps | 32 Gbps | 53 Gbps | 45 Gbps |
| Throughput: FW + AVC + IPS (1024B) | 11 Gbps | 26 Gbps | 19 Gbps | 35 Gbps | 27 Gbps | 45 Gbps | 39 Gbps |
| Maximum concurrent sessions, with AVC | 10 million | 15 million | 15 million | 25 million | 25 million | 30 million | 30 million |
| Maximum new connections per second, with AVC | 64K | 200K | 118K | 265K | 172K | 350K | 263K |
| TLS (Hardware Decryption)1 | 4.5 Gbps | 6.5 Gbps | 7.1 Gbps | 8 Gbps | 7.3 Gbps | 10 Gbps | 7.5 Gbps |
| Throughput: NGIPS (1024B) | 15 Gbps | 27 Gbps | 27 Gbps | 41 Gbps | 38 Gbps | 55 Gbps | 52 Gbps |
| IPSec VPN Throughput (1024B TCP w/Fastpath) | 6 Gbps | 8 Gbps | 10 Gbps | 14 Gbps | 13 Gbps | 18 Gbps | 14 Gbps |
| Maximum VPN Peers | 10,000 | 15,000 | 15,000 | 20,000 | 20,000 | 20,000 | 20,000 |
| Multi-Instance Capable | Yes | ||||||
| Centralized management | Centralized configuration, logging, monitoring, and reporting are performed by the Management Center or alternatively in the cloud with Cisco Defense Orchestrator | ||||||
| Application Visibility and Control (AVC) | Standard, supporting more than 4000 applications, as well as geolocations, users, and websites | ||||||
| AVC: OpenAppID support for custom, open source, application detectors | Standard | ||||||
| Cisco Security Intelligence | Standard, with IP, URL, and DNS threat intelligence | ||||||
| Cisco Firepower NGIPS | Available; can passively detect endpoints and infrastructure for threat correlation and Indicators of Compromise (IoC) intelligence | ||||||
| Cisco AMP for Networks | Available; enables detection, blocking, tracking, analysis, and containment of targeted and persistent malware, addressing the attack continuum both during and after attacks. Integrated threat correlation with Cisco AMP for Endpoints is also optionally available | ||||||
| Cisco AMP Threat Grid sandboxing | Available | ||||||
| URL Filtering: number of categories | More than 80 | ||||||
| URL Filtering: number of URLs categorized | More than 280 million | ||||||
| Automated threat feed and IPS signature updates | Yes: class-leading Collective Security Intelligence (CSI) from the Cisco Talos Group (https://www.cisco.com/c/en/us/products/security/talos.html) | ||||||
| Third-party and open-source ecosystem | Open API for integrations with third-party products; Snort® and OpenAppID community resources for new and specific threats | ||||||
| High availability and clustering | Active/standby. Cisco Firepower 4100 Series allows clustering of up to 6 chassis | ||||||
| Cisco Trust Anchor Technologies | Firepower 4100 Series platforms include Trust Anchor Technologies for supply chain and software image assurance. | ||||||
NOTE: Performance will vary depending on features activated, and network traffic protocol mix, and packet size characteristics. Performance is subject to change with new software releases. Consult your Cisco representative for detailed sizing guidance.
Table 2. ASA Performance and capabilities on Firepower 4100 appliances
ASA Performance and capabilities on Firepower 4100 appliances | |||||||
| Features | 4110 | 4115 | 4120 | 4125 | 4140 | 4145 | 4150 |
| Stateful inspection firewall throughput1 | 35 Gbps | 80 Gbps | 60 Gbps | 80 Gbps | 70 Gbps | 80 Gbps | 75 Gbps |
| Stateful inspection firewall throughput (multiprotocol)2 | 15 Gbps | 40 Gbps | 30 Gbps | 45 Gbps | 40 Gbps | 50 Gbps | 50 Gbps |
| Concurrent firewall connections | 10 million | 15 million | 15 million | 25 million | 25 million | 40 million | 35 million |
| Firewall latency (UDP 64B microseconds) | 3.5 | 3.5 | 3.5 | 3.5 | 3.5 | 3.5 | 3.5 |
| New connections per second | 150,000 | 848K | 250,000 | 1.1 million | 350,000 | 1.5 million | 800,000 |
| IPsec VPN throughput (450B UDP L2L test) | 8 Gbps | 15 Gbps | 10 Gbps | 19 Gbps | 14 Gbps | 23 Gbps | 15 Gbps |
| Maximum VPN Peers | 10,000 | 15,000 | 15,000 | 20,000 | 20,000 | 20,000 | 20,000 |
| Security contexts (included; maximum) | 10; 250 | 10; 250 | 10; 250 | 10; 250 | 10; 250 | 10; 250 | 10; 250 |
| High availability | Active/active and active/standby | ||||||
| Clustering | Up to 16 appliances | ||||||
| Scalability | VPN Load Balancing, Firewall Clustering. | ||||||
| Centralized management | Centralized configuration, logging, monitoring, and reporting are performed by Cisco Security Manager or alternatively in the cloud with Cisco Defense Orchestrator | ||||||
| Adaptive Security Device Manager | Web-based, local management for small-scale deployments | ||||||
Hardware specifications
Table 3. Cisco Firepower 4100 Series hardware specifications
Cisco Firepower 4100 Series hardware specifications | |||||||||||||
| Features | 4110 | 4115 | 4120 | 4125 | 4140 | 4145 | 4150 | ||||||
| Dimensions (H x W x D) | 1.75 x 16.89 x 29.7 in. (4.4 x 42.9 x 75.4 cm) | ||||||||||||
| Form factor (rack units) | 1RU | ||||||||||||
| Supervisor | Cisco Firepower 4000 Supervisor with 8 x 10 Gigabit Ethernet ports and 2 Network Module (NM) slots for I/O expansion | ||||||||||||
| Network modules | ● 8 x 10 Gigabit Ethernet Enhanced Small Form-Factor Pluggable (SFP+) network modules ● 4 x 40 Gigabit Ethernet Quad SFP+ network modules ● 8-port 1Gbps copper, FTW (fail to wire) Network Module ◦ 6-port 1 Gbps SX Fiber FTW (fail to wire) Network Module ◦ 6-port 10Gbps SR Fiber FTW (fail to wire) Network Module ◦ 6-port 10Gbps LR Fiber FTW (fail to wire) Network Module | ||||||||||||
| Maximum number of interfaces | Up to 24 x 10 Gigabit Ethernet (SFP+) interfaces; up to 8 x 40 Gigabit Ethernet (QSFP+) interfaces with 2 network modules | ||||||||||||
| Integrated network management ports | 1 Gigabit Ethernet Supports 1-G fiber or copper SFPs | ||||||||||||
| Serial port | 1 x RJ-45 console | ||||||||||||
| USB | 1 x USB 2.0 | ||||||||||||
| Storage | 200 GB | 400 GB | 200 GB | 800 GB | 400 GB | 800 GB | 400 GB | ||||||
| Power supplies | Configuration | Single 1100W AC, dual optional. Single/dual 950W DC optional1, 2 | optional. Single/dual 950W DC optional1, 2 | Single 1100W AC, dual optional. Single/dual 950W DC optional1 | Dual 1100W AC1 | Dual 1100W AC1 | Dual 1100W AC1 | Dual 1100W AC1 | |||||
| AC input voltage | 100 to 240V AC | ||||||||||||
| AC maximum input current | 13A | ||||||||||||
| AC maximum output power | 1100W | ||||||||||||
| AC frequency | 50 to 60 Hz | ||||||||||||
| AC efficiency | >92% at 50% load | ||||||||||||
| DC input voltage | -40V to -60VDC | ||||||||||||
| DC maximum input current | 27A | ||||||||||||
| DC maximum output power | 950W | ||||||||||||
| DC efficiency | >92.5% at 50% load | ||||||||||||
| Redundancy | 1+1 | ||||||||||||
| Fans | 6 hot-swappable fans | ||||||||||||
| Noise | 78 dBA | ||||||||||||
| Rack mountable | Yes, mount rails included (4-post EIA-310-D rack) | ||||||||||||
| Weight | 36 lb (16 kg): 2 x power supplies, 2 x NMs, 6x fans; 30 lb (13.6 kg): no power supplies, no NMs, no fans | ||||||||||||
| Temperature: operating | 32 to 104°F (0 to 40°C) | 32 to 104°F (0 to 40°C) | 32 to 104°F (0 to 40°C) or NEBS operation (see below) | 32 to 104°F (0 to 40°C) | 32 to 95°F (0 to 35°C), at sea level | 32 to 95°F (0 to 35°C), at sea level | 32 to 95°F (0 to 35°C), at sea level | ||||||
| Temperature: nonoperating | -40 to 149°F (-40 to 65°C) | ||||||||||||
| Humidity: operating | 5 to 95% noncondensing | ||||||||||||
| Humidity: nonoperating | 5 to 95% noncondensing | ||||||||||||
| Altitude: operating | 10,000 ft (max) | 10,000 ft (max) | 10,000 ft (max) or NEBS operation (see below) | 10,000 ft (max) | 10,000 ft (max) | 10,000 ft (max) | |||||||
| Altitude: nonoperating | 40,000 ft (max) | ||||||||||||
| NEBS operation (FPR 4120 only) | Operating altitude: 0 to 13,000 ft (3960 m) Operating temperature: Long term: 0 to 45°C, up to 6,000 ft (1829 m) Long term: 0 to 35°C, 6,000 to 13,000 ft (1829 to 3964 m) Short term: -5 to 50°C, up to 6,000 ft (1829 m) | ||||||||||||
Table 4. Cisco Firepower 4100 Series NEBS, Regulatory, Safety, and EMC Compliance
Cisco Firepower 4100 Series NEBS, Regulatory, Safety, and EMC Compliance | |
| Specification | Description |
| Regulatory compliance | Products comply with CE markings per directives 2004/108/EC and 2006/108/EC |
| Safety | ● UL 60950-1 ● CAN/CSA-C22.2 No. 60950-1 ● EN 60950-1 ● IEC 60950-1 ● AS/NZS 60950-1 ● GB4943 |
| EMC: emissions | ● 47CFR Part 15 (CFR 47) Class A (FCC Class A) ● AS/NZS CISPR22 Class A ● CISPR22 CLASS A ● EN55022 Class A ● ICES003 Class A ● VCCI Class A ● EN61000-3-2 ● EN61000-3-3 ● KN22 Class A ● CNS13438 Class A ● EN300386 ● TCVN7189 |
| EMC: Immunity | ● EN55024 ● CISPR24 ● EN300386 ● KN24 ● TVCN 7317 ● EN-61000-4-2, EN-61000-4-3, EN-61000-4-4, EN-61000-4-5, EN-61000-4-6, EN-61000-4-8, EN61000-4-11 |