Cisco Firepower 4100 License

Cisco Firepower 4100 Series appliances

The Cisco Firepower 4100 Series is a family of seven threat-focused NGFW security platforms. Their throughput range addresses data center and internet edge use cases. They deliver superior threat defense, at faster speeds, with a smaller footprint. Cisco Firepower 4100 Series supports flow-offloading, programmatic orchestration, and the management of security services with RESTful APIs. Network Equipment Building Standards (NEBS)-compliance is supported by the Cisco Firepower 4120 platform. The 4100 Series platforms can run either the Cisco ASA Firewall or Cisco Firepower Threat Defense (FTD) software.

Model overview

Cisco Firepower 4100

Cisco Firepower 4100 Series summary:

Cisco Firepower 4100 Series summary
Model Firewall NGFW NGIPS Interfaces Optional Interfaces
FPR-4110 35G 11G 15G 8 x SFP+ on-chassis 2 x NM’s: 1/10/40G, FTW
FPR-4115(New) 80G 26G 27G 8 x SFP+ on-chassis 2 x NMs: 1/10/40G, FTW
FPR-4120 60G 19G 27G 8 x SFP+ on-chassis 2 x NM’s: 1/10/40G, FTW
FPR-4125(New) 80G 35G 41G 8 x SFP+ on-chassis 2 x NMs: 1/10/40G, FTW
FPR-4140 70G 27G 38G 8 x SFP+ on-chassis 2 x NM’s: 1/10/40G, FTW
FPR-4145(New) 80G 45G 55G 8 x SFP+ on-chassis 2 x NMs: 1/10/40G, FTW
FPR-4150 75G 39G 52G 8 x SFP+ on-chassis 2 x NM’s: 1/10/40G, FTW

Detailed performance specifications and feature highlights
Table 1. Performance specifications and feature highlights for Firepower 4100 with the Cisco Firepower Threat defense image

Detailed performance specifications and feature highlights
Features 4110 4115 4120 4125 4140 4145 4150
Throughput: FW + AVC (1024B) 13 Gbps 27 Gbps 22 Gbps 40 Gbps 32 Gbps 53 Gbps 45 Gbps
Throughput: FW + AVC + IPS (1024B) 11 Gbps 26 Gbps 19 Gbps 35 Gbps 27 Gbps 45 Gbps 39 Gbps
Maximum concurrent sessions, with AVC 10 million 15 million 15 million 25 million 25 million 30 million 30 million
Maximum new connections per second, with AVC 64K 200K 118K 265K 172K 350K 263K
TLS (Hardware Decryption)1 4.5 Gbps 6.5 Gbps 7.1 Gbps 8 Gbps 7.3 Gbps 10 Gbps 7.5 Gbps
Throughput: NGIPS (1024B) 15 Gbps 27 Gbps 27 Gbps 41 Gbps 38 Gbps 55 Gbps 52 Gbps
IPSec VPN Throughput (1024B TCP w/Fastpath) 6 Gbps 8 Gbps 10 Gbps 14 Gbps 13 Gbps 18 Gbps 14 Gbps
Maximum VPN Peers 10,000 15,000 15,000 20,000 20,000 20,000 20,000
Multi-Instance Capable Yes
Centralized management Centralized configuration, logging, monitoring, and reporting are performed by the Management Center or alternatively in the cloud with Cisco Defense Orchestrator
Application Visibility and Control (AVC) Standard, supporting more than 4000 applications, as well as geolocations, users, and websites
AVC: OpenAppID support for custom, open source, application detectors Standard
Cisco Security Intelligence Standard, with IP, URL, and DNS threat intelligence
Cisco Firepower NGIPS Available; can passively detect endpoints and infrastructure for threat correlation and Indicators of Compromise (IoC) intelligence
Cisco AMP for Networks Available; enables detection, blocking, tracking, analysis, and containment of targeted and persistent malware, addressing the attack continuum both during and after attacks. Integrated threat correlation with Cisco AMP for Endpoints is also optionally available
Cisco AMP Threat Grid sandboxing Available
URL Filtering: number of categories More than 80
URL Filtering: number of URLs categorized More than 280 million
Automated threat feed and IPS signature updates Yes: class-leading Collective Security Intelligence (CSI) from the Cisco Talos Group (https://www.cisco.com/c/en/us/products/security/talos.html)
Third-party and open-source ecosystem Open API for integrations with third-party products; Snort® and OpenAppID community resources for new and specific threats
High availability and clustering Active/standby. Cisco Firepower 4100 Series allows clustering of up to 6 chassis
Cisco Trust Anchor Technologies Firepower 4100 Series platforms include Trust Anchor Technologies for supply chain and software image assurance.

NOTE: Performance will vary depending on features activated, and network traffic protocol mix, and packet size characteristics. Performance is subject to change with new software releases. Consult your Cisco representative for detailed sizing guidance.

Table 2. ASA Performance and capabilities on Firepower 4100 appliances

ASA Performance and capabilities on Firepower 4100 appliances
Features 4110 4115 4120 4125 4140 4145 4150
Stateful inspection firewall throughput1 35 Gbps 80 Gbps 60 Gbps 80 Gbps 70 Gbps 80 Gbps 75 Gbps
Stateful inspection firewall throughput (multiprotocol)2 15 Gbps 40 Gbps 30 Gbps 45 Gbps 40 Gbps 50 Gbps 50 Gbps
Concurrent firewall connections 10 million 10 million 15 million 15 million 25 million 25 million 40 million 35 million
Firewall latency (UDP 64B microseconds) 3.5 3.5 3.5 3.5 3.5 3.5 3.5
New connections per second 150,000 848K 250,000 1.1 million 350,000 1.5 million 800,000
IPsec VPN throughput (450B UDP L2L test) 8 Gbps 15 Gbps 10 Gbps 19 Gbps 14 Gbps 23 Gbps 15 Gbps
Maximum VPN Peers 10,000 15,000 15,000 20,000 20,000 20,000 20,000
Security contexts (included; maximum) 10; 250 10; 250 10; 250 10; 250 10; 250 10; 250 10; 250
High availability Active/active and active/standby
Clustering Up to 16 appliances
Scalability VPN Load Balancing, Firewall Clustering.
Centralized management Centralized configuration, logging, monitoring, and reporting are performed by Cisco Security Manager or alternatively in the cloud with Cisco Defense Orchestrator
Adaptive Security Device Manager Web-based, local management for small-scale deployments

Hardware specifications

Table 3. Cisco Firepower 4100 Series hardware specifications

Cisco Firepower 4100 Series hardware specifications
Features 4110 4115 4120 4125 4140 4145 4150
Dimensions (H x W x D) 1.75 x 16.89 x 29.7 in. (4.4 x 42.9 x 75.4 cm)
Form factor (rack units) 1RU
Supervisor Cisco Firepower 4000 Supervisor with 8 x 10 Gigabit Ethernet ports and 2 Network Module (NM) slots for I/O expansion
Network modules
  • 8 x 10 Gigabit Ethernet Enhanced Small Form-Factor Pluggable (SFP+) network modules
  • 4 x 40 Gigabit Ethernet Quad SFP+ network modules
  • 8-port 1Gbps copper, FTW (fail to wire) Network Module
  1. 6-port 1 Gbps SX Fiber FTW (fail to wire) Network Module
  2. 6-port 10Gbps SR Fiber FTW (fail to wire) Network Module
  3. 6-port 10Gbps LR Fiber FTW (fail to wire) Network Module
Maximum number of interfaces Up to 24 x 10 Gigabit Ethernet (SFP+) interfaces; up to 8 x 40 Gigabit Ethernet (QSFP+) interfaces with 2 network modules
Integrated network management ports 1 Gigabit Ethernet

Supports 1-G fiber or copper SFPs

Serial port 1 x RJ-45 console
USB 1 x USB 2.0
Storage 200 GB 400 GB 200 GB 800 GB 400 GB 800 GB 400 GB
Power supplies Configuration Single 1100W AC, dual optional. Single/dual 950W DC optional1, 2 optional. Single/dual 950W DC optional1, 2 Single 1100W AC, dual optional. Single/dual 950W DC optional1 Dual 1100W AC1 Dual 1100W AC1 Dual 1100W AC1 Dual 1100W AC1
AC input voltage 100 to 240V AC
AC maximum input current 13A
AC maximum output power 1100W
AC frequency 50 to 60 Hz
AC efficiency >92% at 50% load
DC input voltage -40V to -60VDC
DC maximum input current 27A
DC maximum output power 950W
DC efficiency >92.5% at 50% load
Redundancy 1+1
Fans 6 hot-swappable fans
Noise 78 dBA
Rack mountable Yes, mount rails included (4-post EIA-310-D rack)
Weight 36 lb (16 kg): 2 x power supplies, 2 x NMs, 6x fans; 30 lb (13.6 kg): no power supplies, no NMs, no fans
Temperature: operating (0 to 40°C) 32 to 104°F (0 to 40°C) 32 to 104°F/td> (0 to 40°C) or NEBS operation (see below) 32 to 104°F (0 to 40°C) 32 to 95°F (0 to 35°C), at sea level 32 to 95°F (0 to 35°C), at sea level 32 to 95°F (0 to 35°C), at sea level 32 to 95°F
Temperature: nonoperating -40 to 149°F (-40 to 65°C)
Humidity: operating 5 to 95% noncondensing
Humidity: nonoperating 5 to 95% noncondensing
Altitude: operating 10,000 ft (max) 10,000 ft (max) 10,000 ft (max) 10,000 ft (max) or NEBS operation (see below) 10,000 ft (max) 10,000 ft (max) 10,000 ft (max)
Altitude: nonoperating 40,000 ft (max)
NEBS operation (FPR 4120 only)
  • Operating altitude: 0 to 13,000 ft (3960 m)
  • Operating temperature:
  • Long term: 0 to 45°C, up to 6,000 ft (1829 m)
  • Long term: 0 to 35°C, 6,000 to 13,000 ft (1829 to 3964 m)
  • Short term: -5 to 50°C, up to 6,000 ft (1829 m)

Table 4. Cisco Firepower 4100 Series NEBS, Regulatory, Safety, and EMC Compliance

Cisco Firepower 4100 Series NEBS, Regulatory, Safety, and EMC Compliance
Specification Description
Regulatory compliance Products comply with CE markings per directives 2004/108/EC and 2006/108/EC
Safety
  • UL 60950-1
  • CAN/CSA-C22.2 No. 60950-1
  • EN 60950-1
  • IEC 60950-1
  • AS/NZS 60950-1
  • GB4943
EMC: emissions
  • 47CFR Part 15 (CFR 47) Class A (FCC Class A)
  • AS/NZS CISPR22 Class A
  • CISPR22 CLASS A
  • EN55022 Class A
  • ICES003 Class A
  • VCCI Class A
  • EN61000-3-2
  • EN61000-3-3
  • KN22 Class A
  • CNS13438 Class A
  • EN300386
  • TCVN7189
EMC: Immunity
  • EN55024
  • CISPR24
  • EN300386
  • KN24
  • TVCN 7317
  • EN-61000-4-2, EN-61000-4-3, EN-61000-4-4, EN-61000-4-5, EN-61000-4-6, EN-61000-4-8, EN61000-4-11
  • Cisco Hardware License
  • Ready to take the next step?

    Leave a Reply

    Your email address will not be published. Required fields are marked *