Cisco Firepower NGFW Virtual (NGFWv) Appliance License

  • Technical Support
  • Last updated on: 07 Jan 2020

Click Here for Ordering guide of Cisco Firewall NGFWv License

Cisco Firepower NGFW Virtual (NGFWv) Appliance License

The Cisco Next-Generation Firewall (NGFW) portfolio enables you to protect your workloads from an increasingly complex set of threats while delivering consistent security policies, visibility, and improved threat response. From your data center, branch offices, cloud environments, and everywhere in between, leveraging the power of Cisco turns your existing network infrastructure into an extension of your firewall solution, leading to adaptive security everywhere you need it. Our world-class NGFW sets the foundation for consistent visibility, policy harmonization, and unified management. Cisco Threat Response automates integrations across the entire Cisco security portfolio so you can rapidly detect, investigate, and remediate threats.

CALL NOW

Contact our sales experts to find out pricing and how to get your license through price inquiry form.

The physical and virtual Cisco Firepower NGFW appliances offer the same threat protection features, resulting in consistent security effectiveness and visibility across physical and virtual workloads.

The Cisco Firepower NGFWv is available on VMware, KVM, Amazon Web Services (AWS), and Microsoft Azure environments for virtual, public, private, and hybrid cloud deployments. Organizations employing a software-defined network can rapidly provision and orchestrate flexible network protection with Cisco Firepower NGFWv. As well, organizations using network function virtualization can further lower costs by avoiding upfront network infrastructure costs when utilizing Cisco Firepower NGFWv.

Features and benefits

Table 1. Features and benefits for NGFWv

Features and benefits for NGFWv

FeaturesBenefits
Cisco Firepower Device Manager (local management)Yes (ESXi and KVM only)
Centralized managementCentralized configuration, logging, monitoring, and reporting are performed by the Cisco Firepower Management Center (all platforms including on-premises and in AWS and Azure) or alternatively in the cloud with Cisco Defense Orchestrator (ESXi and KVM only)
Application Visibility and Control (AVC)Standard, supporting more than 4000 applications, as well as geolocations, users, and websites
AVC: OpenAppID support for custom, open-source, application detectorsStandard
Cisco Security IntelligenceStandard, with IP, URL, and DNS threat intelligence
Cisco Firepower Next-Generation Intrusion Prevention System (NGIPS)Available; can passively detect endpoints and infrastructure for threat correlation and Indicators of Compromise (IoC) intelligence
Cisco Advanced Malware Protection (AMP) for NetworksAvailable; enables detection, blocking, tracking, analysis, and containment of targeted and persistent malware, addressing the attack continuum both during and after attacks. Integrated threat correlation with Cisco AMP for Endpoints is also optionally available.
Cisco AMP Threat Grid sandboxingAvailable
URL filtering: number of categoriesMore than 80
URL filtering: number of URLs categorizedMore than 280 million
Automated threat feed and IPS signature updatesYes: Class-leading Collective Security Intelligence (CSI) from the Cisco Talos group (https://www.cisco.com/c/en/us/products/security/talos.html)
Third-party and open-source ecosystemOpen API for integrations with third-party products; Snort® and OpenAppID community resources for new and specific threats
High availability and clusteringActive/standby (ESXi and KVM only)
Deployment modesRouted, transparent (inline set — IPS-only), and passive

Note: Performance will vary depending on features activated, network traffic protocol mix, and packet size characteristics. Performance is subject to change with new software releases. Consult your Cisco representative for detailed sizing guidance.

Product performance guidelines

Note: Your performance may vary from the below. These should be considered general guidelines. Your actual performance will depend on your test environment, including CPU type, CPU speed, cache, number of interfaces, etc.

Table 2. Performance specifications for NGFWv

Performance specifications for NGFWv

Specification4 vCPU8 vCPU12 vCPU
Throughput: FW + AVC (1024B)3 Gbps5.5 Gbps10 Gbps
Throughput: FW + AVC + IPS (1024B)3 Gbps5.5 Gbps10 Gbps
Throughput: FW + AVC (450B)1.5 Gbps3 Gbps5 Gbps
Throughput: FW + AVC + IPS (450B)1 Gbps2 Gbps3 Gbps
Maximum concurrent sessions100,000250,000500,000
Maximum new connections per second20,00020,00040,000
Throughput: NGIPS (1024B)3 Gbps5 Gbps10 Gbps
Throughput: NGIPS (450B)1 Gbps2.5 Gbps5 Gbps
Maximum VPN peers250250750

System requirements

Table 3. System requirements for NGFWv

System requirements for NGFWv

SpecificationDescription
Virtual CPUs and memory (6.4 and later)

●  4 vCPU/8GB

●  8 vCPU/16GB

●  12 vCPU/24GB

Virtual CPUs and memory (6.3 and earlier)4 vCPU/8GB
Storage50GB for all FTDv configurations
Hypervisor supportESXi 6.0 and 6.5; KVM
Public cloud support

●  AWS (c3.xlarge and c4.xlarge)

●  Azure (Standard_D3, Standard_D3_V2)

Ordering information

Table 4. Ordering information for NGFWv

Ordering information for NGFWv

Part numberDescription
FPRTD-V-K9Cisco Firepower Threat Defense (TD) Virtual Appliance
L-FPRTD-V-TCisco Firepower TD Virtual Threat Protection
L-FPRTD-V-TMCisco Firepower TD Virtual Threat and Malware Protection
L-FPRTD-V-TCCisco Firepower TD Virtual Threat Protection and URL
L-FPRTD-V-TMCCisco Firepower TD Virtual Threat, Malware, and URL Filtering
L-FPRTD-V-AMPCisco Firepower TD Virtual Malware Protect
L-FPRTD-V-URLCisco Firepower Threat Defense Virtual URL Filtering

Cisco environmental sustainability

Information about Cisco’s environmental sustainability policies and initiatives for our products, solutions, operations, and extended operations or supply chain is provided in the “Environment Sustainability” section of Cisco’s Corporate Social Responsibility (CSR) Report.

Reference links to information about key environmental sustainability topics (mentioned in the “Environment Sustainability” section of the CSR Report) are provided in the following table:

Sustainability topicReference
Information on product material content laws and regulationsMaterials
Information on electronic waste laws and regulations, including products, batteries, and packagingWEEE compliance

Cisco makes the packaging data available for informational purposes only. It may not reflect the most current legal developments, and Cisco does not represent, warrant, or guarantee that it is complete, accurate, or up to date. This information is subject to change without notice.

CALL NOW

Contact our sales experts to find out pricing and how to get your license through price inquiry form.