Contain known and unknown malware with leading Cisco Advanced Malware Protection (AMP) and sandboxing.

Similar documents
Contain known and unknown malware with leading Cisco Advanced Malware Protection (AMP) and sandboxing.

Contain known and unknown malware with leading Cisco Advanced Malware Protection (AMP) and sandboxing.

Contain known and unknown malware with leading Cisco Advanced Malware Protection (AMP) and sandboxing.

Cisco Firepower 9300 Security Appliance

Cisco Firepower Next-Generation Firewall (NGFW)

1100 Appliances. Big security for small branches. Datasheet: Check Point 1100 Appliances FEATURES BENEFITS GATEWAY SOFTWARE BLADES

1100 Appliances. Big security for small branches. Datasheet: Check Point 1100 Appliances FEATURES BENEFITS GATEWAY SOFTWARE BLADES

Security Solutions SALES GUIDE. for Connectivity Data Center Applications & Content. Your JUNIPER NETWORKS dedicated Sales Team

G2 T. Specification Sheet G2T-001 G2T Touchscreen Mainframes Accepts G2 Plug-in Modules Four Sizes: 2RU, 3RU, 6RU and 8RU

Data Protection: Your Choice Is Simple PARTNER LOGO

CA Top Secret r14 for z/os

ASA5525-FPWR-K9 Datasheet. Overview. Check its price: Click Here. Quick Specs

Avid Interplay Bundle

n Explore virtualization concepts n Become familiar with cloud concepts

Cisco Nexus 9500 Platform Switches for Cisco Application Centric Infrastructure

Cisco ASA with FirePOWER Services

SRx. HD/SD Dual Input Diversity COFDM Receiver. Features. Options

STRATEGIC. alliances & Services

IT administrators face a variety of challenges

Cisco Next Generation Firewall and IPS. Dragan Novakovic Security Consulting Systems Engineer

n Learn how resiliency strategies reduce risk n Discover automation strategies to reduce risk

Cisco Nexus 9500 Series Switches

Cisco Content Delivery Engine 280 for TV Streaming

Cisco Nexus 9500 Platform Switches for Cisco Application Centric Infrastructure

G2 T Made in the USA. Specification Sheet G2T-001 G2T Mainframes with Touchscreen Accepts G2 Plug-in Modules Four Sizes: 2RU, 3RU, 6RU and 8RU

Cisco UCS B230 M2 Blade Server

Out the box. dataloggers. easy to configure easy data streaming easy choice. connect, simply configure and go

BE Software Upgrades to ITALYCS 5. It s in the. Software

Cisco Content Delivery Engine 285 for Open Media Distribution

TELETERM M2 Series Programmable RTU s

MOTIF XF Extension Owner s Manual

TELETERM M2 Series Programmable RTU s

Cisco Secure Network Server

Cisco Firepower Thread Defence. Claudiu Boar

Web OS Switch Software

OPC Server ECL Comfort 210/310 OPC Server

vbonline Pro Condition Monitoring System Product Datasheet Bently Nevada* Asset Condition Monitoring

Cisco Secure Network Server

Cisco ASA with FirePOWER Services

Session Initiated Protocol (SIP) and Message-based Load Balancing (MBLB)

Cisco Network Convergence System 5500 Series

Cisco Nexus 9500 R-Series

Security and Communication. Ultimate. Because Intercom doesn t stop at the hardware level. Software Intercom Server for virtualised IT platforms

1 Enterprise Modeler

CAEN Tools for Discovery

USB TO PARALLEL USB to DB25 Parallel Adapter Cable

SRx. HD/SD Dual Input Diversity COFDM Receiver. Features. Options. Accessories. Applications

MANAGED! PREPARE TO BE FEATURES HANDHELD USER DISPLAYS. Specifications MEASUREMENT STABILIZATION INDICATOR

Transitioning to BGP

vbonline Pro Condition Monitoring System

OnApp Cloud. The complete platform for cloud service providers. 114 Cores. 286 Cores / 400 Cores

Service Oriented Enterprise Architecture and Service Oriented Enterprise

Windows Server 2008 R2 networking

ICS Regent. Communications Modules. Module Operation. RS-232, RS-422 and RS-485 (T3150A) PD-6002

Cisco Nexus 9500 Platform Line Cards and Fabric Modules

Building Your Security Operations Center and Taking it to the Next Level

Cisco ASA with FirePOWER Services

Data Warehousing. Paper

Baan Tools User Management

Did you know that houses with CCTV are 90% less likely to be burgled? Introducing the new Easy Fit range of CCTV.

TruVu 360 User Community. SpectroCare. Enterprise Fluid Intelligence for Predictive Maintenance. TruVu 360 Product Information

Customer Portal Quick Reference User Guide

THE FUTURE IS EFFICIENT

ASA5508-FTD-K9. ASA 5508-X with Firepower Threat Defense. 8GE. AC. 450 Mbps. 250 Mbps. 1 Gbps. 500 Mbps. 100 Mbps. Unlimited

Huawei FusionHome Smart Energy Solution

PIRANHA Cameras. Operation. CL-P1: 2 O/P, 50MHz Total Pixel Rate. Table 1. CL-P1 Camera Configurations. Sensor. Optical Interface PIRANHA

System Overview. Hardware Concept. s Introduction to the Features of MicroAutoBox t

JavaFX. JavaFX 2.2 Installation Guide Release 2.2 E August 2012 Installation instructions by operating system for JavaFX 2.

Going Mobile with. SYSPRO Espresso

Out the box. dataloggers. easy to configure easy data streaming easy choice. connect, simply configure and go

Identifying and Cabling Circuit Cards. Identifying and Cabling Circuit Cards - 1

CTx / CTx-II. Ultra Compact SD COFDM Concealment Transmitters. Features: Options: Accessories: Applications:

Baan Finance Financial Statements

Isn t It Time You Got Faster, Quicker?

System and Software Architecture Description (SSAD)

RPM710 AC DRIVE E492603

OpenText RightFax Fax Server

LifeBook P Series Notebook BIOS BIOS SETUP UTILITY

CA InterTest for CICS r8.5

Continuity Logic Frontline Live

HP Media Center PC Getting Started Guide

Chapter 4 Threads. Operating Systems: Internals and Design Principles. Ninth Edition By William Stallings

CMSC Computer Architecture Lecture 12: Virtual Memory. Prof. Yanjing Li University of Chicago

Cisco Nexus 7000 Switches Second-Generation Supervisor Modules Data Sheet

PrimaX Gas Transmitter Versatile Gas Detection to Meet Your Needs

Firewall and IDS. TELE3119: Week8

HP Media Center PC Getting Started Guide

OnApp Cloud. The complete cloud management platform

Fujitsu LifeBook P Series

Politecnico di Milano Advanced Network Technologies Laboratory. Internet of Things. Projects

Cisco UCS B460 M4 Blade Server

BAAN IVc/BaanERP. Conversion Guide Oracle7 to Oracle8

Bike MS: 2013 Participant Center guide

Bike MS: 2014 Participant Center guide

Power Transducers. Measuring most electrical parameters

Oracle Process Manufacturing

IS-IS in Detail. ISP Workshops

CORD Test Project in Okinawa Open Laboratory

Cisco UCS 6324 Fabric Interconnect

DropCam Transmitter II

Transcription:

Data Sheet Cisco Firepower NGFW The Cisco Firepower NGFW (ext-geeratio firewall) is the idustry s first fully itegrated, threat-focused ext-ge firewall with uified maagemet. It uiquely provides advaced threat protectio before, durig, ad after attacks. Stop more threats Cotai kow ad ukow malware with leadig Cisco Advaced Malware Protectio (AMP) ad sadboxig. Gai more isight Detect earlier, act faster Gai superior visibility ito your eviromet with Cisco Firepower ext-ge IPS. Automated risk rakigs ad impact flags idetify priorities for your team. The Cisco Aual Security Report idetifies a 1-day media time from ifectio to detectio, across eterprises. Reduce this time to less tha a day. Reduce complexity Get uified maagemet ad automated threat correlatio across tightly itegrated security fuctios, icludig applicatio firewallig, NGIPS, ad AMP. Get more from your etwork Ehace security, ad take advatage of your existig ivestmets, with optioal itegratio of other Cisco ad third-party etworkig ad security solutios. Performace Highlights Table 1 summarizes the performace highlights of the Cisco Firepower 41 Series NGFW, 93 Series Security Appliaces, ad select Cisco ASA 55-X appliaces. Table 1. Appliace Performace Highlights Features Cisco Firepower Model Cisco ASA 55-FTD-X Model 211 212 213 214 411 412 414 415 93 93 93 93 556-556W- 556H- 558-5516- 5525-5545- 5555- with with with with FTD- FTD-X FTD-X FTD- FTD- FTD- FTD- FTD- 1 SM- 1 SM- 1 SM- 3 SM-44 X X X X X X 24 36 44 s Throughput FW + AVC (Cisco Firepower Threat Defese) 1 2. 3 4.75 8.5 12 2 25 3 3 42 54 135 25 25 25 45 85 11 15 175 Throughput: FW + AVC + NGIPS (Cisco Firepower Threat Defese) 1 2. 3 4.75 8.5 1 15 2 24 24 34 53 133 125 125 125 25 45 65 1 125 1 HTTP sessios with a average packet size of 124 bytes 2 124 bytes TCP firewall performace Note: NGFW performace varies depedig o etwork ad traffic characteristics. Cosult your Cisco represetative for detailed sizig guidace. Performace is subject to chage with ew software releases. 217 Cisco ad/or its affiliates. All rights reserved. This documet is Cisco Public Iformatio. Page 1 of 15

Cisco Firepower 21 Series: The idustry s first midrage NGFWs deliverig sustaiable performace whe threat ispectio is eabled Cisco Firepower 41 Series: The idustry s first 1RU NGFWs with 4- iterfaces Cisco Firepower 93: Ultra-high-performace NGFW, expadable as your eeds grow Cisco ASA 55-X Series: Models for brach offices, idustrial applicatios, ad the Iteret edge Firepower NGFWv: The NGFW for virtual ad cloud eviromets Platform Image Support The Cisco Firepower NGFW icludes Applicatio Visibility ad Cotrol (AVC), optioal Next-Ge IPS (NGIPS), Cisco Advaced Malware Protectio (AMP) for Networks, ad URL Filterig. The Cisco Firepower 21 Series, 41 Series, ad 93 appliaces use the Cisco Firepower Threat Defese software image. Alteratively, Cisco Firepower 21 Series, 41 Series, ad 93 appliaces ca support the Cisco Adaptive Security Appliace (ASA) software image. Maagemet Optios Cisco Firepower NGFWs may be maaged i a variety of ways depedig o the way you work, your eviromet, ad your eeds. The Cisco Firepower Maagemet Ceter (formerly FireSIGHT) provides cetralized maagemet of the Cisco Firepower NGFW, the Cisco Firepower NGIPS, ad Cisco AMP for Networks. It also provides threat correlatio for etwork sesors ad Advaced Malware Protectio (AMP) for Edpoits. 217 Cisco ad/or its affiliates. All rights reserved. This documet is Cisco Public Iformatio. Page 2 of 16

The Cisco Firepower Device Maager is available for local maagemet of 21 Series ad select 55-X Series devices ruig the Cisco Firepower Threat Defese software image. The Cisco Adaptive Security Device Maager is available for local maagemet of the Cisco Firepower 21 Series, 41 Series, Cisco Firepower 93 Series, ad Cisco ASA 55-X Series devices ruig the ASA software image. Cisco Defese Orchestrator cloud-based maagemet is also available for cosistet policy maagemet across Cisco security devices ruig the ASA software image, eablig greater maagemet efficiecy for the distributed eterprise. Firepower DDoS Mitigatio Also available o the Cisco Firepower 41 Series ad 93 appliaces is tightly itegrated, comprehesive, behavioral DDoS mitigatio for both etwork ad applicatio ifrastructure protectio. This DDoS mitigatio is Radware s Virtual DefesePro (vdp). It is available from ad supported directly by Cisco. Cisco Firepower 21 Series Appliaces The Cisco Firepower 21 Series is a family of four threat-focused NGFW security platforms that deliver busiess resiliecy through superior threat defese. It offers exceptioal sustaied performace whe advaced threat fuctios are eabled. These platforms uiquely icorporate a iovative dual multicore CPU architecture that optimizes firewall, cryptographic, ad threat ispectio fuctios simultaeously. The series firewall throughput rage addresses use cases from the Iteret edge to the data ceter. Cisco Firepower 41 Series Appliaces The Cisco Firepower 41 Series is a family of four threat-focused NGFW security platforms. Their throughput rage addresses data ceter ad iteret edge use cases. They deliver superior threat defese, at faster speeds, with a smaller footprit. Cisco Firepower 41 Series supports flow-offloadig, programmatic orchestratio, ad the maagemet of security services with RESTful APIs. Network Equipmet Buildig Stadards (NEBS)- compliace is supported by the Cisco Firepower 412 platform. Cisco Firepower 93 Security Appliace The Cisco Firepower 93 is a scalable (beyod 1 Tbps whe clustered), carrier-grade, modular platform desiged for service providers, high-performace computig ceters, large data ceters, campuses, high-frequecy tradig eviromets, ad other eviromets that require low (less tha 5-microsecod offload) latecy ad exceptioal throughput. Cisco Firepower 93 supports flow-offloadig, programmatic orchestratio, ad the maagemet of security services with RESTful APIs. It is also available i Network Equipmet Buildig Stadards (NEBS)- compliat cofiguratios. Cisco ASA 55-FTD-X Series Appliaces The Cisco ASA 55-FTD-X Series is a family of eight threat-focused NGFW security platforms. Their throughput rage addresses use cases from the small or brach office to the Iteret edge. They deliver superior threat defese i a cost-effective footprit. Cisco Firepower NGFW Virtual (NGFWv) Appliaces Cisco Firepower NGFWv is available o VMware, KVM, ad the Amazo Web Services (AWS) ad Microsoft Azure eviromets for virtual, public, private, ad hybrid cloud eviromets. Orgaizatios employig SDN ca rapidly provisio ad orchestrate flexible etwork protectio with Firepower NGFWv. As well, orgaizatios usig NFV ca further lower costs utilizig Firepower NGFWv. 217 Cisco ad/or its affiliates. All rights reserved. This documet is Cisco Public Iformatio. Page 3 of 16

NGFWv 211 212 213 214 411 412 414 415 93 with 1 SM-24 93 with 1 SM-36 93 with 1 SM-44 93 with 3 SM-44 s 556-FTD-X 556W-FTD-X 556H-FTD-X 558-FTD-X 5516-FTD-X 5525-FTD-X 5545-FTD-X 5555-FTD-X Performace Specificatios ad Feature Highlights Table 2 summarizes the capabilities of the Cisco Firepower NGFWv, Firepower 21 Series, ad 41 Series ad 93 appliaces as well as the Cisco ASA 55-FTD-X appliaces whe ruig the Cisco Firepower Threat Defese image. Table 2. Performace Specificatios ad Feature Highlights for Physical ad Virtual Appliaces with the Cisco Firepower Threat Defese Image Features Cisco Firepower Model Cisco ASA 55-FTD-X Model Throughput: FW + AVC 1.2 Gbp s 2. 3 4.75 8.5 12 2 25 3 3 42 54 135 25 25 25 45 85 11 15 175 Throughput: AVC + IPS 1.1 Gbp s 2. 3 4.75 8.5 1 15 2 24 24 34 53 133 125 125 125 25 45 65 1 125 Maximum cocurret sessios, with AVC 1, 1 1.2 2 3. 9 15 25 3 3 3 3 6 2, 2, 2, 1, 25, 5, 75, 1,, Maximum ew coectios per secod, with AVC 1, 12, 16, 24, 4, 68, 12, 16, 2, 12, 16, 3, 9, 3, 3, 3, 7, 8, 1, 15, 2, IPSec VPN Throughput (124B TCP w/fastpath) - 75 1 1.5 3 6 1 13 14 13.5 16 17 51 1 1 1 175 25 3 4 7 Maximum VPN Peers - 15 35 75 1 1 15 2 2 2 2 2 6 5 5 5 1 3 3 4 7 Cisco Firepower Device Maager (local maagemet) Yes (VM ware oly) Yes Yes Yes Yes - - - - - - - - Yes Yes Yes Yes Yes Yes Yes Yes Cetralized m aagemet Applicatio Visibility ad Cotrol (AVC) AVC: OpeAppID support for custom, ope source, applicatio detectors Cisco Security Itelligece Cisco Firepower NGIPS Cisco AMP for Networks Cetralized cofiguratio, loggig, moitorig, ad reportig are performed by the Maagemet Ceter or alteratively i the cloud with Cisco Defese Orchestrator Stadard, supportig more tha 4 applicatios, as well as geolocatios, users, ad websites Stadard Stadard, with IP, URL, ad DNS threat itelligece Available; ca passively detect edpoits ad ifrastructure for threat correlatio ad Idicators of Compromise (IoC) itelligece Available; eables detectio, blockig, trackig, aalysis, ad cotaimet of targeted ad persistet malware, addressig the attack cotiuum both durig ad after attacks. Itegrated threat correlatio with Cisco AMP for Edpoits is also optioally available 217 Cisco ad/or its affiliates. All rights reserved. This documet is Cisco Public Iformatio. Page 4 of 16

NGFWv 211 212 213 214 411 412 414 415 93 with 1 SM-24 93 with 1 SM-36 93 with 1 SM-44 93 with 3 SM-44 s 556-FTD-X 556W-FTD-X 556H-FTD-X 558-FTD-X 5516-FTD-X 5525-FTD-X 5545-FTD-X 5555-FTD-X Features Cisco Firepower Model Cisco ASA 55-FTD-X Model Cisco AMP Threat Grid sadboxig URL Filterig: umber of categories URL Filterig: umber of URLs categorized Automated threat feed ad IPS sigature updates Thirdparty ad opesource ecosyste m Available More tha 8 More tha 28 Yes: class-leadig Collective Security Itelligece (CSI) from the Cisco Talos Group (https://www.cisco.com/c/e/us/products/security/talos.html) Ope API for itegratios with third-party products; Sort ad OpeAppID commuity resources for ew ad specific threats High availabilit y ad clusterig Active/ Stadb y for ESXi ad KVM Active/sta; for Cisco Firepower 93 itrachassis clusterig of up to 5 chassis is allowed; Cisco Firepower 41 Series allows clusterig of up to 6 chassis VLANs maximum Cisco Trust Achor Techolo gies - 124 - ASA 556-X, 558-X, ad 5516-X appliaces, Firepower 21 Series ad Firepower 41 Series ad 93 platforms iclude Trust Achor Techologies for supply chai ad software image assurace. Please see the sectio below for additioal details Note: Throughput assumes HTTP sessios with a average packet size of 124 bytes. Performace will vary depedig o features activated, ad etwork traffic protocol mix, packet size characteristics ad hypervisor employed (NGFWv). Performace is subject to chage with ew software releases. Cosult your Cisco represetative for detailed sizig guidace. Table 3 summarizes the performace ad capabilities of the Cisco Firepower 21, 41 Series ad 93 appliaces whe ruig the ASA image. For Cisco ASA 55-X Series performace specificatios with the ASA image, please visit the Cisco ASA with FirePOWER Services data sheet. Table 3. Features ASA Performace ad Capabilities o Firepower Appliaces Cisco Firepower Appliace Model 211 212 213 214 411 412 414 415 93 with 1 SM-24 93 with 1 SM-36 93 with 1 SM-44 93 with 3 SM-44 s Stateful ispectio firewall throughput 1 3 6 1 2 35 6 7 75 75 8 8 234 217 Cisco ad/or its affiliates. All rights reserved. This documet is Cisco Public Iformatio. Page 5 of 16

Features Cisco Firepower Appliace Model 211 212 213 214 411 412 414 415 93 with 1 SM-24 93 with 1 SM-36 93 with 1 SM-44 93 with 3 SM-44 s Stateful ispectio firewall throughput (multiprotoc ol) 2 Cocurret firewall coectios Firewall latecy (UDP 64B microsecod s) New coectios per secod IPsec VPN throughput (45B UDP L2L test) IPsec/Cisco AyCoect/ Apex site-tosite VPN peers Maximum umber of VLANs Security cotexts (icluded; maximum) 1.5 3 5 1 15 3 4 5 5 6 6 13 1 1.5 2 3 1 15 25 35 55 6 6 7 - - - - 3.5 3.5 3.5 3.5 3.5 3.5 3.5 3.5 18 28 4 75 15, 25, 35, 8, 8, 1.2 1.8 4 5 7 1 2 8 1 14 15 15 18 2 6 3 / 4 15 35 75 1 1, 15, 2, 2, 2, 2, 2, 6, 3 / 2, 4 6 75 124 124 124 124 124 124 124 124 124 2; 25 2; 25 2; 3 2; 4 1; 25 1; 25 1; 25 1; 25 1; 25 1; 25 1; 25 1; 25 High availability Clusterig - - - - Up to 16 appliace s Up to 16 appliace s Up to 16 appliace s Up to 16 appliace s Up to 5 appliace s with 3 security modules each Up to 5 appliace s with three security modules each Up to 5 appliace s with three security modules each Up to 5 appliace s with 3 security modules each Scalability VPN Load Balacig VPN Load Balacig, Firewall Clusterig Cetralized maagemet Cetralized Maagemet (CSM) ot curretly supported for 21 series Cetralized cofiguratio, loggig, moitorig, ad reportig are performed by Cisco Security Maager or alteratively i the cloud with Cisco Defese Orchestrator Adaptive Security Device Maager Web-based, local maagemet for small-scale deploymets 1 Throughput measured with User Datagram Protocol (UDP) traffic measured uder ideal test coditios. 2 Multiprotocol refers to a traffic profile cosistig primarily of TCP-based protocols ad applicatios like HTTP, SMTP, FTP, IMAPv4, BitTorret, ad DNS. 3 I uclustered cofiguratio. 217 Cisco ad/or its affiliates. All rights reserved. This documet is Cisco Public Iformatio. Page 6 of 16

Table 4. Operatig Requiremets for Firepower NGFWv Virtual Appliaces Platform Support Miimum systems requiremets: VMware Miimum systems requiremets: KVM Supported AWS istaces Supported Azure istaces Maagemet optios VMware, KVM, AWS, Azure 4 vcpu 8-GB memory 5-GB disk 4 vcpu 8-GB memory 5-GB disk c3.xlarge Stadard_D3 Firepower Maagemet Ceter Cisco Defese Orchestrator Firepower Device Maager (VMware) Hardware Specificatios Tables 5, 6, ad 7 summarize the hardware specificatios for the 21 Series, 41 Series, ad 93 Series, respectively. Table 8 summarizes regulatory stadards compliace. For Cisco ASA 55-X Series hardware specificatios, please visit the Cisco ASA with FirePOWER Services data sheet. Table 5. Features Cisco Firepower 21 Series Hardware Specificatios Cisco Firepower Model Dimesios (H x W x D) Form factor (rack uits) Security module slots - 211 212 213 214 1.73 x 16.9 x 19.76 i. (4.4 x 42.9 x 5.2 cm) 1RU I/O module slots 1 NM slot Itegrated I/O 12 x 1M/1M/1GBASE-T Etheret iterfaces (RJ-45), 4 x 1 Gigabit (SFP) Etheret iterfaces 12 x 1M/1M/1GBASE-T Etheret iterfaces (RJ-45), 4 x 1 Gigabit (SFP+) Etheret iterfaces Network modules Noe (FPR-NM-8X1G) 8 x 1 Gigabit Etheret Ehaced Small Form-Factor Pluggable (SFP+) etwork module Maximum umber of iterfaces Itegrated etwork maagemet ports Serial port USB Storage Note: The 21 Series appliaces may also be deployed as dedicated threat sesors with fail-to-wire etwork modules. Please cotact your Cisco represetative for details. Up to 16 total Etheret ports (12x1G RJ-45, 4x1G SFP) 1 x 1M/1M/1GBASE-T Etheret port (RJ-45) 1 x RJ-45 cosole 1 x USB 2. Type-A (5mA) 1x 1 GB, 1x spare slot (for MSP) 1x 1 GB, 1x spare slot (for MSP) Up to 24 total Etheret ports (12x1G RJ-45, 4x1G SFP+, ad etwork module with 8x1G SFP+) 1x 2 GB, 1x spare slot (for MSP) Power supplies Cofiguratio Sigle itegrated 25W AC power supply. Sigle 4W AC, Dual 4W AC optioal. Sigle/Dual 35W DC optioal 1 AC iput voltage 1 to 24V AC 1 to 24V AC AC maximum iput curret < 2.7A at 1V < 6A at 1V 1x 2 GB, 1x spare slot (for MSP) Dual 4W AC. Sigle/dual 35W DC optioal 1 217 Cisco ad/or its affiliates. All rights reserved. This documet is Cisco Public Iformatio. Page 7 of 16

Features Cisco Firepower Model 211 212 213 214 AC maximum output power 25W 4W AC frequecy 5 to 6 Hz 5 to 6 Hz AC efficiecy >88% at 5% load >89% at 5% load DC iput voltage - -48V to -6VDC DC maximum iput curret - < 12.5A at -48V DC maximum output power - 35W DC efficiecy - >88% at 5% load Redudacy Noe 1+1 AC or DC with dual supplies Fas 4 itegrated (2 iteral, 2 exhaust) fas 2 1 hot-swappable fa module (with 4 fas) 2 Noise Rack moutable 56 dba @ 25C 74 dba at highest system performace. Yes. Fixed mout brackets icluded (2-post). Mout rails optioal (4-post EIA- 31-D rack) 56 dba @ 25C 77 dba at highest system performace. Weight 16.1 lb (7.3 kg): with 2x SSDs 19.4 lb (8.8 kg) 1 x power supplies, 1 x NM, 1 x fa module, 2x SSDs Yes. Mout rails icluded (4-post EIA-31-D rack) Temperature: operatig 32 to 14 F ( to 4 C) 32 to 14 F ( to 4 C) or NEBS operatio (see below) 3 Temperature: ooperatig Humidity: operatig Humidity: ooperatig -4 to 149 F (-2 to 65 C) 1 to 85% ocodesig 5 to 95% ocodesig Altitude: operatig 1, ft (max) 1, ft (max) or NEBS operatio (see below) 3 Altitude: ooperatig 4, ft (max) NEBS operatio (FPR-213 Oly) 3 Operatig altitude: to 13, ft (3962 m) Operatig temperature: Log term: to 45 C, up to 6, ft (1829 m) Log term: to 35 C, 6, to 13, ft (1829 to 3964 m) Short term: -5 to 55 C, up to 6, ft (1829 m) 21 lb (9.53 kg) 2 x power supplies, 1 x NM, 1 x fa module, 2x SSDs 32 to 14 F ( to 4 C) 1, ft (max) 1 Dual power supplies are hot-swappable. 2 Fas operate i a 3+1 redudat cofiguratio where the system will cotiue to fuctio with oly 3 operatioal fas. The 3 remaiig fas will ru at full speed. 3 FPR-213 platform is desiged to be NEBS ready. The availability of NEBS certificatio is pedig. Table 6. Cisco Firepower 41 Series Hardware Specificatios Features Dimesios (H x W x D) Form factor (rack uits) Security module slots - I/O module slots 2 Supervisor Cisco Firepower Model 411 412 414 415 1.75 x 16.89 x 29.7 i. (4.4 x 42.9 x 75.4 cm) 1RU Cisco Firepower 4 Supervisor with 8 x 1 Gigabit Etheret ports ad 2 Network (NM) slots for I/O expasio 217 Cisco ad/or its affiliates. All rights reserved. This documet is Cisco Public Iformatio. Page 8 of 16

Features Cisco Firepower Model 411 412 414 415 Network modules Maximum umber of iterfaces Itegrated etwork maagemet ports Serial port 8 x 1 Gigabit Etheret Ehaced Small Form-Factor Pluggable (SFP+) etwork modules 4 x 4 Gigabit Etheret Quad SFP+ etwork modules 8-port 1 copper, FTW (fail to wire) Network Note: Firepower 41 Series appliaces may also be deployed as dedicated threat sesors, with fail-to-wire etwork modules. Please cotact your Cisco represetative for details. Up to 24 x 1 Gigabit Etheret (SFP+) iterfaces; up to 8 x 4 Gigabit Etheret (QSFP+) iterfaces with 2 etwork modules 1 x Gigabit Etheret copper port 1 x RJ-45 cosole USB 1 x USB 2. Storage 2 GB 2 GB 4 GB 4 GB Power supplies Cofiguratio Sigle 11W AC, dual optioal. Sigle/dual 95W DC optioal 1, 2 Sigle 11W AC, dual optioal. Sigle/dual 95W DC optioal 1 Dual 11W AC 1 Dual 11W AC 1 AC iput voltage AC maximum iput curret AC maximum output power AC frequecy AC efficiecy DC iput voltage DC maximum iput curret DC maximum output power DC efficiecy 1 to 24V AC 13A 11W 5 to 6 Hz >92% at 5% load -4V to -6VDC 27A 95W >92.5% at 5% load Redudacy 1+1 Fas Noise Rack moutable Weight 6 hot-swappable fas 78 dba Yes, mout rails icluded (4-post EIA-31-D rack) 36 lb (16 kg): 2 x power supplies, 2 x NMs, 6x fas; 3 lb (13.6 kg): o power supplies, o NMs, o fas Temperature: operatig 32 to 14 F ( to 4 C) 32 to 14 F ( to 4 C) or NEBS operatio (see below) 32 to 95 F ( to 35 C), at sea level 32 to 95 F ( to 35 C), at sea level Temperature: ooperatig Humidity: operatig Humidity: ooperatig -4 to 149 F (-4 to 65 C) 5 to 95% ocodesig 5 to 95% ocodesig Altitude: operatig 1, ft (max) 1, ft (max) or NEBS operatio (see below) 1, ft (max) Altitude: ooperatig 4, ft (max) NEBS operatio (FPR 412 oly) Operatig altitude: to 13, ft (396 m) Operatig temperature: 1 Dual power supplies are hot-swappable. Log term: to 45 C, up to 6, ft (1829 m) Log term: to 35 C, 6, to 13, ft (1829 to 3964 m) Short term: -5 to 5 C, up to 6, ft (1829 m) 217 Cisco ad/or its affiliates. All rights reserved. This documet is Cisco Public Iformatio. Page 9 of 16

Table 7. Cisco Firepower 93 Hardware Specificatios Specificatio Dimesios (H x W x D) Form factor Security module slots 3 Network module slots Supervisor Security modules Network modules Maximum umber of iterfaces Itegrated etwork maagemet ports Serial port Descriptio 5.25 x 17.5 x 32 i. (13.3 x 44.5 x 81.3 cm) 3 Rack Uits (3RU), fits stadard 19-i. (48.3-cm) square-hole rack 2 (withi supervisor) Cisco Firepower 9 Supervisor with 8 x 1 Gigabit Etheret ports ad 2 etwork module slots for I/O expasio Cisco Firepower 9 Security 24 with 2 x SSDs i RAID-1 cofiguratio Cisco Firepower 9 Security 36 with 2 x SSDs i RAID-1 cofiguratio 8 x 1 Gigabit Etheret Ehaced Small Form-Factor Pluggable (SFP+) etwork modules 4 x 4 Gigabit Etheret Quad SFP+ etwork modules 2 x 1 Gigabit Etheret Quad SFP28 etwork modules (double-wide, occupies both etwork module bays) Note: Firepower 93 may also be deployed as a dedicated threat sesor, with fail-to-wire etwork modules. Please cotact your Cisco represetative for details. Up to 24 x 1 Gigabit Etheret (SFP+) iterfaces; up to 8 x 4 Gigabit Etheret (QSFP+) iterfaces with 2 etwork modules 1 x Gigabit Etheret copper port (o supervisor) 1 x RJ-45 cosole USB 1 x USB 2. Storage Up to 2.4 TB per chassis (8 GB per security module i RAID-1 cofiguratio) Power supplies AC power supply -48V DC power supply HVDC power supply Fas Noise Rack moutable Weight Temperature: stadard operatig Iput voltage 2 to 24V AC -4V to -6V DC * 24 to 38V DC Maximum iput curret 15.5A to 12.9A 69A to 42A <14A at 2V Maximum output power 25W 25W 25W Frequecy 5 to 6 Hz - - Efficiecy (at 5% load) 92% 92% 92% (at 5% load) Redudacy 1+1 4 hot-swappable fas 75.5 dba at maximum fa speed Yes, mout rails icluded (4-post EIA-31-D rack) 15 lb (47.7 kg) with oe security module; 135 lb (61.2 kg) fully cofigured Up to 1, ft (3 M): 32 to 14 F ( to 4 C) for SM-24 module 32 to 88 F ( to 35 C) for SM-36 module at sea-level Altitude adjustmet otes: For SM-36, maximum temp is 35⁰C, for every 1 feet above sea level subtract 1⁰C Temperature: NEBS operatig Log term: to 45 C, up to 6, ft (1829 m) Temperature: ooperatig Humidity: operatig Humidity: ooperatig Log term: to 35 C, 6, to 13, ft (1829-3964 m) Short term: -5 to 55 C, up to 6, ft (1829 m) Note: Cisco Firepower 93 NEBS compliace applies oly to SM-24 cofiguratios. -4 to 149 F (-4 to 65 C); maximum altitude is 4, ft 5 to 95% ocodesig 5 to 95% ocodesig Altitude: operatig SM-24: to 13, ft (3962 m) Altitude: ooperatig 4, ft (12,192 m) * Miimum tur-o voltage is -44V DC SM-36: to 1, ft (348 m); please see above Operatig Temperature sectio for temperature adjustmet otes 217 Cisco ad/or its affiliates. All rights reserved. This documet is Cisco Public Iformatio. Page 1 of 16

Table 8. Cisco Firepower 41 Series ad Cisco Firepower 93 NEBS, Regulatory, Safety, ad EMC Compliace Specificatio NEBS Regulatory compliace Descriptio Safety UL 695-1 Cisco Firepower 93 is NEBS compliat with SM-24 Security s. Cisco Firepower 412 is NEBS compliat. Products comply with CE markigs per directives 24/18/EC ad 26/18/EC CAN/CSA-C22.2 No. 695-1 EN 695-1 IEC 695-1 AS/NZS 695-1 GB4943 EMC: emissios 47CFR Part 15 (CFR 47) Class A (FCC Class A) EMC: Immuity AS/NZS CISPR22 Class A CISPR22 CLASS A EN5522 Class A ICES3 Class A VCCI Class A EN61-3-2 EN61-3-3 KN22 Class A CNS13438 Class A EN3386 TCVN7189 EN5524 CISPR24 EN3386 KN24 TVCN 7317 Cisco Trust Achor Techologies Cisco Trust Achor Techologies provide a highly secure foudatio for certai Cisco products. They eable hardware ad software autheticity assurace for supply chai trust ad strog mitigatio agaist a ma-i-themiddle compromise of software ad firmware. Trust Achor capabilities iclude: Image sigig: Cryptographically siged images provide assurace that the firmware, BIOS, ad other software are authetic ad umodified. As the system boots, the system s software sigatures are checked for itegrity. Secure Boot: Secure Boot achors the boot sequece chai of trust to immutable hardware, mitigatig threats agaist a system s foudatioal state ad the software that is to be loaded, regardless of a user s privilege level. It provides layered protectio agaist the persistece of illicitly modified firmware. Trust Achor module: A tamper-resistat, strog-cryptographic, sigle-chip solutio provides hardware autheticity assurace to uiquely idetify the product so that its origi ca be cofirmed to Cisco, providig assurace that the product is geuie. Firepower DDoS Mitigatio Firepower DDoS Mitigatio is provided by Radware Virtual DefesePro (vdp), available ad supported directly from Cisco o the followig Cisco Firepower 93 ad 41 series appliaces: 217 Cisco ad/or its affiliates. All rights reserved. This documet is Cisco Public Iformatio. Page 11 of 16

Cisco Firepower Model ASA image FTD Image 93 SM-44 yes yes 93 SM-36 yes yes 93 SM-24 yes yes 415 yes yes 414 yes yes 412 yes yes 411 o yes Radware vdp is a award-wiig, real-time, behavioral DDoS attack mitigatio solutio that protects orgaizatios agaist multiple DDoS threats. Firepower DDoS mitigatio defeds your applicatio ifrastructure agaist etwork ad applicatio degredatio ad outage. DDoS Mitigatio: Protectio Set Firepower s vdp DDoS mitigatio cosists of patet-protected, adaptive, behavioral-based real-time sigature techology that detects ad mitigates zero-day etwork ad applicatio DDoS attacks i real time. It elimiates the eed for huma itervetio ad does ot block legitimate user traffic whe uder attack. The followig attacks are detected ad mitigated: SYN flood attacks Network DDoS attacks, icludig IP floods, ICMP floods, TCP floods, UDP floods, ad IGMP floods Applicatio DDoS attacks, icludig HTTP floods ad DNS query floods Aomalous flood attacks, such as ostadard ad malformed packet attacks Performace The performace figures i Table 9 apply to all Cisco Firepower 41 series models. Table 9. Key DDoS Performace Metrics for Cisco Firepower 41 Series Parameter Maximum mitigatio capacity/throughput Maximum legitimate cocurret sessios Maximum DDoS flood attack prevetio rate Value 1 29, Coectios Per Secod (CPS) 1,8, Packets Per Secod (PPS) The performace figures i Table 1 are for Cisco Firepower 93 with 1 to 3 Security s irrespective of Security type (SM-24, SM-36 or SM-44). Table 1. Key DDoS Performace Metrics for Cisco Firepower 93 with 1, 2, or 3 Security s. Parameter Maximum mitigatio capacity/throughput Maximum legitimate cocurret sessios Maximum DDoS flood attack prevetio rate Firepower 93 with 1 Security Firepower 93 with 2 Security s 1 2 3 29, Coectios Per Secod (CPS) 1,8, Packets Per Secod (PPS) 418, Coectios Per Secod (CPS) 3,6, Packets Per Secod (PPS) Firepower 93 with 3 Security s 627, Coectios Per Secod (CPS) 5,4, Packets Per Secod (PPS) 217 Cisco ad/or its affiliates. All rights reserved. This documet is Cisco Public Iformatio. Page 12 of 16

Orderig Iformatio Cisco Smart Licesig The Cisco Firepower NGFW is sold with Cisco Smart Licesig. Cisco uderstads that purchasig, deployig, maagig, ad trackig software liceses is complex. As a result, we are itroducig Cisco Smart Software Licesig, a stadardized licesig platform that helps customers uderstad how Cisco software is used across their etwork, thereby reducig admiistrative overhead ad operatig expeses. With Smart Licesig, you have a complete view of software, liceses, ad devices from oe portal. Liceses are easily registered ad activated ad ca be shifted betwee like hardware platforms. Additioal iformatio is available here: https://www.cisco.com/web/orderig/smart-software-licesig/idex.html. Related iformatio, o Smart Licesig Smart Accouts, is available here: https://www.cisco.com/web/orderig/smart-softwaremaager/smart-accouts.html. Cisco Smart Net Total Care Support: Move Quickly with Aytime Access to Cisco Expertise ad Resources Cisco Smart Net Total Care is a award-wiig techical support service that gives your IT staff direct aytime access to Techical Assistace Ceter (TAC) egieers ad Cisco.com resources. You receive the fast, expert respose ad the dedicated accoutability you require to resolve critical etwork issues. Smart Net Total Care provides the followig device-level support: Global access 24 hours a day, 365 days a year to specialized egieers i the Cisco TAC Aytime access to the extesive Cisco.com olie kowledge base, resources, ad tools Hardware replacemet optios iclude 2-hour, 4-hour, Next-Busiess-Day (NDB) advace replacemet, as well as Retur For Repair (RFR) Ogoig operatig system software updates, icludig both mior ad major releases withi your licesed feature set Proactive diagostics ad real-time alerts o select devices with Smart Call Home I additio, with the optioal Cisco Smart Net Total Care Osite Service, a field egieer istalls replacemet parts at your locatio ad helps esure that your etwork operates optimally. For more iformatio o Smart Net Total Care please visit: https://www.cisco.com/c/e/us/services/portfolio/product-techical-support/smart-et-totalcare.html. Select Part Numbers Tables 11, 12, ad 13 provide details o part umbers for Cisco Firepower NGFW solutios. Please cosult the Orderig Guide for additioal cofiguratio optios ad accessories. Table 11. Cisco Firepower 21 Series: Select Product Compoets Part Number (Appliace Master Budle) FPR211-BUN FPR212-BUN FPR213-BUN FPR214-BUN Part Number (Network ) FPR2K-NM-8X1G= Descriptio Cisco Firepower 211 Master Budle Cisco Firepower 212 Master Budle Cisco Firepower 213 Master Budle Cisco Firepower 214 Master Budle Descriptio Spare Cisco Firepower 8-port SFP+ etwork module 217 Cisco ad/or its affiliates. All rights reserved. This documet is Cisco Public Iformatio. Page 13 of 16

Part Number (Appliaces with FTD software) FPR211-NGFW-K9 Cisco Firepower 211 NGFW Appliace, 1RU FPR212-NGFW-K9 Cisco Firepower 212 NGFW Appliace, 1RU FPR213-NGFW-K9 Cisco Firepower 213 NGFW Appliace, 1RU, 1 x Network Bays FPR214-NGFW-K9 Cisco Firepower 214 NGFW Appliace, 1RU, 1 x Network Bays Cisco Firepower 21 Series NGFW Select Liceses L-FPR211T-TMC= Cisco Firepower 211 Threat Defese Threat, Malware, ad URL Licese L-FPR212T-TMC= Cisco Firepower 212 Threat Defese Threat, Malware, ad URL Licese L-FPR213T-TMC= Cisco Firepower 213 Threat Defese Threat, Malware, ad URL Licese L-FPR214T-TMC= Cisco Firepower 214 Threat Defese Threat, Malware, ad URL Licese Note: These optioal security services liceses ca be ordered with 1-, 3-, or 5-year subscriptios. Part Number (Appliaces with ASA Software) FPR211-ASA-K9 Cisco Firepower 211 ASA Appliace, 1RU FPR212-ASA-K9 Cisco Firepower 212 ASA Appliace, 1RU FPR213-ASA-K9 Cisco Firepower 213 ASA Appliace, 1RU, 1 x Network Bays FPR214-ASA-K9 Cisco Firepower 214 ASA Appliace, 1RU, 1 x Network Bays Optioal ASA Software Liceses Descriptio L-FPR2K-ENC-K9= Licese to eable strog ecryptio for ASA o Cisco Firepower 21 Series L-FPR2K-ASASC-1= Cisco Firepower 21 Add-o 1 security cotext liceses L-FPR2K-ASASC-5= Cisco Firepower 21 Add-o 5 security cotext liceses Hardware Accessories Please cosult the orderig guide for accessories icludig rack mouts, spare fas, power supplies, ad Solid-State Drives (SSDs) Table 12. Cisco Firepower 41 Series: Select Product Compoets Part Number (Appliace Master Budle) Descriptio FPR411-BUN Cisco Firepower 411 Master Budle, for ASA or Cisco Firepower Threat Defese Image FPR412-BUN Cisco Firepower 412 Master Budle, for ASA or Cisco Firepower Threat Defese Image FPR414-BUN Cisco Firepower 414 Master Budle, for ASA or Cisco Firepower Threat Defese Image FPR415-BUN Cisco Firepower 415 Master Budle, for ASA or Cisco Firepower Threat Defese Image Part Number (Spare Network ) Descriptio FPR4K-NM-8X1G= Spare Cisco Firepower 8-port SFP+ etwork module FPR4K-NM-4X4G= Spare Cisco Firepower 4-port QSFP+ etwork module Hardware Accessories Please cosult the orderig guide for accessories icludig rack mouts, spare fas, power supplies, ad Solid-State Drives (SSDs) Optioal ASA Software Liceses Descriptio L-F4K-ASA-CAR Licese to add Carrier Security Features to ASA L-FPR4K-ENCR-K9 Licese to eable strog ecryptio for ASA o Cisco Firepower 41 Series L-FPR4K-ASASC-1 Cisco Firepower 41 Add-o 1 security cotext liceses Cisco Firepower 41 Series NGFW Select Liceses L-FPR411T-TMC= Cisco Firepower 411 Threat Defese Threat, Malware, ad URL Licese L-FPR412T-TMC= Cisco Firepower 412 Threat Defese Threat, Malware, ad URL Licese L-FPR414T-TMC= Cisco Firepower 414 Threat Defese Threat, Malware, ad URL Licese L-FPR415T-TMC= Cisco Firepower 415 Threat Defese Threat, Malware, ad URL Licese Note: These optioal security services liceses ca be ordered with 1-, 3-, or 5-year subscriptios. 217 Cisco ad/or its affiliates. All rights reserved. This documet is Cisco Public Iformatio. Page 14 of 16

Table 13. Cisco Firepower 93: Select Product Compoets Part Number (Chassis) FPR-C93-AC FPR-C93-DC Descriptio Cisco Firepower 93 AC Chassis - icludes 2 power supply uits + 4 fas + rack-mout kit (3RU; accommodates up to three security modules) Cisco Firepower 93 DC Chassis - icludes 2 power supply uits + 4 fas + rack-mout kit (3RU; accommodates up to three security modules) FPR-C93-HVDC Cisco Firepower 93 high-voltage DC Chassis - icludes 2 power supply uits + 4 fas + rack-mout kit (3RU; accommodates up to three security modules) Part Number (Security ) FPR9K-SM-24 FPR9K-SM-36 FPR9K-SM-44 ASA Software Liceses for Cisco Firepower 93 L-F9K-ASA-CAR L-F9K-ASA-CAR= Descriptio 24 Physical Core Security (NEBS Ready) 36 Physical Core Security 44 Physical Core Security Descriptio Licese to add Carrier Security Features to ASA Licese to add Carrier Security Features to ASA L-F9K-ASA-SC-1 Licese to add 1 Security Cotexts to ASA i Cisco Firepower 9 L-F9K-ASA-SC-1= Licese to add 1 Security Cotexts to ASA i Cisco Firepower 9 L-F9K-ASA L-F9K-ASA= Licese to ru Stadard ASA o a Cisco Firepower 93 module Licese to ru Stadard ASA o a Cisco Firepower 93 module L-F9K-ASA-ENCR-K9 Licese to eable strog ecryptio i ASA ruig o Cisco Firepower 9 Cisco Firepower 93 NGFW Threat Defese Software Liceses FPR9K-TD-BASE L-FPR9K-SM24-TMC= L-FPR9K-SM24-TMC-3Y L-FPR9K-SM36-TMC= L-FPR9K-SM36-TMC-3Y L-FPR9K-SM44-TMC= L-FPR9K-SM44-TMC-3Y Descriptio Cisco Firepower Threat Defese Base Licese for Cisco Firepower 93 NGFW Cisco Firepower 9 SM-24 Threat Defese Threat, Malware, ad URL Licese Cisco Firepower 9 SM-24 Threat Defese Threat, Malware, ad URL 3Yr Svc Cisco Firepower 9 SM-36 Threat Defese Threat, Malware, ad URL Licese Cisco Firepower 9 SM-36 Threat Defese Threat, Malware, ad URL 3Yr Svc Cisco Firepower 9 SM-44 Threat Defese Threat, Malware, ad URL Licese Cisco Firepower 9 SM-44 Threat Defese Threat, Malware, ad URL 3Yr Svc * Note: Firepower 93 may also be deployed as a dedicated threat sesor, with fail-to-wire etwork modules. Please cotact your Cisco represetative for details. Warraty Iformatio Fid warraty iformatio o cisco.com at the Product Warraties page. Cisco Services Cisco offers a wide rage of service programs to accelerate customer success. These iovative services programs are delivered through a uique combiatio of people, processes, tools, ad parters, resultig i high levels of customer satisfactio. Cisco Services help you protect your etwork ivestmet, optimize etwork operatios, ad prepare your etwork for ew applicatios to exted etwork itelligece ad the power of your busiess. For more iformatio about Cisco services for security, visit https://www.cisco.com/go/services/security. 217 Cisco ad/or its affiliates. All rights reserved. This documet is Cisco Public Iformatio. Page 15 of 16

Cisco Capital Fiacig to Help You Achieve Your Objectives Cisco Capital fiacig ca help you acquire the techology you eed to achieve your objectives ad stay competitive. We ca help you reduce CapEx. Accelerate your growth. Optimize your ivestmet dollars ad ROI. Cisco Capital fiacig gives you flexibility i acquirig hardware, software, services, ad complemetary thirdparty equipmet. Ad there s just oe predictable paymet. Cisco Capital is available i more tha 1 coutries. Lear more. More Iformatio for Service Providers For iformatio about Cisco Firepower i service provider eviromets, please visit: https://www.cisco.com/c/e/us/solutios/eterprise-etworks/service-provider-security-solutios/ More Iformatio about Firepower NGFWs For further iformatio about Cisco Firepower NGFWs, please visit: https://www.cisco.com/go/gfw More Iformatio about Cisco Aycoect Cisco AyCoect Secure Mobility Cliet https://www.cisco.com/go/aycoect Cisco AyCoect Orderig Guide https://www.cisco.com/c/dam/e/us/products/security/aycoect-og.pdf Prited i USA C78-736661-14 12/17 217 Cisco ad/or its affiliates. All rights reserved. This documet is Cisco Public Iformatio. Page 16 of 16

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback