Professional Documents
Culture Documents
Act Now
Cisco's Security Choice Enterprise Agreement helps budgets go further while simplifying license
management and billing.
Learn More
The Cisco Firepower® NGFW (next-generation rewall) is the industry’s rst fully
integrated, threat-focused next-gen rewall with uni ed management. It uniquely
provides advanced threat protection before, during, and after attacks.
Contain known and unknown malware with leading Cisco® Advanced Malware
Stop more Protection (AMP) and sandboxing.
threats
Gain superior visibility into your environment with Cisco Firepower next-gen
Gain more IPS.
insight Automated risk rankings and impact ags identify priorities for your team.
The Cisco Annual Security Report identi es a 100-day median time from
infection to detection, across enterprises. Reduce this time to less than a day.
Detect
earlier, act
https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/data_sheet-c78-736661.html 1/37
4/15/2019 Cisco Firepower Next-Generation Firewall (NGFW) Data Sheet - Cisco
faster
Model Overview
https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/data_sheet-c78-736661.html 2/37
4/15/2019 Cisco Firepower Next-Generation Firewall (NGFW) Data Sheet - Cisco
Firepower NGFWv:
The NGFW for virtual and cloud environments
Management Options
Cisco Firepower NGFWs may be managed in a variety of ways depending on the way you work, your
environment, and your needs.
The Cisco Firepower Management Center provides centralized management of the Cisco Firepower
NGFW, the Cisco Firepower NGIPS, and Cisco AMP for Networks. It also provides threat correlation for
network sensors and Advanced Malware Protection (AMP) for Endpoints.
The Cisco Firepower Device Manager is available for local management of 2100 Series and select 5500-
X Series devices running the Cisco Firepower Threat Defense software image.
The Cisco Adaptive Security Device Manager is available for local management of the Cisco Firepower
2100 Series, 4100 Series, Cisco Firepower 9300 Series, and Cisco ASA 5500-X Series devices running
the ASA software image.
Cisco Defense Orchestrator cloud-based management is also available for consistent policy
management across Cisco security devices running the ASA software image, enabling greater
management e ciency for the distributed enterprise.
data center. Network Equipment Building Standards (NEBS)- compliance is supported by the Cisco
Firepower 2100 Series platform.
The following are test methodologies used for measurements listed in Table 1. Small packet size tests
will re ect additional inspection overhead thus results in reduced rewall throughput. The reduction is
https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/data_sheet-c78-736661.html 4/37
4/15/2019 Cisco Firepower Next-Generation Firewall (NGFW) Data Sheet - Cisco
not linear, so extrapolation from a single test is not possible for the almost unlimited variety of network
environments. Testing security e cacy or security service performance under loaded conditions adds
even more complexity. For these reasons we rely on the 1024B HTTP Test.
1500B UDP
This test uses a transactional UDP pro le with 1500-byte frames. Due to the stateless nature of UDP, it
creates very little impact on a stateful NGFW. Many vendors use this pro le to measure maximum rewall
performance, but it is only practical as a comparison point and does not represent world conditions.
TLS
This test follows the 1024B HTTP test conditions with 50% of sessions encapsulated into TLS (HTTPS)
and fully decrypted for inspection in hardware. Client TLS sessions use AES256-SHA cipher with 2048-
bit RSA keys, and the server is assumed to reside behind the NGFW for Known Key decryption. These
test results can be linearly extrapolated for other percentages of TLS tra c; for example, the NGFW
throughput will be approximately twice as high with 25% of HTTPS connections in the overall tra c mix.
Table 1. Performance Speci cations and Feature Highlights for Physical and Virtual Appliances
with the Cisco Firepower Threat Defense Image
Features
https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/data_sheet-c78-736661.html 5/37
4/15/2019 Cisco Firepower Next-Generation Firewall (NGFW) Data Sheet - Cisco
Features
Centralized management Centralized con guration, logging, monitoring, and reporting are perform
Application Visibility and Standard, supporting more than 4000 applications, as well as geolocatio
Control (AVC)
https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/data_sheet-c78-736661.html 6/37
4/15/2019 Cisco Firepower Next-Generation Firewall (NGFW) Data Sheet - Cisco
Features
Cisco Security Standard, with IP, URL, and DNS threat intelligence
Intelligence
Cisco Firepower NGIPS Available; can passively detect endpoints and infrastructure for threat co
Cisco AMP for Networks Available; enables detection, blocking, tracking, analysis, and containme
available
Automated threat feed Yes: class-leading Collective Security Intelligence (CSI) from the Cisco T
and IPS signature
updates
https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/data_sheet-c78-736661.html 7/37
4/15/2019 Cisco Firepower Next-Generation Firewall (NGFW) Data Sheet - Cisco
Features
Third-party and open- Open API for integrations with third-party products; Snort® and OpenAp
source ecosystem
High availability and Active/Standby Active/standby; for Cisco Firepower 9300 intrachass
clustering for ESXi and
KVM
Cisco Trust Anchor - ASA 5506-X, 5508-X, and 5516-X appliances, Firep
Technologies additional details
Note: Throughput assumes HTTP sessions with an average packet size of 1024 bytes. TLS numbers
measured with AVC only policies and 50% TLS tra c with AES256-SHA cipher and RSA 2048-bit keys.
Performance will vary depending on features activated, and network tra c protocol mix, packet size
characteristics and hypervisor employed (NGFWv). Performance is subject to change with new software
releases. Consult your Cisco representative for detailed sizing guidance.
Table 2 summarizes the performance and capabilities of the Cisco Firepower 2100, 4100 Series and
9300 appliances when running the ASA image. For Cisco ASA 5500-X Series performance
speci cations with the ASA image, please visit the Cisco ASA with FirePOWER Services data sheet.
https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/data_sheet-c78-736661.html 8/37
4/15/2019 Cisco Firepower Next-Generation Firewall (NGFW) Data Sheet - Cisco
Firewall latency - - - - 3.
(UDP 64B
microseconds)
https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/data_sheet-c78-736661.html 9/37
4/15/2019 Cisco Firepower Next-Generation Firewall (NGFW) Data Sheet - Cisco
Security contexts 2; 25 2; 25 2; 30 2; 40 10
(included;
maximum)
Clustering - - - - Up
ap
Centralized Centralized con guration, logging, monitoring, and reporting are performed by
management
1 Throughput measured with 1500B User Datagram Protocol (UDP) tra c measured under ideal test conditions.
https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/data_sheet-c78-736661.html 10/37
4/15/2019 Cisco Firepower Next-Generation Firewall (NGFW) Data Sheet - Cisco
2 “Multiprotocol” refers to a tra c pro le consisting primarily of TCP-based protocols and applications like HTTP,
SMTP, FTP, IMAPv4, BitTorrent, and DNS.
Features
https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/data_sheet-c78-736661.html 11/37
4/15/2019 Cisco Firepower Next-Generation Firewall (NGFW) Data Sheet - Cisco
Features
https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/data_sheet-c78-736661.html 12/37
4/15/2019 Cisco Firepower Next-Generation Firewall (NGFW) Data Sheet - Cisco
Features
Power Con guration Single integrated Single 400W AC, Dual 400W AC.
supplies 250W AC power Dual 400W AC Single/dual
supply. optional. 350W DC
Single/Dual optional1
350W DC
optional1
https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/data_sheet-c78-736661.html 13/37
4/15/2019 Cisco Firepower Next-Generation Firewall (NGFW) Data Sheet - Cisco
Features
AC 50 to 60 Hz 50 to 60 Hz
frequency
DC maximum - 350W
output power
https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/data_sheet-c78-736661.html 14/37
4/15/2019 Cisco Firepower Next-Generation Firewall (NGFW) Data Sheet - Cisco
Features
Rack mountable Yes. Fixed mount Yes. Mount rails included (4-post EIA-
brackets included 310-D rack)
(2-post). Mount rails
optional (4-post EIA-
310-D rack)
https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/data_sheet-c78-736661.html 15/37
4/15/2019 Cisco Firepower Next-Generation Firewall (NGFW) Data Sheet - Cisco
Features
2 Fans operate in a 3+1 redundant con guration where the system will continue to function with only 3 operational
Features
https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/data_sheet-c78-736661.html 16/37
4/15/2019 Cisco Firepower Next-Generation Firewall (NGFW) Data Sheet - Cisco
Features
https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/data_sheet-c78-736661.html 17/37
4/15/2019 Cisco Firepower Next-Generation Firewall (NGFW) Data Sheet - Cisco
Features
AC maximum 13A
input current
AC maximum 1100W
output power
AC 50 to 60 Hz
frequency
DC maximum 27A
input current
DC maximum 950W
output power
Redundancy 1+1
https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/data_sheet-c78-736661.html 18/37
4/15/2019 Cisco Firepower Next-Generation Firewall (NGFW) Data Sheet - Cisco
Features
Noise 78 dBA
https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/data_sheet-c78-736661.html 19/37
4/15/2019 Cisco Firepower Next-Generation Firewall (NGFW) Data Sheet - Cisco
Features
Form factor 3 Rack Units (3RU), ts standard 19-in. (48.3-cm) square-hole rack
Security module 3
slots
Supervisor Cisco Firepower 9000 Supervisor with 8 x 10 Gigabit Ethernet ports and 2
network module slots for I/O expansion
https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/data_sheet-c78-736661.html 20/37
4/15/2019 Cisco Firepower Next-Generation Firewall (NGFW) Data Sheet - Cisco
https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/data_sheet-c78-736661.html 21/37
4/15/2019 Cisco Firepower Next-Generation Firewall (NGFW) Data Sheet - Cisco
Frequency 50 to 60 Hz - -
Redundancy 1+1
Weight 105 lb (47.7 kg) with one security module; 135 lb (61.2 kg) fully con gured
https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/data_sheet-c78-736661.html 22/37
4/15/2019 Cisco Firepower Next-Generation Firewall (NGFW) Data Sheet - Cisco
Table 7. Cisco Firepower 2100 Series, 4100 Series and Cisco Firepower 9300 NEBS, Regulatory,
Safety, and EMC Compliance
NEBS Cisco Firepower 9300 is NEBS compliant with SM-24 Security Modules.
Cisco Firepower 4120 is NEBS compliant
https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/data_sheet-c78-736661.html 23/37
4/15/2019 Cisco Firepower Next-Generation Firewall (NGFW) Data Sheet - Cisco
Safety ● UL 60950-1
● CAN/CSA-C22.2 No. 60950-1
● EN 60950-1
● IEC 60950-1
● AS/NZS 60950-1
● GB4943
EMC: ● EN55024
Immunity ● CISPR24
● EN300386
● KN24
● TVCN 7317
● EN-61000-4-2
● EN-61000-4-3
● EN-61000-4-4
● EN-61000-4-5
● EN-61000-4-6
● EN-61000-4-8
● EN-61000-4-11
https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/data_sheet-c78-736661.html 24/37
4/15/2019 Cisco Firepower Next-Generation Firewall (NGFW) Data Sheet - Cisco
Cisco Trust Anchor Technologies provide a highly secure foundation for certain Cisco products. They
enable hardware and software authenticity assurance for supply chain trust and strong mitigation against
a man-in-the-middle compromise of software and rmware.
Trust Anchor capabilities include:
● Image signing: Cryptographically signed images provide assurance that the rmware, BIOS,
and other software are authentic and unmodi ed. As the system boots, the system’s software
signatures are checked for integrity.
● Secure Boot: Secure Boot anchors the boot sequence chain of trust to immutable hardware,
mitigating threats against a system’s foundational state and the software that is to be loaded,
regardless of a user’s privilege level. It provides layered protection against the persistence of
illicitly modi ed rmware.
● Trust Anchor module: A tamper-resistant, strong-cryptographic, single-chip solution provides
hardware authenticity assurance to uniquely identify the product so that its origin can be
con rmed to Cisco, providing assurance that the product is genuine.
https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/data_sheet-c78-736661.html 25/37
4/15/2019 Cisco Firepower Next-Generation Firewall (NGFW) Data Sheet - Cisco
Radware vDP is an award-winning, real-time, behavioral DDoS attack mitigation solution that protects
organizations against multiple DDoS threats. Firepower DDoS mitigation defends your application
infrastructure against network and application degradation and outage.
Performance
The performance gures in Table 8 apply to all Cisco Firepower 4100 series models.
Table 8. Key DDoS Performance Metrics for Cisco Firepower 4100 Series
Parameter Value
Maximum DDoS ood attack prevention rate 1,800,000 Packets Per Second (PPS)
The performance gures in Table 9 are for Cisco Firepower 9300 with 1 to 3 Security Modules
irrespective of Security Module type (SM-24, SM-36 or SM-44).
Table 9. Key DDoS Performance Metrics for Cisco Firepower 9300 with 1, 2, or 3 Security
Modules.
Firepower 9300
Firepower 9300 with Firepower 9300 with
Parameter with 1 Security
2 Security Modules 3 Security Modules
Module
https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/data_sheet-c78-736661.html 26/37
4/15/2019 Cisco Firepower Next-Generation Firewall (NGFW) Data Sheet - Cisco
Firepower 9300
Firepower 9300 with Firepower 9300 with
Parameter with 1 Security
2 Security Modules 3 Security Modules
Module
Ordering Information
Cisco Smart Net Total Care Support: Move Quickly with Anytime
Access to Cisco Expertise and Resources
Cisco Smart Net Total Care™ is an award-winning technical support service that gives your IT sta direct
anytime access to Technical Assistance Center (TAC) engineers and Cisco.com resources. You receive
the fast, expert response and the dedicated accountability you require to resolve critical network issues.
Smart Net Total Care provides the following device-level support:
● Global access 24 hours a day, 365 days a year to specialized engineers in the Cisco TAC
● Anytime access to the extensive Cisco.com online knowledge base, resources, and tools
https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/data_sheet-c78-736661.html 27/37
4/15/2019 Cisco Firepower Next-Generation Firewall (NGFW) Data Sheet - Cisco
In addition, with the optional Cisco Smart Net Total Care Onsite Service, a eld engineer installs
replacement parts at your location and helps ensure that your network operates optimally. For more
information on Smart Net Total Care please visit:
https://www.cisco.com/c/en/us/services/portfolio/product-technical-support/smart-net-total-
care.html.
https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/data_sheet-c78-736661.html 28/37
4/15/2019 Cisco Firepower Next-Generation Firewall (NGFW) Data Sheet - Cisco
Note: These optional security services licenses can be ordered with 1-, 3-, or 5-year
subscriptions.
https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/data_sheet-c78-736661.html 29/37
4/15/2019 Cisco Firepower Next-Generation Firewall (NGFW) Data Sheet - Cisco
Hardware Accessories
Please consult the ordering guide for accessories including rack mounts, spare fans, power
supplies, and Solid-State Drives (SSDs)
https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/data_sheet-c78-736661.html 30/37
4/15/2019 Cisco Firepower Next-Generation Firewall (NGFW) Data Sheet - Cisco
Hardware Accessories
Please consult the ordering guide for accessories including rack mounts, spare fans, power
supplies, and Solid-State Drives (SSDs)
https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/data_sheet-c78-736661.html 31/37
4/15/2019 Cisco Firepower Next-Generation Firewall (NGFW) Data Sheet - Cisco
Note: These optional security services licenses can be ordered with 1-, 3-, or 5-year
subscriptions.
https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/data_sheet-c78-736661.html 32/37
4/15/2019 Cisco Firepower Next-Generation Firewall (NGFW) Data Sheet - Cisco
https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/data_sheet-c78-736661.html 33/37
4/15/2019 Cisco Firepower Next-Generation Firewall (NGFW) Data Sheet - Cisco
FPR9K-TD-BASE Cisco Firepower Threat Defense Base License for Cisco Firepower
9300 NGFW
https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/data_sheet-c78-736661.html 34/37
4/15/2019 Cisco Firepower Next-Generation Firewall (NGFW) Data Sheet - Cisco
* Note: Firepower 9300 may also be deployed as a dedicated threat sensor, with fail-to-wire network modules.
Warranty Information
Find warranty information on cisco.com at the Product Warranties page.
Cisco Services
Cisco o ers a wide range of service programs to accelerate customer success. These innovative
services programs are delivered through a unique combination of people, processes, tools, and
partners, resulting in high levels of customer satisfaction. Cisco Services help you protect your network
investment, optimize network operations, and prepare your network for new applications to extend
network intelligence and the power of your business. For more information about Cisco services for
security, visit https://www.cisco.com/go/services/security.
Cisco Capital
Document History
https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/data_sheet-c78-736661.html 35/37
4/15/2019 Cisco Firepower Next-Generation Firewall (NGFW) Data Sheet - Cisco
Described
New or Revised Topic Date
In
Removed explicit software version numbers from Table 5 and referred Table 5 19-
readers to the current release note pages Jul-
18
Comment
Prasobchok Kaowongwan
Andre Camillo
Why does it mention virtual FTD specs and not its Part-numbers? It would be good to have the vFTD PNs in here.
https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/data_sheet-c78-736661.html 36/37
4/15/2019 Cisco Firepower Next-Generation Firewall (NGFW) Data Sheet - Cisco
https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/data_sheet-c78-736661.html 37/37