Cisco FPR2140-ASA
Cisco FPR2140-ASA
FPR2140-ASA-K9 Overview
The Cisco Firepower 2100 Series is a family of four threat-focused NGFW security platforms that deliver business resiliency through superior threat defense. It offers exceptional sustained performance when advanced threat functions are enabled. These platforms uniquely incorporate an innovative dual multicore CPU architecture that optimizes firewall, cryptographic, and threat inspection functions simultaneously. The series’ firewall throughput range addresses use cases from the Internet edge to the data center. Network Equipment Building Standards (NEBS)- compliance is supported by the Cisco Firepower 2100 Series platform. The FPR2140-ASA-K9 stands for Cisco Firepower 2140 ASA Appliance, 1RU, 1 x Network Module Bays.
Specifications
| STT | Model | Cisco FPR2140-ASA |
| 1 | System Performance | |
| Firewall throughput (Stateful inspection) | 20 Gbps | |
| Firewall throughput (Stateful inspection- Multiprotocol) | 10 Gbps | |
| Concurrent firewall connections | 3,000,000 | |
| Firewall latency (UDP 64B microseconds) | ||
| New connections per second | 75000 | |
| IPsec VPN throughput (450B UDP L2L test) | 2 Gbps | |
| Maximum VPN Peers | 10,000 | |
| Security contexts (included; maximum) | 2; 40 | |
| High availability | Active/active and active/standby | |
| Clustering | ||
| Scalability | VPN Load Balancing | |
| Centralized management | Centralized configuration, logging, monitoring, and reporting are performed by Cisco Security Manager or alternatively in the cloud with Cisco Defense Orchestrator | |
| Adaptive Security Device Manager | Web-based, local management for small-scale deployments | |
| 2 | Physical interfaces | |
| Network modules | 10G SFP+, 1/10G FTW Options | |
| Maximum number of interfaces | Up to 24 total Ethernet ports (12x1G RJ-45, 4x10G SFP+, and network module) | |
| Integrated I/O | 12 x 10M/100M/1GBASE-T Ethernet interfaces (RJ-45), 4 x 10 Gigabit (SFP+) Ethernet interfaces | |
| Integrated network management ports | 1 x 10M/100M/1GBASE-T Ethernet port (RJ-45) | |
| Serial port | 1 x RJ-45 console | |
| USB Port | 1 x USB 2.0 Type-A (500mA) | |
| Storage | 1x 200 GB, 1x spare slot (for MSP) | |
| 3 | Dimensions & Enviroment | |
| Dimensions (H x W x D) | 1.73 x 16.90 x 19.76 in. (4.4 x 42.9 x 50.2 cm) | |
| Weight | 21 lb (9.53 kg) 2 x power supplies, 1 x NM, 1 x fan module, 2x SSDs | |
| Form factor (rack units) | 1RU | |
| Supervisor | ||
| Power supplies | Dual 400W AC. Single/dual 350W DC optional | |
| AC input voltage | 100 to 240V AC | |
| AC maximum input current | < 6A at 100V | |
| AC maximum output power | 400W | |
| AC frequency | 50 to 60 Hz | |
| AC efficiency | >89% at 50% load | |
| DC input voltage | -48V to -60VDC | |
| DC maximum input current | < 12.5A at -48V | |
| DC maximum output power | 350W | |
| DC efficiency | >88% at 50% load | |
| Redundancy | 1+1 AC or DC with dual supplies | |
| Fans | 1 hot-swappable fan module (with 4 fans) | |
| Noise | 56 dBA @ 25C 74 dBA at highest system performance. | |
| Rack mountable | Yes. Mount rails included (4-post EIA-310-D rack) | |
| Temperature: operating | 32 to 104°F (0 to 40°C) | |
| Temperature: nonoperating | -4 to 149°F (-20 to 65°C) | |
| Humidity: operating | 10 to 85% noncondensing | |
| Humidity: nonoperating | 5 to 95% noncondensing | |
| Altitude: operating | 10,000 ft (max) | |
| Altitude: nonoperating | 40,000 ft (max) | |
| Regulatory compliance | Products comply with CE markings per directives 2004/108/EC and 2006/108/EC | |
| Safety | UL 60950-1, CAN/CSA-C22.2 No. 60950-1, EN 60950-1, IEC 60950-1, AS/NZS 60950-1, GB4943 | |
| EMC: emissions | 47CFR Part 15 (CFR 47) Class A (FCC Class A), AS/NZS CISPR22 Class A, CISPR22 CLASS A, EN55022 Class A, ICES003 Class A, VCCI Class A, EN61000-3-2, EN61000-3-3, KN22 Class A , CNS13438 Class A, EN300386, TCVN7189 | |
| EMC: Immunity | EN55024, CISPR24, EN300386, KN24, TVCN 7317 EN-61000-4-2, EN-61000-4-3, EN-61000-4-4, EN-61000-4-5, EN-61000-4-6, EN-61000-4-8, EN61000-4-11 |
Subscriptions
Firepower System Feature Licenses
Firepower Management Center Licensing
| Management Center Hardware Model or Virtual Platform | License Requirements | |||
| Firepower Management Center hardware (all models) | No license is required for FMC hardware. FMC can manage devices that use both Smart and Classic licenses |
|||
| Firepower Management Center virtual (all platforms) | A virtual Firepower Management Center requires an entitlement for each device it will manage, whether the devices use Smart or Classic licensing | |||
Required License Type (Smart or Classic) for Firepower Devices
Generally, it is the software, not the hardware, that determines whether your device requires a Classic or Smart License.
Some hardware supports either Classic or Smart Licenses, depending on the software running on the device.
Make sure you purchase and activate the correct license type for your software.
For details, see licensing information for the software product that will run on the device.
If you activate the wrong license type, contact Cisco TAC.
Use this table to determine whether your Firepower product requires Classic or Smart Licenses.
| Device Hardware Model or Virtual Platform | Firepower Software (NGIPS) |
Firepower Threat Defense Software |
ASA FirePOWER Sofware |
ASA Software Without FirePOWER Services |
| Cisco NGIPS for Blue Coat X-Series | Classic | — | — | See the important note in the next section. |
| 3D500, 3D1000, 3D2000 3D2100, 3D2500, 3D3500, 3D4500, 3D6500 (EOL) 3D9900 (EOL) |
Classic | — | — | See the important note in the next section. |
| Firepower 7010, 7020, 7030, 7050 Firepower 7110, 7115 7120, 7125 AMP7150 |
Classic | — | — | See the important note in the next section |
| Firepower 8120, 8130, 8140 Firepower 8250, 8260, 8270, 8290 Firepower 8350, 8360, 8370, 8390 AMP8050, AMP8150, AMP8350 |
Classic | — | — | See the important note in the next section. |
| Virtual: VMware | Classic | Smart | — | See the important note in the next section |
| Virtual: AWS | — | Smart | — | See the important note in the next section. |
| Virtual: KVM | — | Smart | — | See the important note in the next section |
| Virtual: Azure | — | Smart | — | See the important note in the next section |
| ASA 5506-X, ASA 5506H-X, ASA 5506W-X, ASA 5508-X, ASA 5516-X |
— | Smart | Classic | See the important note in the next section |
| ISA 3000 For supported software versions on this hardware, see the Compatibility Matrix at https://www.cisco.com/ c/en/us/support/security/defense-center/ products-device-support-tables-list.html. |
— | Smart Versions 6.2.3 and 6.3 support Threat license only. Support for Specific License Reservation was introduced in 6.4. |
Classic | See the important note in the next section |
| ASA 5512-X, ASA 5515-X, ASA 5525-X, ASA 5545-X, ASA 5555-X |
— | Smart | Classic | See the important note in the next section |
| ASA 5585-X-SSP-10, -20, -40, -60 | — | — | Classic | See the important note in the next section |
| Firepower 1000 Series Firepower 2100 Series Firepower 4100 Series Firepower 9300 |
— | Smart | — | See the important note in the next section |
Licensing Instructions by Firepower Version
Use this table to find feature license instructions by Firepower version.
Important : For Firepower hardware that is not running Firepower software, see the documentation for the software product.
For example, for licensing information for Firepower hardware running Cisco Adaptive Security Appliance (ASA) software without FirePOWER Services software, see https://www.cisco.com/c/en/us/td/docs/security/ asa/roadmap/licenseroadmap.html.
| Firepower Software Version |
License Type | Licensing Information For |
| 6.5 | Smart (including Specific License Reservation for devices managed by FMC) |
• Supported Firepower Threat Defense devices, managed by the Firepower Management Center: The “Licensing the Firepower System” chapter in the Firepower Management Center Configuration Guide for version 6.5, at https://www.cisco.com/c/en/us/td/docs/security/firepower/650/configuration/guide/ fpmc-config-guide-v65/licensing_the_firepower_system.html This chapter includes information about Specific License Reservation. • Supported Firepower Threat Defense devices, managed by Firepower Device Manager: The “Licensing the System” chapter in the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager for version 6.5, at https://www.cisco.com/c/en/us/td/docs/security/firepower/650/fdm/ fptd-fdm-config-guide-650/fptd-fdm-license.html |
| Classic | • Cisco ASA with FirePOWER Services and NGIPSv, managed by the Firepower Management Center: The “Licensing the Firepower System” chapter in the Firepower Management Center Configuration Guide for version 6.5, at https://www.cisco.com/c/en/us/td/docs/security/firepower/650/configuration/guide/fpmc-config-guide-v65/licensing_the_firepower_system.html • Cisco ASA with FirePOWER Services, managed locally: The “Licensing the ASA FirePOWER Module” chapter in the Cisco ASA with FirePOWER Services Local Management Configuration Guide for version 6.5, at https://www.cisco.com/c/en/us/td/docs/security/firepower/650/asa-fp-services/ asafps-local-mgmt-config-guide v65/licensing_the_asa_firepower_module.html |
|
| 6.4 | Smart (including Specific License Reservation for devices managed by FMC) |
• Supported Firepower Threat Defense devices, managed by the Firepower Management Center: The “Licensing the Firepower System” chapter in the Firepower Management Center Configuration Guide for version 6.4, at https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/ fpmc-config-guide-v64/licensing_the_firepower_system.html This chapter includes information about Specific License Reservation. • Supported Firepower Threat Defense devices, managed by Firepower Device Manager: The “Licensing the System” chapter in the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager for version 6.4, at https://www.cisco.com/c/en/us/td/docs/security/firepower/640/fdm/ fptd-fdm-config-guide-640/fptd-fdm-license.html |
| Classic | • Cisco ASA with FirePOWER Services, Firepower 7000 and 8000 Series devices, and NGIPSv, managed by the Firepower Management Center: The “Licensing the Firepower System” chapter in the Firepower Management Center Configuration Guide for version 6.4, at https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/ fpmc-config-guide-v64/licensing_the_firepower_system.html • Cisco ASA with FirePOWER Services, managed locally: The “Licensing the ASA FirePOWER Module” chapter in the Cisco ASA with FirePOWER Services Local Management Configuration Guide for version 6.4, at https://www.cisco.com/c/en/us/td/docs/security/firepower/640/asa-fp-services/ asafps-local-mgmt-config-guide-v64/licensing_the_asa_firepower_module.html |
|
| 6.3 | Smart (including Specific License Reservation for devices managed by FMC) |
• Supported Firepower Threat Defense devices, managed by the Firepower Management Center: The “Licensing the Firepower System” chapter in the Firepower Management Center Configuration Guide for version 6.3, at: https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/ fpmc-config-guide-v63/licensing_the_firepower_system.html This chapter includes information about Specific License Reservation. • Supported Firepower Threat Defense devices, managed by Firepower Device Manager: The “Licensing the System” chapter in the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager for version 6.3, at https://www.cisco.com/c/en/us/td/docs/security/firepower/630/fdm/ fptd-fdm-config-guide-630/fptd-fdm-license.html |
| Classic | • Cisco ASA with FirePOWER Services, managed locally: The “Licensing the ASA FirePOWER Module” chapter in the Cisco ASA with FirePOWER Services Local Management Configuration Guide for version 6.3, at https://www.cisco.com/c/en/us/td/docs/security/firepower/630/asa-fp-services/ asafps-local-mgmt-config-guide-v63/licensing_the_asa_firepower_module.html • Cisco ASA with FirePOWER Services, Firepower 7000 and 8000 Series devices, and NGIPSv, managed by the Firepower Management Center: The “Licensing the Firepower System” chapter in the Firepower Management Center Configuration Guide for version 6.3, at https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/ fpmc-config-guide-v63/licensing_the_firepower_system.html |
|
| 6.2.3 | Smart | • Supported Firepower Threat Defense devices, managed by the Firepower Management Center: The “Licensing the Firepower System” chapter in the Firepower Management Center Configuration Guide for version 6.2.3, at: https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/ fpmc-config-guide-v623/licensing_the_firepower_system.html • Supported Firepower Threat Defense devices, managed by Firepower Device Manager: The “Licensing the System” chapter in the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager for version 6.2.3, at https://www.cisco.com/c/en/us/td/docs/security/firepower/623/fdm/ fptd-fdm-config-guide-623/fptd-fdm-license.html |
| Classic | • Cisco ASA with FirePOWER Services, managed locally: The “Licensing the ASA FirePOWER Module” chapter in the Cisco ASA with FirePOWER Services Local Management Configuration Guide for version 6.2.3, at https://www.cisco.com/c/en/us/td/docs/security/firepower/623/asa-fp-services/ asa-with-firepower-services-local-management-configuration-guide-v623/ Licensing.html • Cisco ASA with FirePOWER Services, Firepower 7000 and 8000 Series devices, and NGIPSv, managed by the Firepower Management Center: The “Licensing the Firepower System” chapter in the Firepower Management Center Configuration Guide for version 6.2.3, at https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/ fpmc-config-guide-v623/licensing_the_firepower_system.html |
|
| 6.2.2 | Smart | • Supported Firepower Threat Defense devices, managed by the Firepower Management Center: Licensing the Firepower System • Supported Firepower Threat Defense devices, managed by Firepower Device Manager: Licensing the System |
| Classic | • Cisco ASA with FirePOWER Services, managed locally: Licensing the ASA FirePOWER Module • Cisco ASA with FirePOWER Services, Firepower 7000 and 8000 Series devices, and NGIPSv, managed by the Firepower Management Center: Licensing the Firepower System |
|
| 6.2.1 | Smart | • Supported Firepower Threat Defense devices, managed by the Firepower Management Center: Licensing the Firepower System • Supported Firepower Threat Defense devices, managed by Firepower Device Manager: Licensing the System |
| Classic | — | |
| 6.2.0.x | Smart | • Firepower Threat Defense devices, managed by the Firepower Management Center: Licensing the Firepower System • Firepower Threat Defense devices, managed by Firepower Device Manager: Licensing the System |
| Classic | • Cisco ASA with FirePOWER Services, managed locally: Licensing the ASA FirePOWER Module • Cisco ASA with FirePOWER Services, Firepower 7000 and 8000 Series devices, and NGIPSv, managed by the Firepower Management Center: Licensing the Firepower System |
|
| 6.1.0.x | Smart | • Firepower Threat Defense devices, managed by the Firepower Management Center: Licensing the Firepower System • Firepower Threat Defense devices, managed by the Firepower Device Manager: Licensing the System |
| Classic | • Cisco ASA with FirePOWER Services, managed locally: Licensing the ASA FirePOWER Module • Cisco ASA with FirePOWER Services, Firepower 7000 and 8000 Series devices, and NGIPSv, managed by the Firepower Management Center: Licensing the Firepower System |
Specs
System Performance
| Firewall throughput | 20 Gbps |
| Firewall throught (Stateful inspection multiprotocol) | 10 Gbps |
| Concurrent connections | 3,000,000 |
| New connections/sec | 75000 |
| IPSec VPN throughput | 2 Gbps (450B UDP L2L test) |
| Maximum VPN Peers | 10,000 |
| Security contexts (included; maximum) | 2; 40 |
| High Availability Configurations | Active/active and active/standby |
| Scalability | VPN Load Balancing |
| Centralized management | Centralized configuration, logging, monitoring, and reporting are performed by Cisco Security Manager or alternatively in the cloud with Cisco Defense Orchestrator |
| Adaptive Security | Web-based, local management for small-scale deployments |
Physical interfaces
| GE RJ45 Ports | 12 x 10M/100M/1GBASE-T Ethernet interfaces (RJ- 45) |
| GE SFP Slots | 4 x 10 Gigabit (SFP+) Ethernet interfaces |
| Network modules | 10G SFP+, 1/10G FTW Options |
| Maximum number of interfaces | Up to 24 total Ethernet ports (12x1G RJ-45, 4x10G SFP+, and network module |
| Integrated network management ports | 1 x 10M/100M/1GBASE-T Ethernet port (RJ-45) |
| I/O ports | Integrated network management ports: 1 x 10M/100M/1GBASE-T Ethernet port (RJ-45), Serial port: 1 x RJ-45 console, USB: 1 x USB 2.0 Type-A (500mA) |
| USB Port | 1 x USB 2.0 Type-A (500mA) |
| Console Port | 1 x RJ-45 console |
| Storage | 1x 200 GB, 1x spare slot (for MSP) |
Dimensions & Enviroment
| Mounting | 1RU |
| Dimensions Width x Depth x Height (inches) | 1.73 x 16.90 x 19.76 |
| Dimensions Height x Width x Length (mm) | 4.4 x 42.9 x 50.2 |
| Weight | 21 lb (9.53 kg) 2 x power supplies, 1 x NM, 1 x fan module, 2x SSDs |
| Power supply | Dual 400W AC. Single/dual 350W DC optional |
| AC input voltage | 100 to 240V AC |
| AC maximum input current | < 6A at 100V |
| AC maximum output power | 400W |
| AC frequency | 50 to 60 Hz |
| AC efficiency | >89% at 50% load |
| DC input voltage | -48V to -60VDC |
| DC maximum input current | < 12.5A at -48V |
| DC maximum output power | 350W |
| DC efficiency | >88% at 50% load |
| Redundancy | 1+1 AC or DC with dual supplies |
| Fans | 1 hot-swappable fan module (with 4 fans) |
| Safety | ● UL 60950-1 ● CAN/CSA-C22.2 No. 60950-1 ● EN 60950-1 ● IEC 60950-1 ● AS/NZS 60950-1 ● GB4943 |
| Operating Temperature | 32 to 104°F (0 to 40°C) |
| Non-operating temperature | -4 to 149°F (-20 to 65°C) |
| Humidity | 10 to 85%-95% noncondensing |
| Noise Level | 56 dBA @ 25C | 77 dBA at highest system performance. |
| Operating Attitude | 10,000 ft (max) |
| Non Operating Altitude | 40,000 ft (max) |
| Regulatory Compliance | Products comply with CE markings per directives 2004/108/EC and 2006/108/EC |
| EMC: emissions | ● 47CFR Part 15 (CFR 47) Class A (FCC Class A) ● AS/NZS CISPR22 Class A ● CISPR22 CLASS A ● EN55022 Class A ● ICES003 Class A ● VCCI Class A ● EN61000-3-2 ● EN61000-3-3 ● KN22 Class A ● CNS13438 Class A ● EN300386 ● TCVN7189 |
| EMC: Immunity | ● EN55024 ● CISPR24 ● EN300386 ● KN24 ● TVCN 7317 ● EN-61000-4-2, EN-61000-4-3, EN-61000-4-4, EN-61000-4-5, EN-61000-4-6, EN-61000-4-8, EN61000-4-11 |
