Cisco FPR2120 NGFW
The Firepower 2100 Series has an innovative dual multicore CPU architecture that optimizes firewall, cryptographic, and threat inspection functions simultaneously. Now, achieving security doesn’t come at the expense of network performance.
Specifications
| STT | Model | Cisco FPR2120-NGFW |
| 1 | System Performance | |
| Throughput: FW + AVC (1024B) | 3 Gbps | |
| Throughput: FW + AVC + IPS (1024B) | 3 Gbps | |
| Maximum concurrent sessions, with AVC | 1,500,000 | |
| Maximum new connections per second, with AVC | 17,000 | |
| TLS (Hardware Decryption) | 475 Mbps | |
| Throughput: NGIPS (1024B) | 3 Gbps | |
| IPSec VPN Throughput (1024B TCP w/Fastpath) | 1 Gbps | |
| Maximum VPN Peers | 3500 | |
| Multi-Instance Capable | Yes | |
| Centralized management | Centralized configuration, logging, monitoring, and reporting are performed by the Management Center or alternatively in the cloud with Cisco Defense Orchestrator | |
| Application Visibility and Control (AVC) | Standard, supporting more than 4000 applications, as well as geolocations, users, and websites | |
| AVC: OpenAppID support for custom, open source, application detectors | Standard | |
| Cisco Security Intelligence | Standard, with IP, URL, and DNS threat intelligence | |
| Cisco Firepower NGIPS | Available; can passively detect endpoints and infrastructure for threat correlation and Indicators of Compromise (IoC) intelligence | |
| Cisco AMP for Networks | Available; enables detection, blocking, tracking, analysis, and containment of targeted and persistent malware, addressing the attack continuum both during and after attacks. Integrated threat correlation with Cisco AMP for Endpoints is also optionally available | |
| Cisco AMP Threat Grid sandboxing | Available | |
| URL Filtering: number of categories | More than 80 | |
| URL Filtering: number of URLs categorized | More than 280,000,000 | |
| High availability and clustering | Active/standby | |
| 2 | Physical interfaces | |
| Network modules | None | |
| Maximum number of interfaces | Up to 16 total Ethernet ports, (12x1G RJ-45, 4x1G SFP) | |
| Integrated I/O | 12 x 10M/100M/1GBASE-T Ethernet interfaces (RJ-45), 4 x 1 Gigabit (SFP) Ethernet interfaces | |
| Integrated network management ports | 1 x 10M/100M/1GBASE-T Ethernet port (RJ-45) | |
| Serial port | 1 x RJ-45 console | |
| USB Port | 1 x USB 2.0 Type-A (500mA) | |
| Storage | 1x 100 GB, 1x spare slot (for MSP) | |
| 3 | Dimensions & Enviroment | |
| Dimensions (H x W x D) | 1.73 x 16.90 x 19.76 in. (4.4 x 42.9 x 50.2 cm) | |
| Weight | 16.1 lb (7.3 kg): with 2x SSDs | |
| Form factor (rack units) | 1RU | |
| Supervisor | ||
| Power supplies | Single integrated 250W AC power supply | |
| AC input voltage | 100 to 240V AC | |
| AC maximum input current | < 2.7A at 100V | |
| AC maximum output power | 250W | |
| AC frequency | 50 to 60 Hz | |
| AC efficiency | >88% at 50% load | |
| DC input voltage | ||
| DC maximum input current | ||
| DC maximum output power | ||
| DC efficiency | ||
| Redundancy | None | |
| Fans | 4 integrated (2 internal, 2 exhaust) fans | |
| Noise | 56 dBA @ 25C 74 dBA at highest system performance. | |
| Rack mountable | Yes. Fixed mount brackets included. (2-post). Mount rails optional (4-post EIA- 310-D rack) | |
| Temperature: operating | 32 to 104°F (0 to 40°C) | |
| Temperature: nonoperating | -4 to 149°F (-20 to 65°C) | |
| Humidity: operating | 10 to 85% noncondensing | |
| Humidity: nonoperating | 5 to 95% noncondensing | |
| Altitude: operating | 10,000 ft (max) | |
| Altitude: nonoperating | 40,000 ft (max) | |
| Regulatory compliance | Products comply with CE markings per directives 2004/108/EC and 2006/108/EC | |
| Safety | UL 60950-1, CAN/CSA-C22.2 No. 60950-1, EN 60950-1, IEC 60950-1, AS/NZS 60950-1, GB4943 | |
| EMC: emissions | 47CFR Part 15 (CFR 47) Class A (FCC Class A), AS/NZS CISPR22 Class A, CISPR22 CLASS A, EN55022 Class A, ICES003 Class A, VCCI Class A, EN61000-3-2, EN61000-3-3, KN22 Class A , CNS13438 Class A, EN300386, TCVN7189 | |
| EMC: Immunity | EN55024, CISPR24, EN300386, KN24, TVCN 7317 EN-61000-4-2, EN-61000-4-3, EN-61000-4-4, EN-61000-4-5, EN-61000-4-6, EN-61000-4-8, EN61000-4-11 |
Subscriptions
Firepower System Feature Licenses
Firepower Management Center Licensing
| Management Center Hardware Model or Virtual Platform | License Requirements | |||
| Firepower Management Center hardware (all models) | No license is required for FMC hardware. FMC can manage devices that use both Smart and Classic licenses |
|||
| Firepower Management Center virtual (all platforms) | A virtual Firepower Management Center requires an entitlement for each device it will manage, whether the devices use Smart or Classic licensing | |||
Required License Type (Smart or Classic) for Firepower Devices
Generally, it is the software, not the hardware, that determines whether your device requires a Classic or Smart License.
Some hardware supports either Classic or Smart Licenses, depending on the software running on the device.
Make sure you purchase and activate the correct license type for your software.
For details, see licensing information for the software product that will run on the device.
If you activate the wrong license type, contact Cisco TAC.
Use this table to determine whether your Firepower product requires Classic or Smart Licenses.
| Device Hardware Model or Virtual Platform | Firepower Software (NGIPS) |
Firepower Threat Defense Software |
ASA FirePOWER Sofware |
ASA Software Without FirePOWER Services |
| Cisco NGIPS for Blue Coat X-Series | Classic | — | — | See the important note in the next section. |
| 3D500, 3D1000, 3D2000 3D2100, 3D2500, 3D3500, 3D4500, 3D6500 (EOL) 3D9900 (EOL) |
Classic | — | — | See the important note in the next section. |
| Firepower 7010, 7020, 7030, 7050 Firepower 7110, 7115 7120, 7125 AMP7150 |
Classic | — | — | See the important note in the next section |
| Firepower 8120, 8130, 8140 Firepower 8250, 8260, 8270, 8290 Firepower 8350, 8360, 8370, 8390 AMP8050, AMP8150, AMP8350 |
Classic | — | — | See the important note in the next section. |
| Virtual: VMware | Classic | Smart | — | See the important note in the next section |
| Virtual: AWS | — | Smart | — | See the important note in the next section. |
| Virtual: KVM | — | Smart | — | See the important note in the next section |
| Virtual: Azure | — | Smart | — | See the important note in the next section |
| ASA 5506-X, ASA 5506H-X, ASA 5506W-X, ASA 5508-X, ASA 5516-X |
— | Smart | Classic | See the important note in the next section |
| ISA 3000 For supported software versions on this hardware, see the Compatibility Matrix at https://www.cisco.com/ c/en/us/support/security/defense-center/ products-device-support-tables-list.html. |
— | Smart Versions 6.2.3 and 6.3 support Threat license only. Support for Specific License Reservation was introduced in 6.4. |
Classic | See the important note in the next section |
| ASA 5512-X, ASA 5515-X, ASA 5525-X, ASA 5545-X, ASA 5555-X |
— | Smart | Classic | See the important note in the next section |
| ASA 5585-X-SSP-10, -20, -40, -60 | — | — | Classic | See the important note in the next section |
| Firepower 1000 Series Firepower 2100 Series Firepower 4100 Series Firepower 9300 |
— | Smart | — | See the important note in the next section |
Licensing Instructions by Firepower Version
Use this table to find feature license instructions by Firepower version.
Important : For Firepower hardware that is not running Firepower software, see the documentation for the software product.
For example, for licensing information for Firepower hardware running Cisco Adaptive Security Appliance (ASA) software without FirePOWER Services software, see https://www.cisco.com/c/en/us/td/docs/security/ asa/roadmap/licenseroadmap.html.
| Firepower Software Version |
License Type | Licensing Information For |
| 6.5 | Smart (including Specific License Reservation for devices managed by FMC) |
• Supported Firepower Threat Defense devices, managed by the Firepower Management Center: The “Licensing the Firepower System” chapter in the Firepower Management Center Configuration Guide for version 6.5, at https://www.cisco.com/c/en/us/td/docs/security/firepower/650/configuration/guide/ fpmc-config-guide-v65/licensing_the_firepower_system.html This chapter includes information about Specific License Reservation. • Supported Firepower Threat Defense devices, managed by Firepower Device Manager: The “Licensing the System” chapter in the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager for version 6.5, at https://www.cisco.com/c/en/us/td/docs/security/firepower/650/fdm/ fptd-fdm-config-guide-650/fptd-fdm-license.html |
| Classic | • Cisco ASA with FirePOWER Services and NGIPSv, managed by the Firepower Management Center: The “Licensing the Firepower System” chapter in the Firepower Management Center Configuration Guide for version 6.5, at https://www.cisco.com/c/en/us/td/docs/security/firepower/650/configuration/guide/fpmc-config-guide-v65/licensing_the_firepower_system.html • Cisco ASA with FirePOWER Services, managed locally: The “Licensing the ASA FirePOWER Module” chapter in the Cisco ASA with FirePOWER Services Local Management Configuration Guide for version 6.5, at https://www.cisco.com/c/en/us/td/docs/security/firepower/650/asa-fp-services/ asafps-local-mgmt-config-guide v65/licensing_the_asa_firepower_module.html |
|
| 6.4 | Smart (including Specific License Reservation for devices managed by FMC) |
• Supported Firepower Threat Defense devices, managed by the Firepower Management Center: The “Licensing the Firepower System” chapter in the Firepower Management Center Configuration Guide for version 6.4, at https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/ fpmc-config-guide-v64/licensing_the_firepower_system.html This chapter includes information about Specific License Reservation. • Supported Firepower Threat Defense devices, managed by Firepower Device Manager: The “Licensing the System” chapter in the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager for version 6.4, at https://www.cisco.com/c/en/us/td/docs/security/firepower/640/fdm/ fptd-fdm-config-guide-640/fptd-fdm-license.html |
| Classic | • Cisco ASA with FirePOWER Services, Firepower 7000 and 8000 Series devices, and NGIPSv, managed by the Firepower Management Center: The “Licensing the Firepower System” chapter in the Firepower Management Center Configuration Guide for version 6.4, at https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/ fpmc-config-guide-v64/licensing_the_firepower_system.html • Cisco ASA with FirePOWER Services, managed locally: The “Licensing the ASA FirePOWER Module” chapter in the Cisco ASA with FirePOWER Services Local Management Configuration Guide for version 6.4, at https://www.cisco.com/c/en/us/td/docs/security/firepower/640/asa-fp-services/ asafps-local-mgmt-config-guide-v64/licensing_the_asa_firepower_module.html |
|
| 6.3 | Smart (including Specific License Reservation for devices managed by FMC) |
• Supported Firepower Threat Defense devices, managed by the Firepower Management Center: The “Licensing the Firepower System” chapter in the Firepower Management Center Configuration Guide for version 6.3, at: https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/ fpmc-config-guide-v63/licensing_the_firepower_system.html This chapter includes information about Specific License Reservation. • Supported Firepower Threat Defense devices, managed by Firepower Device Manager: The “Licensing the System” chapter in the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager for version 6.3, at https://www.cisco.com/c/en/us/td/docs/security/firepower/630/fdm/ fptd-fdm-config-guide-630/fptd-fdm-license.html |
| Classic | • Cisco ASA with FirePOWER Services, managed locally: The “Licensing the ASA FirePOWER Module” chapter in the Cisco ASA with FirePOWER Services Local Management Configuration Guide for version 6.3, at https://www.cisco.com/c/en/us/td/docs/security/firepower/630/asa-fp-services/ asafps-local-mgmt-config-guide-v63/licensing_the_asa_firepower_module.html • Cisco ASA with FirePOWER Services, Firepower 7000 and 8000 Series devices, and NGIPSv, managed by the Firepower Management Center: The “Licensing the Firepower System” chapter in the Firepower Management Center Configuration Guide for version 6.3, at https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/ fpmc-config-guide-v63/licensing_the_firepower_system.html |
|
| 6.2.3 | Smart | • Supported Firepower Threat Defense devices, managed by the Firepower Management Center: The “Licensing the Firepower System” chapter in the Firepower Management Center Configuration Guide for version 6.2.3, at: https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/ fpmc-config-guide-v623/licensing_the_firepower_system.html • Supported Firepower Threat Defense devices, managed by Firepower Device Manager: The “Licensing the System” chapter in the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager for version 6.2.3, at https://www.cisco.com/c/en/us/td/docs/security/firepower/623/fdm/ fptd-fdm-config-guide-623/fptd-fdm-license.html |
| Classic | • Cisco ASA with FirePOWER Services, managed locally: The “Licensing the ASA FirePOWER Module” chapter in the Cisco ASA with FirePOWER Services Local Management Configuration Guide for version 6.2.3, at https://www.cisco.com/c/en/us/td/docs/security/firepower/623/asa-fp-services/ asa-with-firepower-services-local-management-configuration-guide-v623/ Licensing.html • Cisco ASA with FirePOWER Services, Firepower 7000 and 8000 Series devices, and NGIPSv, managed by the Firepower Management Center: The “Licensing the Firepower System” chapter in the Firepower Management Center Configuration Guide for version 6.2.3, at https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/ fpmc-config-guide-v623/licensing_the_firepower_system.html |
|
| 6.2.2 | Smart | • Supported Firepower Threat Defense devices, managed by the Firepower Management Center: Licensing the Firepower System • Supported Firepower Threat Defense devices, managed by Firepower Device Manager: Licensing the System |
| Classic | • Cisco ASA with FirePOWER Services, managed locally: Licensing the ASA FirePOWER Module • Cisco ASA with FirePOWER Services, Firepower 7000 and 8000 Series devices, and NGIPSv, managed by the Firepower Management Center: Licensing the Firepower System |
|
| 6.2.1 | Smart | • Supported Firepower Threat Defense devices, managed by the Firepower Management Center: Licensing the Firepower System • Supported Firepower Threat Defense devices, managed by Firepower Device Manager: Licensing the System |
| Classic | — | |
| 6.2.0.x | Smart | • Firepower Threat Defense devices, managed by the Firepower Management Center: Licensing the Firepower System • Firepower Threat Defense devices, managed by Firepower Device Manager: Licensing the System |
| Classic | • Cisco ASA with FirePOWER Services, managed locally: Licensing the ASA FirePOWER Module • Cisco ASA with FirePOWER Services, Firepower 7000 and 8000 Series devices, and NGIPSv, managed by the Firepower Management Center: Licensing the Firepower System |
|
| 6.1.0.x | Smart | • Firepower Threat Defense devices, managed by the Firepower Management Center: Licensing the Firepower System • Firepower Threat Defense devices, managed by the Firepower Device Manager: Licensing the System |
| Classic | • Cisco ASA with FirePOWER Services, managed locally: Licensing the ASA FirePOWER Module • Cisco ASA with FirePOWER Services, Firepower 7000 and 8000 Series devices, and NGIPSv, managed by the Firepower Management Center: Licensing the Firepower System |
Specs
System Performance
| Firewall throughput | 3 Gbps ( FW + AVC (1024B)) |
| Concurrent connections | 1,500,000 |
| New connections/sec | 17,000 |
| IPSec VPN throughput | 1 Gbps (1024B TCP w/Fastpath) |
| Maximum VPN Peers | 3500 |
| High Availability Configurations | Active/standby |
| Centralized management | Centralized configuration, logging, monitoring, and reporting are performed by the Management Center or alternatively in the cloud with Cisco Defense Orchestrator |
Physical interfaces
| GE RJ45 Ports | 12 x 10M/100M/1GBASE-T Ethernet interfaces (RJ-45) |
| GE SFP Slots | 4 x 1 Gigabit (SFP) Ethernet interfaces |
| Network modules | None |
| Maximum number of interfaces | Up to 16 total Ethernet ports, (12x1G RJ-45, 4x1G SFP) |
| Integrated network management ports | 1 x 10M/100M/1GBASE-T Ethernet port (RJ-45) |
| USB Port | 1 x USB 2.0 Type-A (500mA) |
| Console Port | 1 x RJ-45 console |
| Storage | 1x 100 GB, 1x spare slot (for MSP) |
Dimensions & Enviroment
| Mounting | 1RU |
| Dimensions Width x Depth x Height (inches) | 1.73 x 16.90 x 19.76 |
| Dimensions Height x Width x Length (mm) | 42.9 x 50.2 x 4.4 cm |
| Weight | 16.1 lb (7.3 kg): with 2x SSDs |
| Power supply | Single integrated 250W AC power supply. |
| AC input voltage | 100 to 240V AC |
| AC maximum input current | < 2.7A at 100V |
| AC maximum output power | 250W |
| AC frequency | 50 to 60 Hz |
| AC efficiency | >88% at 50% load |
| Redundancy | None |
| Fans | 4 integrated (2 internal, 2 exhaust) fans. |
| Safety | ● UL 60950-1 ● CAN/CSA-C22.2 No. 60950-1 ● EN 60950-1 ● IEC 60950-1 ● AS/NZS 60950-1 ● GB4943 |
| Operating Temperature | 32 to 104°F (0 to 40°C) |
| Non-operating temperature | -4 to 149°F (-20 to 65°C) |
| Humidity | 5-10 to 85%-95% noncondensing |
| Noise Level | 56 dBA @ 25C | 74 dBA at highest system performance. |
| Operating Attitude | 10,000 ft (max) |
| Non Operating Altitude | 40,000 ft (max) |
| Regulatory Compliance | Products comply with CE markings per directives 2004/108/EC and 2006/108/EC |
| EMC: emissions | ● 47CFR Part 15 (CFR 47) Class A (FCC Class A) ● AS/NZS CISPR22 Class A ● CISPR22 CLASS A ● EN55022 Class A ● ICES003 Class A ● VCCI Class A ● EN61000-3-2 ● EN61000-3-3 ● KN22 Class A ● CNS13438 Class A ● EN300386 ● TCVN7189 |
| EMC: Immunity | ● EN55024 ● CISPR24 ● EN300386 ● KN24 ● TVCN 7317 ● EN-61000-4-2, EN-61000-4-3, EN-61000-4-4, EN-61000-4-5, EN-61000-4-6, EN-61000-4-8, EN61000-4-11 |
