Cisco FPR4120 NGFW
Cisco FPR4120 NGFW
Cisco Firepower 4100 Series Appliances
The 4100 Series Firepower Appliances 1-rack-unit size is ideal at the Internet edge and in high-performance environments. It shows you what’s happening on your network, detects attacks earlier so you can act faster, and reduces management complexity.
Specifications
STT | Model | Cisco FPR4120-NGFW |
1 | System Performance | |
Throughput: FW + AVC (1024B) | 22 Gbps | |
Throughput: FW + AVC + IPS (1024B) | 19 Gbps | |
Maximum concurrent sessions, with AVC | 15,000,000 | |
Maximum new connections per second, with AVC | 118,000 | |
TLS (Hardware Decryption) | 7.1 Gbps | |
Throughput: NGIPS (1024B) | 27 Gbps | |
IPSec VPN Throughput (1024B TCP w/Fastpath) | 10 Gbps | |
Maximum VPN Peers | 20,000 | |
Multi-Instance Capable | Yes | |
Centralized management | Centralized configuration, logging, monitoring, and reporting are performed by the Management Center or alternatively in the cloud with Cisco Defense Orchestrator | |
Application Visibility and Control (AVC) | Standard, supporting more than 4000 applications, as well as geolocations, users, and websites | |
AVC: OpenAppID support for custom, open source, application detectors | Standard | |
Cisco Security Intelligence | Standard, with IP, URL, and DNS threat intelligence | |
Cisco Firepower NGIPS | Available; can passively detect endpoints and infrastructure for threat correlation and Indicators of Compromise (IoC) intelligence | |
Cisco AMP for Networks | Available; enables detection, blocking, tracking, analysis, and containment of targeted and persistent malware, addressing the attack continuum both during and after attacks. Integrated threat correlation with Cisco AMP for Endpoints is also optionally available | |
Cisco AMP Threat Grid sandboxing | Available | |
URL Filtering: number of categories | More than 80 | |
URL Filtering: number of URLs categorized | More than 280,000,000 | |
High availability and clustering | Active/standby. Cisco Firepower 4100 Series allows clustering of up to 6 chassis | |
2 | Physical interfaces | |
Network modules | 8 x 10 Gigabit Ethernet Enhanced Small Form-Factor Pluggable (SFP+) network modules 4 x 40 Gigabit Ethernet Quad SFP+ 8-port 1Gbps copper, FTW (fail to wire) 6-port 1 Gbps SX Fiber FTW (fail to wire) 6-port 10Gbps SR Fiber FTW (fail to wire) 6-port 10Gbps LR Fiber FTW (fail to wire) | |
Maximum number of interfaces | Up to 24 x 10 Gigabit Ethernet (SFP+) interfaces; up to 8 x 40 Gigabit Ethernet (QSFP+) interfaces with 2 network modules | |
Integrated I/O | ||
Integrated network management ports | 1 Gigabit Ethernet Supports 1-G fiber or copper SFPs | |
Serial port | 1 x RJ-45 console | |
USB Port | 1 x USB 2.0 | |
Storage | 200 GB | |
3 | Dimensions & Enviroment | |
Dimensions (H x W x D) | 1.75 x 16.89 x 29.7 in. (4.4 x 42.9 x 75.4 cm) | |
Weight | 36 lb (16 kg): 2 x power supplies, 2 x NMs, 6x fans; 30 lb (13.6 kg): no power supplies, no NMs, no fans | |
Form factor (rack units) | 1RU | |
Supervisor | Cisco Firepower 4000 Supervisor with 8 x 10 Gigabit Ethernet ports and 2 Network Module (NM) slots for I/O expansion | |
Power supplies | Single 1100W AC, dual optional. Single/dual 950W DC optional | |
AC input voltage | 100 to 240V AC | |
AC maximum input current | 13A | |
AC maximum output power | 1100W | |
AC frequency | 50 to 60 Hz | |
AC efficiency | >92% at 50% load | |
DC input voltage | -40V to -60VDC | |
DC maximum input current | 27A | |
DC maximum output power | 950W | |
DC efficiency | >92.5% at 50% load | |
Redundancy | 1+1 | |
Fans | 6 hot-swappable fans | |
Noise | 78 dBA | |
Rack mountable | Yes, mount rails included (4-post EIA-310-D rack) | |
Temperature: operating | 32 to 104°F (0 to 40°C) or NEBS operation | |
Temperature: nonoperating | -40 to 149°F (-40 to 65°C) | |
Humidity: operating | 5 to 95% noncondensing | |
Humidity: nonoperating | 5 to 95% noncondensing | |
Altitude: operating | 10,000 ft (max) or NEBS operation | |
Altitude: nonoperating | 40,000 ft (max) | |
Regulatory compliance | Products comply with CE markings per directives 2004/108/EC and 2006/108/EC | |
Safety | UL 60950-1, CAN/CSA-C22.2 No. 60950-1, EN 60950-1, IEC 60950-1, AS/NZS 60950-1, GB4943 | |
EMC: emissions | 47CFR Part 15 (CFR 47) Class A (FCC Class A), AS/NZS CISPR22 Class A, CISPR22 CLASS A, EN55022 Class A, ICES003 Class A, VCCI Class A, EN61000-3-2, EN61000-3-3, KN22 Class A , CNS13438 Class A, EN300386, TCVN7189 | |
EMC: Immunity | EN55024, CISPR24, EN300386, KN24, TVCN 7317 EN-61000-4-2, EN-61000-4-3, EN-61000-4-4, EN-61000-4-5, EN-61000-4-6, EN-61000-4-8, EN61000-4-11 |
Subscriptions
Firepower System Feature Licenses
Firepower Management Center Licensing
Management Center Hardware Model or Virtual Platform | License Requirements |
Firepower Management Center hardware (all models) | No license is required for FMC hardware. FMC can manage devices that use both Smart and Classic licenses |
Firepower Management Center virtual (all platforms) | A virtual Firepower Management Center requires an entitlement for each device it will manage, whether the devices use Smart or Classic licensing |
Required License Type (Smart or Classic) for Firepower Devices
Generally, it is the software, not the hardware, that determines whether your device requires a Classic or Smart License.
Some hardware supports either Classic or Smart Licenses, depending on the software running on the device.
Make sure you purchase and activate the correct license type for your software.
For details, see licensing information for the software product that will run on the device.
If you activate the wrong license type, contact Cisco TAC.
Use this table to determine whether your Firepower product requires Classic or Smart Licenses.
Device Hardware Model or Virtual Platform | Firepower Software (NGIPS) |
Firepower Threat Defense Software |
ASA FirePOWER Sofware |
ASA Software Without FirePOWER Services |
Cisco NGIPS for Blue Coat X-Series | Classic | — | — | See the important note in the next section. |
3D500, 3D1000, 3D2000 3D2100, 3D2500, 3D3500, 3D4500, 3D6500 (EOL) 3D9900 (EOL) |
Classic | — | — | See the important note in the next section. |
Firepower 7010, 7020, 7030, 7050 Firepower 7110, 7115 7120, 7125 AMP7150 |
Classic | — | — | See the important note in the next section |
Firepower 8120, 8130, 8140 Firepower 8250, 8260, 8270, 8290 Firepower 8350, 8360, 8370, 8390 AMP8050, AMP8150, AMP8350 |
Classic | — | — | See the important note in the next section. |
Virtual: VMware | Classic | Smart | — | See the important note in the next section |
Virtual: AWS | — | Smart | — | See the important note in the next section. |
Virtual: KVM | — | Smart | — | See the important note in the next section |
Virtual: Azure | — | Smart | — | See the important note in the next section |
ASA 5506-X, ASA 5506H-X, ASA 5506W-X, ASA 5508-X, ASA 5516-X |
— | Smart | Classic | See the important note in the next section |
ISA 3000 For supported software versions on this hardware, see the Compatibility Matrix at https://www.cisco.com/ c/en/us/support/security/defense-center/ products-device-support-tables-list.html. |
— | Smart Versions 6.2.3 and 6.3 support Threat license only. Support for Specific License Reservation was introduced in 6.4. |
Classic | See the important note in the next section |
ASA 5512-X, ASA 5515-X, ASA 5525-X, ASA 5545-X, ASA 5555-X |
— | Smart | Classic | See the important note in the next section |
ASA 5585-X-SSP-10, -20, -40, -60 | — | — | Classic | See the important note in the next section |
Firepower 1000 Series Firepower 2100 Series Firepower 4100 Series Firepower 9300 |
— | Smart | — | See the important note in the next section |
Licensing Instructions by Firepower Version
Use this table to find feature license instructions by Firepower version.
Important : For Firepower hardware that is not running Firepower software, see the documentation for the software product.
For example, for licensing information for Firepower hardware running Cisco Adaptive Security Appliance (ASA) software without FirePOWER Services software, see https://www.cisco.com/c/en/us/td/docs/security/ asa/roadmap/licenseroadmap.html.
Firepower Software Version |
License Type | Licensing Information For |
6.5 | Smart (including Specific License Reservation for devices managed by FMC) |
• Supported Firepower Threat Defense devices, managed by the Firepower Management Center: The “Licensing the Firepower System” chapter in the Firepower Management Center Configuration Guide for version 6.5, at https://www.cisco.com/c/en/us/td/docs/security/firepower/650/configuration/guide/ fpmc-config-guide-v65/licensing_the_firepower_system.html This chapter includes information about Specific License Reservation. • Supported Firepower Threat Defense devices, managed by Firepower Device Manager: The “Licensing the System” chapter in the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager for version 6.5, at https://www.cisco.com/c/en/us/td/docs/security/firepower/650/fdm/ fptd-fdm-config-guide-650/fptd-fdm-license.html |
Classic | • Cisco ASA with FirePOWER Services and NGIPSv, managed by the Firepower Management Center: The “Licensing the Firepower System” chapter in the Firepower Management Center Configuration Guide for version 6.5, at https://www.cisco.com/c/en/us/td/docs/security/firepower/650/configuration/guide/fpmc-config-guide-v65/licensing_the_firepower_system.html • Cisco ASA with FirePOWER Services, managed locally: The “Licensing the ASA FirePOWER Module” chapter in the Cisco ASA with FirePOWER Services Local Management Configuration Guide for version 6.5, at https://www.cisco.com/c/en/us/td/docs/security/firepower/650/asa-fp-services/ asafps-local-mgmt-config-guide v65/licensing_the_asa_firepower_module.html |
|
6.4 | Smart (including Specific License Reservation for devices managed by FMC) |
• Supported Firepower Threat Defense devices, managed by the Firepower Management Center: The “Licensing the Firepower System” chapter in the Firepower Management Center Configuration Guide for version 6.4, at https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/ fpmc-config-guide-v64/licensing_the_firepower_system.html This chapter includes information about Specific License Reservation. • Supported Firepower Threat Defense devices, managed by Firepower Device Manager: The “Licensing the System” chapter in the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager for version 6.4, at https://www.cisco.com/c/en/us/td/docs/security/firepower/640/fdm/ fptd-fdm-config-guide-640/fptd-fdm-license.html |
Classic | • Cisco ASA with FirePOWER Services, Firepower 7000 and 8000 Series devices, and NGIPSv, managed by the Firepower Management Center: The “Licensing the Firepower System” chapter in the Firepower Management Center Configuration Guide for version 6.4, at https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/ fpmc-config-guide-v64/licensing_the_firepower_system.html • Cisco ASA with FirePOWER Services, managed locally: The “Licensing the ASA FirePOWER Module” chapter in the Cisco ASA with FirePOWER Services Local Management Configuration Guide for version 6.4, at https://www.cisco.com/c/en/us/td/docs/security/firepower/640/asa-fp-services/ asafps-local-mgmt-config-guide-v64/licensing_the_asa_firepower_module.html |
|
6.3 | Smart (including Specific License Reservation for devices managed by FMC) |
• Supported Firepower Threat Defense devices, managed by the Firepower Management Center: The “Licensing the Firepower System” chapter in the Firepower Management Center Configuration Guide for version 6.3, at: https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/ fpmc-config-guide-v63/licensing_the_firepower_system.html This chapter includes information about Specific License Reservation. • Supported Firepower Threat Defense devices, managed by Firepower Device Manager: The “Licensing the System” chapter in the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager for version 6.3, at https://www.cisco.com/c/en/us/td/docs/security/firepower/630/fdm/ fptd-fdm-config-guide-630/fptd-fdm-license.html |
Classic | • Cisco ASA with FirePOWER Services, managed locally: The “Licensing the ASA FirePOWER Module” chapter in the Cisco ASA with FirePOWER Services Local Management Configuration Guide for version 6.3, at https://www.cisco.com/c/en/us/td/docs/security/firepower/630/asa-fp-services/ asafps-local-mgmt-config-guide-v63/licensing_the_asa_firepower_module.html • Cisco ASA with FirePOWER Services, Firepower 7000 and 8000 Series devices, and NGIPSv, managed by the Firepower Management Center: The “Licensing the Firepower System” chapter in the Firepower Management Center Configuration Guide for version 6.3, at https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/ fpmc-config-guide-v63/licensing_the_firepower_system.html |
|
6.2.3 | Smart | • Supported Firepower Threat Defense devices, managed by the Firepower Management Center: The “Licensing the Firepower System” chapter in the Firepower Management Center Configuration Guide for version 6.2.3, at: https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/ fpmc-config-guide-v623/licensing_the_firepower_system.html • Supported Firepower Threat Defense devices, managed by Firepower Device Manager: The “Licensing the System” chapter in the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager for version 6.2.3, at https://www.cisco.com/c/en/us/td/docs/security/firepower/623/fdm/ fptd-fdm-config-guide-623/fptd-fdm-license.html |
Classic | • Cisco ASA with FirePOWER Services, managed locally: The “Licensing the ASA FirePOWER Module” chapter in the Cisco ASA with FirePOWER Services Local Management Configuration Guide for version 6.2.3, at https://www.cisco.com/c/en/us/td/docs/security/firepower/623/asa-fp-services/ asa-with-firepower-services-local-management-configuration-guide-v623/ Licensing.html • Cisco ASA with FirePOWER Services, Firepower 7000 and 8000 Series devices, and NGIPSv, managed by the Firepower Management Center: The “Licensing the Firepower System” chapter in the Firepower Management Center Configuration Guide for version 6.2.3, at https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/ fpmc-config-guide-v623/licensing_the_firepower_system.html |
|
6.2.2 | Smart | • Supported Firepower Threat Defense devices, managed by the Firepower Management Center: Licensing the Firepower System • Supported Firepower Threat Defense devices, managed by Firepower Device Manager: Licensing the System |
Classic | • Cisco ASA with FirePOWER Services, managed locally: Licensing the ASA FirePOWER Module • Cisco ASA with FirePOWER Services, Firepower 7000 and 8000 Series devices, and NGIPSv, managed by the Firepower Management Center: Licensing the Firepower System |
|
6.2.1 | Smart | • Supported Firepower Threat Defense devices, managed by the Firepower Management Center: Licensing the Firepower System • Supported Firepower Threat Defense devices, managed by Firepower Device Manager: Licensing the System |
Classic | — | |
6.2.0.x | Smart | • Firepower Threat Defense devices, managed by the Firepower Management Center: Licensing the Firepower System • Firepower Threat Defense devices, managed by Firepower Device Manager: Licensing the System |
Classic | • Cisco ASA with FirePOWER Services, managed locally: Licensing the ASA FirePOWER Module • Cisco ASA with FirePOWER Services, Firepower 7000 and 8000 Series devices, and NGIPSv, managed by the Firepower Management Center: Licensing the Firepower System |
|
6.1.0.x | Smart | • Firepower Threat Defense devices, managed by the Firepower Management Center: Licensing the Firepower System • Firepower Threat Defense devices, managed by the Firepower Device Manager: Licensing the System |
Classic | • Cisco ASA with FirePOWER Services, managed locally: Licensing the ASA FirePOWER Module • Cisco ASA with FirePOWER Services, Firepower 7000 and 8000 Series devices, and NGIPSv, managed by the Firepower Management Center: Licensing the Firepower System |
Specs
System Performance
Firewall throughput | 60 Gbps |
Firewall throught (Stateful inspection multiprotocol) | 30 Gbps |
Firewall Latency | 3.5 (UDP 64B microseconds) |
Concurrent connections | 15,000,000 |
New connections/sec | 250,000 |
IPSec VPN throughput | 10 Gbps (450B UDP L2L test) |
Maximum VPN Peers | 15,000 |
Security contexts (included; maximum) | 10; 250 |
High Availability Configurations | Active/active and active/standby |
Clustering | Up to 16 appliances |
Scalability | VPN Load Balancing, Firewall Clustering. |
Centralized management | Centralized configuration, logging, monitoring, and reporting are performed by Cisco Security Manager or alternatively in the cloud with Cisco Defense Orchestrator |
Adaptive Security | Web-based, local management for small-scale deployments |
Physical interfaces
GE RJ45 Ports | 8 x 10 Gigabit Ethernet ports and 2 Network Module (NM) slots for I/O expansion |
Network modules | ● 8 x 10 Gigabit Ethernet Enhanced Small Form-Factor Pluggable (SFP+) network modules ● 4 x 40 Gigabit Ethernet Quad SFP+ network modules ● 8-port 1Gbps copper, FTW (fail to wire) Network Module ◦ 6-port 1 Gbps SX Fiber FTW (fail to wire) Network Module ◦ 6-port 10Gbps SR Fiber FTW (fail to wire) Network Module ◦ 6-port 10Gbps LR Fiber FTW (fail to wire) Network Module |
Maximum number of interfaces | Up to 24 x 10 Gigabit Ethernet (SFP+) interfaces; up to 8 x 40 Gigabit Ethernet (QSFP+) interfaces with 2 network modules |
Integrated network management ports | 1 Gigabit Ethernet | Supports 1-G fiber or copper SFPs |
I/O ports | Integrated network management ports: 1 Gigabit Ethernet Supports 1 -G fiber or copper SFPs, Serial port: 1 x RJ-45 console, USB: 1 x USB 2.0 |
USB Port | 1 x USB 2.0 |
Console Port | 1 x RJ-45 console |
Storage | 200 GB |
Dimensions & Enviroment
Dimensions Width x Depth x Height (inches) | 42.9 x 75.4 x 4.4 cm |
Weight | 36 lb (16 kg): 2 x power supplies, 2 x NMs, 6x fans; 30 lb (13.6 kg): no power supplies, no NMs, no fans |
Power supply | Single 1100W AC, dual optional. Single/dual 950W DC optional |
AC input voltage | 100 to 240V AC |
AC maximum input current | 13A |
AC maximum output power | 1100W |
AC frequency | 50 to 60 Hz |
AC efficiency | >92% at 50% load |
DC input voltage | -40V to -60VDC |
DC maximum input current | 27A |
DC maximum output power | 950W |
DC efficiency | >92.5% at 50% load |
Redundancy | 1+1 |
Fans | 6 hot-swappable fans |
Safety | ● UL 60950-1 ● CAN/CSA-C22.2 No. 60950-1 ● EN 60950-1 ● IEC 60950-1 ● AS/NZS 60950-1 ● GB4943 |
Operating Temperature | 32 to 104°F (0 to 40°C) or NEBS operation (see below) |
Non-operating temperature | -40 to 149°F (-40 to 65°C) |
Humidity | 5 to 95% noncondensing |
Noise Level | 78 dBA |
Operating Attitude | 10,000 ft (max) or NEBS operation (see below) |
Non Operating Altitude | 40,000 ft (max) |
NEBS operation (FPR xxxx only) | Operating altitude: 0 to 13,000 ft (3960 m) | Operating temperature: Long term: 0 to 45°C, up to 6,000 ft (1829 m) | Long term: 0 to 35°C, 6,000 to 13,000 ft (1829 to 3964 m) | Short term: -5 to 50°C, up to 6,000 ft (1829 m) |
Regulatory Compliance | Products comply with CE markings per directives 2004/108/EC and 2006/108/EC |
EMC: emissions | ● 47CFR Part 15 (CFR 47) Class A (FCC Class A) ● AS/NZS CISPR22 Class A ● CISPR22 CLASS A ● EN55022 Class A ● ICES003 Class A ● VCCI Class A ● EN61000-3-2 ● EN61000-3-3 ● KN22 Class A ● CNS13438 Class A ● EN300386 ● TCVN7189 |
EMC: Immunity | ● EN55024 ● CISPR24 ● EN300386 ● KN24 ● TVCN 7317 ● EN-61000-4-2, EN-61000-4-3, EN-61000-4-4, EN-61000-4-5, EN-61000-4-6, EN-61000-4-8, EN61000-4-11 |