Articles
recent

Cisco Next Generation Firewalls : Cisco Firepower 2100 Series

Today I am going to talk about the Cisco Next Generation Firewalls named as Cisco Firepowers. Firepower is gaining the market with the best features of NGFW. Cisco uses both images of ASA and NGFW with various features.

In this article I am specifically talking about the Cisco Firepower 2100 Series. You can have two different models with the various licensing models in Cisco 2100 series firewall. One model is Cisco Firepower with ASA image where you can have the same capabilities of ASA CLI model and the other Cisco model is Cisco Firepower with NGFW image. 

Let's talk about NGFW image, Cisco Firepower 2100 with NGFW image ( Next Generation Firewall) having Application visibility inbuilt and have three other licensing which will provide you the features of NGIPS ( Cisco Next-Generation Intrusion Prevention System) , AMP ( Advance Malware Protection) , Content filtering ( URL filtering ). 


Fig 1.1- Cisco Firepower 2100 Series

Now If you are going to have the customer who wants the next generation firewalls, ofcourse Cisco Firepower with NGFW image is there to support you. Let me talk about the general features of Cisco Firepower 2100 Series Next Generation firewall with the Management console named as Cisco Firesight Management Center.


General Information
  • Throughput FW + AVC (Cisco Firepower Threat Defense): 8.5 Gbps*
  • Throughput FW + AVC + NGIPS (Cisco Firepower Threat Defense): 8.5 Gbps*
  • Throughput FW + AVC: 8.5 Gbps*
  • Throughput AVC + IPS: 8.5 Gbps*
  • Maximum concurrent sessions, with AVC: 3.5 million
  • Maximum new connections per second, with AVC: 40,000
  • Maximum VLANs: 1024
*NOTE: HTTP sessions with an average packet size of 1024 bytes
Ports/Connectors

Slots: 
  • Network Module Slot - 1Qty
Ports:
  • 1 GbE Base-T RJ45 - 12 Qty
  • 10GbE SFP+ - 4Qty
  • 10GbE SFP+ network module - 8 Qty
  • 1GbE RJ45 management - 1 Qty
  •  Serial console RJ45- 1 Qty
  •  USB 2.0 Type A- 1 Qty
  •  Up to (24) total Ethernet ports (12xGbE RJ45, 4x10GbE SFP+, 8x10GbE SFP+ net mod)
Licensing
  • L-FPR2140T-T= This License stands for the NGIPS feature in Cisco Firepower 2100 Series
  • L-FPR2140T-TM= This License stands for the NGIPS+ AMP feature in Cisco Firepower 2100 Series
  • L-FPR2140T-TMC= This License stands for the NGIPS+AMP+URL filtering feature
Firesight Management 
For Firesight Management we have two different options to discuss, One is to have the virtual instance of Management on VMs and the other option is to take the dedicate physical appliance.
  • FS-VMW-SW-K9: This License will provide you the Virtual Instance of Firesight Management on VM with maximum of 25 device.
  • FS-VMW-SW-2-K9:This License will provide you the Virtual Instance of Firesight Management on VM with maximum of 2 device.
  • FMC1000-K9 : This is a 1000 device managed FireSight management Dedicated appliances.
  • FMC2500-K9 : This is a 2500 device managed FireSight management Dedicated appliances.
Below is the image showing the comparison of the Cisco Firepower and the Palo-Alto when using with the NGIPS image with the NGFW.
Fig 1.2- Cisco Vs Palo-Alto NGFW+NGIPS


Please let me know if there is any confusion to have the BOQ and the design for the Cisco Firepower requirement.

Popular Posts

Powered by Blogger.