Migrate to cisco firepower 2100 series

Page 1

Migrate to Cisco Firepower 2100 Series/NGFW Security Platforms The trending Cisco’s security product in 2018 is Firepower 2100 Series. The Cisco Firepower 2100 Series is a family of four threat-focused NGFW security platforms that deliver business resiliency through superior threat defense. It offers exceptional sustained performance when advanced threat functions are enabled. These platforms uniquely incorporate an innovative dual multicore CPU architecture that optimizes firewall, cryptographic, and threat inspection functions simultaneously. The series’ firewall throughput range addresses use cases from the Internet edge to the data center. Network Equipment Building Standards (NEBS)compliance is supported by the Cisco Firepower 2100 Series platform. Cisco Firepower 2100 Series can be deployed either as a NextGeneration Firewall (NGFW) or as a Next-Generation IPS (NGIPS). They are perfect for the Internet edge and all the way in to the data center. Cisco Firepower NGFW

Four new models are available: 2110, 2120, 2130, and 2140

Migration to Cisco NGFW-Firepower 2100 Series Legacy Firewalls Cisco ASA 5520 Cisco ASA 5520 Cisco ASA 5550

Migration to Cisco NGFW Cisco Firepower 2100 Series Cisco Firepower 2100 Series Cisco Firepower 2100 Series

Performance Specifications and Feature Highlights for Physical and Virtual Appliances with the Cisco Firepower Threat Defense Image Features

Cisco Firepower Model NGFWv

2110

2120

2130

2140

Throughput: FW + 1.2 Gbps AVC

2.0 Gbps

3 Gbps 4.75 Gbps

8.5 Gbps

Throughput: AVC + IPS

2.0 Gbps

3 Gbps 4.75 Gbps

8.5 Gbps

Maximum concurrent 100,000 sessions, with AVC

1 million

1.2 million

2 million 3.0 million

Maximum new connections per second, with AVC

10,000

12,000

16,000

24,000

40,000

IPSec VPN Throughput (1024B TCP w/Fastpath)

-

750 Mbps 1 Gbps

1.5 Gbps

3 Gbps

1500

3500

7500

10000

Yes

Yes

Yes

1.1 Gbps

Maximum VPN Peers Cisco Firepower Device Manager (local management)

Yes (VMware Yes only)

Centralized manage ment

Centralized configuration, logging, monitoring, and reporting are performed by the Management Center or alternatively in the cloud with Cisco Defense Orchestrator

Features

Cisco Firepower Model NGFWv

Application Visibility and Control (AVC)

2110

2120

2130

2140

Standard, supporting more than 4000 applications, as well as geolocations, users, and websites

AVC: OpenAppID Standard support for custom, open source, application detectors Cisco Security Intelligence

Standard, with IP, URL, and DNS threat intelligence

Cisco Firepower NGIPS

Available; can passively detect endpoints and infrastructure for threat correlation and Indicators of Compromise (IoC) intelligence

Cisco AMP for Networks

Available; enables detection, blocking, tracking, analysis, and containment of targeted and persistent malware, addressing the attack continuum both during and after attacks. Integrated threat correlation with Cisco AMP for Endpoints is also optionally available

Cisco AMP Threat Grid sandboxing

Available

URL Filtering: More than 80 number of categories URL Filtering: number of URLs categorized

More than 280 million

Automated threat feed and IPS signature updates

Yes: class-leading Collective Security Intelligence (CSI) from the Cisco Talos Group (https://www.cisco.com/c/en/us/products/security/tal os.html)

Features

Cisco Firepower Model NGFWv

2110

2120

2130

2140

Third-party and open-source ecosystem

Open API for integrations with third-party products; SnortÂŽ and OpenAppID community resources for new and specific threats

High availability and clustering

Active/Standby for ESXi and KVM

Active/standby; for Cisco Firepower 9300 intrachassis clustering of up to 5 chassis is allowed; Cisco Firepower 4100 Series allows clustering of up to 6 chassis

VLANs maximum

-

1024

Cisco Trust Anchor Technologies

-

ASA 5506-X, 5508-X, and 5516-X appliances, Firepower 2100 Series and Firepower 4100 Series and 9300 platforms include Trust Anchor Technologies for supply chain and software image assurance. Please see the section below for additional details

Note: Throughput assumes HTTP sessions with an average packet size of 1024 bytes. Performance will vary depending on features activated, and network traffic protocol mix, packet size characteristics and hypervisor employed (NGFWv). Performance is subject to change with new software releases. Consult your Cisco representative for detailed sizing guidance. Learn more: ASA Performance and Capabilities on Firepower 2100 Series Appliances Firepower 2100 Series PIDs The following table lists all of the PIDs associated with the Firepower 2100 series. See the show inventory and show inventory expand commands in the Cisco FXOS Troubleshooting Guide for the Firepower 2100 Series to display a list of the PIDs for your Firepower 2100.

PID

Description

FPR2110-NGFW-K9 Cisco Firepower 2110 NGFW appliance 1 RU FPR2120-NGFW-K9 Cisco Firepower 2120 NGFW appliance 1 RU FPR2130-NGFW-K9 Cisco Firepower 2130 NGFW appliance 1 RU with 1 network module bay FPR2140-NGFW-K9 Cisco Firepower 2140 NGFW appliance 1 RU with 1 network module bay FPR2110-ASA-K9

Cisco Firepower 2110 ASA appliance 1 RU

FPR2120-ASA-K9

Cisco Firepower 2120 ASA appliance 1 RU

FPR2130-ASA-K9

Cisco Firepower 2130 ASA appliance 1 RU with 1 network module bay

FPR2140-ASA-K9

Cisco Firepower 2140 ASA appliance 1 RU with 1 network module bay

FPR2110-K9=

Firepower 2110 appliance 1 RU with no power supply or fan (spare)

FPR2120-K9=

Firepower 2120 appliance 1 RU with no power supply or fan (spare)

FPR2130-K9=

Firepower 2130 appliance with 1 network module bay and no power supply or fan (spare)

FPR2140-K9=

Firepower 2140 appliance with 1 network module bay and no power supply or fan (spare)

FPR2K-PWR-DC350

350W DC power supply

FPR2K-PWR-DC350=

350W DC power supply (spare)

FPR2K-PWR-AC400

400W AC power supply

FPR2K-PWR-AC400=

400W AC power supply (spare)

FPR2K-PSU-BLANK

Power supply blank slot cover

PID

Description

FPR2110-NGFW-K9 Cisco Firepower 2110 NGFW appliance 1 RU FPR2K-PSUBLANK=

Power supply blank slot cover (spare)

FPR2K-SSD100

SSD for Firepower 2110 and 2120

FPR2K-SSD100=

SSD for Firepower 2110 and 2120 (spare)

FPR2K-SSD200

SSD for Firepower 2130 and 2140

FPR2K-SSD200=

SSD for Firepower 2130 and 2140 (spare)

FPR2K-SSD-BBLKD

SSD slot carrier

FPR2K-SSDBBLKD=

SSD slot carrier (spare)

FPR-MSP-SSD

MSP SSD

FPR-MSP-SSD=

MSP SSD (spare)

FPR2K-FAN

Fan tray for the Firepower 2130 and 2140

FPR2K-FAN=

Fan tray for the Firepower 2130 and 2140 (spare)

FPR2K-NM-8X10G

8-port SFP+ network module

FPR2K-NM8X10G=

8- port SFP+ network module (spare)

FPR2K-NM-BLANK

Network module blank slot cover

FPR2K-NMBLANK=

Network module blank slot cover (spare)

FPR2K-CBL-MGMT

Cable management brackets

FPR2K-CBLMGMT=

Cable management brackets (spare)

FPR2K-RM-BRKT=

Rackmount brackets (spare)

FPR2K-SLIDERAILS

Slide rail kit

PID

Description

FPR2110-NGFW-K9 Cisco Firepower 2110 NGFW appliance 1 RU FPR2K-SLIDERAILS=

Slide rail kit (spare)

FPR2K-RAILBRKT=

Slide rail brackets (spare)

See Product IDs for a list of the product IDs (PIDs) associated with the 2100 series. Get the Best Prices on Firepower 2100 Series

More Related Finding the Sweet Spot–Firepower 2100 The New Cisco Firepower 2100 Series How to Deploy the Cisco ASA FirePOWER Services in the Internet Edge, VPN Scenarios and Data Center? The Most Common NGFW Deployment Scenarios

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.