Data sheet

Cisco public

Cisco Firepower 2100 Series

Cisco Secure Firewall

Cisco Secure IPS

© 2020 Cisco and/or its affiliates. All rights reserved. Page 1 of 6

Contents
Cisco Firepower 2100 Series appliances.................................................................................................. 3
Model overview ......................................................................................................................................... 3
Cisco Firepower 2100 series summary: .................................................................................................. 3
Detailed performance specifications and feature highlights ..................................................................... 3
Hardware specifications ............................................................................................................................ 5
Cisco Capital ............................................................................................................................................. 7
Flexible payment solutions to help you achieve your objectives ............................................................. 7

© 2020 Cisco and/or its affiliates. All rights reserved. Page 2 of 6

Cisco Firepower 2100 Series appliances
The Cisco Firepower 2100 Series is a family of four threat-focused security platforms that deliver business
resiliency and superior threat defense. They offers exceptional sustained performance when advanced threat
functions are enabled. These platforms uniquely incorporate an innovative dual multicore CPU architecture that
optimizes firewall, cryptographic, and threat inspection functions. The series’ firewall throughput range addresses
use cases from the Internet edge to the data center. Network Equipment Building Standards (NEBS)- compliance
is supported by the Cisco Firepower 2130 platform. 2100 Series platforms run either the Cisco Secure Firewall
ASA or Threat Defense (FMC) software. They can be deployed in both firewall and dedicated IPS modes.

Model overview

Cisco Firepower 2100 series summary:

Model Firewall NGFW IPS Throughput Interfaces Optional interfaces

FPR-2110 3G 2.3G 2.3G 12 x RJ45, 4 x SFP N/A

FPR-2120 6G 3G 3G 12 x RJ45, 4 x SFP N/A

FPR-2130 10G 5G 5G 12 x RJ45, 4 x SFP+ 10G SFP+, 1/10G FTW

FPR-2140 20G 9G 9G 12 x RJ45, 4 x SFP+ 10G SFP+, 1/10G FTW

Detailed performance specifications and feature highlights

Table 1.: Performance specifications and feature highlights for 2100 Series with Cisco Threat Defense software

Features 2110 2120 2130 2140

Throughput: FW + AVC (1024B) 2.3 Gbps 3 Gbps 5 Gbps 9 Gbps

Throughput: FW + AVC + IPS (1024B) 2.3 Gbps 3 Gbps 5 Gbps 9 Gbps

Maximum concurrent sessions, with AVC 1 million 1.5 million 2 million 3 million

Maximum new connections per

14K 17K 27K 57K
second, with AVC

TLS 365 Mbps 475 Mbps 735 Mbps 1.4 Gbps

Throughput: IPS (1024B) 2.3 Gbps 3 Gbps 5 Gbps 9 Gbps

IPSec VPN Throughput (1024B TCP w/Fastpath) 800 Mbps 1 Gbps 1.6 Gbps 3.2 Gbps

Maximum VPN Peers 1,500 3,500 7,500 10,000

© 2020 Cisco and/or its affiliates. All rights reserved. Page 3 of 6

 Features 2110 2120 2130 2140

Cisco Firepower Device Manager Yes Yes Yes Yes

(local management)

Centralized configuration, logging, monitoring, and reporting are performed by the

Centralized management
Management Center or alternatively in the cloud with Cisco Defense Orchestrator

Standard, supporting more than 4000 applications, as well as geolocations, users, and
Application Visibility and Control (AVC)
websites

AVC: OpenAppID support for custom, open

Standard
source, application detectors

Cisco Security Intelligence Standard, with IP, URL, and DNS threat intelligence

Available; can passively detect endpoints and infrastructure for threat correlation an d
Cisco Firepower NGIPS
Indicators of Compromise (IoC) intelligence

Available; enables detection, blocking, tracking, analysis, and containment of targeted

Cisco AMP for Networks and persistent malware, addressing the attack continuum both during and after attacks.
Integrated threat correlation with Cisco Secure Endpoint is also optionally available

Cisco AMP Threat Grid sandboxing Available

URL Filtering: number of categories More than 80

URL Filtering: number of URLs categorized More than 280 million

Automated threat feed and IPS Yes: class-leading Collective Security Intelligence (CSI) from the Cisco Talos Group
signature updates (https://www.cisco.com/c/en/us/products/security/talos.html)

Open API for integrations with third-party products; Snort® and OpenAppID community
Third-party and open-source ecosystem
resources for new and specific threats

High availability and clustering Active/standby

Firepower 2100 Series platforms include Trust Anchor Technologies for supply chain
Cisco Trust Anchor Technologies
and software image assurance. Please see the section below for additional details

NOTE: Performance will vary depending on features activated, and network traffic protocol mix, and packet size
characteristics. Performance is subject to change with new software releases. Consult your Cisco representative
for detailed sizing guidance.
Table 2.: ASA Performance and capabilities on Firepower 2100 appliances

Features 2110 2120 2130 2140

Stateful inspection firewall throughput1 3 Gbps 6 Gbps 10 Gbps 20 Gbps

Stateful inspection firewall throughput

1.5 Gbps 3 Gbps 5 Gbps 10 Gbps
(multiprotocol)2

Concurrent firewall connections 1 million 1.5 million 2 million 3 million

Firewall latency (UDP 64B

- - - -
microseconds)

New connections per second 18,000 28,000 40,000 75,000

IPsec VPN throughput (450B UDP L2L

500 Mbps 700 Mbps 1 Gbps 2 Gbps
test)

Maximum VPN Peers 1,500 3,500 7,500 10,000

Security contexts (included; maximum) 2; 25 2; 25 2; 30 2; 40

Active/active and Active/active and Active/active and Active/active and

High availability
active/standby active/standby active/standby active/standby

Clustering

Scalability VPN Load Balancing

© 2020 Cisco and/or its affiliates. All rights reserved. Page 4 of 6

 Features 2110 2120 2130 2140

Centralized configuration, logging, monitoring, and reporting are performed by Cisco Security
Centralized management
Manager or alternatively in the cloud with Cisco Defense Orchestrator

Adaptive Security Device Manager Web-based, local management for small-scale deployments
1
Throughput measured with 1500B User Datagram Protocol (UDP) traffic measured under ideal test conditions.
2
“Multiprotocol” refers to a traffic profile consisting primarily of TCP-based protocols and applications like HTTP, SMTP, FTP,
IMAPv4, BitTorrent, and DNS.
3
In unclustered configuration.

Performance testing methodologies LINK

Hardware specifications
Table 3.: Cisco Firepower 2100 Series hardware specifications

Features Cisco Firepower Model

2110 2120 2130 2140

1.73 x 16.90 x 19.76 1.73 x 16.90 x 19.76 1.73 x 16.90 x 19.76 1.73 x 16.90 x 19.76
Dimensions (H x W x D) in. (4.4 x 42.9 x 50.2 in. (4.4 x 42.9 x 50.2 in. (4.4 x 42.9 x 50.2 in. (4.4 x 42.9 x 50.2
cm) cm cm) cm)

Form factor (rack units) 1RU 1RU 1RU 1RU

12 x 10M/100M/ 12 x 10M/100M/ 12 x 10M/100M/ 12 x 10M/100M/

1GBASE-T Ethernet 1GBASE-T Ethernet 1GBASE-T Ethernet 1GBASE-T Ethernet
Integrated I/O interfaces (RJ- 45), 4 interfaces (RJ- 45), 4 interfaces (RJ- 45), 4 interfaces (RJ- 45), 4
x 1 Gigabit (SFP) x 1 Gigabit (SFP) x 10 Gigabit (SFP+) x 10 Gigabit (SFP+)
Ethernet interfaces Ethernet interfaces Ethernet interfaces Ethernet interfaces

10G SFP+, 1/10G FTW 10G SFP+, 1/10G FTW

Network modules None None
Options Options

Note: The 2100 Series appliances may also be deployed as dedicated threat sensors with fail -to-wire network modules. Please
contact your Cisco representative for details.

Up to 24 total Ethernet Up to 24 total Ethernet

Up to 16 total Ethernet Up to 16 total Ethernet
ports (12x1G RJ-45, ports (12x1G RJ-45,
Maximum number of interfaces ports, (12x1G RJ-45, ports, (12x1G RJ-45,
4x10G SFP+, and 4x10G SFP+, and
4x1G SFP) 4x1G SFP)
network module network module

1 x 10M/100M/ 1 x 10M/100M/ 1 x 10M/100M/ 1 x 10M/100M/

Integrated network management
1GBASE-T Ethernet 1GBASE-T Ethernet 1GBASE-T Ethernet 1GBASE-T Ethernet
ports
port (RJ-45) port (RJ-45) port (RJ-45) port (RJ-45)

Serial port 1 x RJ-45 console 1 x RJ-45 console 1 x RJ-45 console 1 x RJ-45 console

1 x USB 2.0 Type-A 1 x USB 2.0 Type-A 1 x USB 2.0 Type-A 1 x USB 2.0 Type-A
USB
(500mA) (500mA) (500mA) (500mA)
1x 100 GB, 1x spare 1x 100 GB, 1x spare 1x 200 GB, 1x spare 1x 200 GB, 1x spare
Storage
slot (for MSP) slot (for MSP) slot (for MSP) slot (for MSP)

Single 400W AC, Dual

Single integrated Single integrated Dual 400W AC.
400W AC optional.
Power supply configuration 250W AC power 250W AC power Single/dual 350W DC
Single/Dual 350W DC
supply. supply. optional1
optional1

AC input voltage 100 to 240V AC 100 to 240V AC 100 to 240V AC 100 to 240V AC
AC maximum input current < 2.7A at 100V < 2.7A at 100V < 6A at 100V < 6A at 100V

AC maximum output power 250W 250W 400W 400W

AC frequency 50 to 60 Hz 50 to 60 Hz 50 to 60 Hz 50 to 60 Hz

AC efficiency >88% at 50% load >88% at 50% load >89% at 50% load >89% at 50% load

DC input voltage - - -48V to -60VDC -48V to -60VDC

© 2020 Cisco and/or its affiliates. All rights reserved. Page 5 of 6

 Features Cisco Firepower Model

DC maximum input current - - < 12.5A at -48V < 12.5A at -48V

DC maximum output power - - 350W 350W

DC efficiency >88% at 50% load >88% at 50% load

1+1 AC or DC with 1+1 AC or DC with

Redundancy None None
dual supplies dual supplies

4 integrated (2 4 integrated (2
1 hot-swappable fan 1 hot-swappable fan
Fans internal, 2 exhaust) internal, 2 exhaust)
module (with 4 fans)2 module (with 4 fans)2
fans2 fans2
56 dBA @ 25C 56 dBA @ 25C 56 dBA @ 25C 56 dBA @ 25C
Noise 74 dBA at highest 74 dBA at highest 77 dBA at highest 77 dBA at highest
system performance. system performance. system performance. system performance.

Yes. Fixed mount Yes. Fixed mount

brackets included. (2- brackets included. (2- Yes. Mount rails Yes. Mount rails
Rack mountable post). Mount rails post). Mount rails included (4-post EIA- included (4-post EIA-
optional (4-post EIA- optional (4-post EIA- 310-D rack) 310-D rack)
310-D rack) 310-D rack)

19.4 lb (8.8 kg) 1 x 21 lb (9.53 kg) 2 x

16.1 lb (7.3 kg): with 16.1 lb (7.3 kg): with power supplies, 1 x power supplies, 1 x
Weight
2x SSDs 2x SSDs NM, 1 x fan module, NM, 1 x fan module,
2x SSDs 2x SSDs

32 to 104°F (0 to
32 to 104°F (0 to 32 to 104°F (0 to 40°C) or NEBS 32 to 104°F (0 to
Temperature: operating
40°C) 40°C) operation (see 40°C)
below)3

-4 to 149°F (-20 to -4 to 149°F (-20 to -4 to 149°F (-20 to -4 to 149°F (-20 to

Temperature: nonoperating
65°C) 65°C) 65°C) 65°C)

10 to 85% 10 to 85% 10 to 85% 10 to 85%

Humidity: operating
noncondensing noncondensing noncondensing noncondensing
5 to 95% 5 to 95% 5 to 95% 5 to 95%
Humidity: nonoperating
noncondensing noncondensing noncondensing noncondensing

10,000 ft (max) or
Altitude: operating 10,000 ft (max) 10,000 ft (max) NEBS operation (see 10,000 ft (max)
below)3

Altitude: nonoperating 40,000 ft (max) 40,000 ft (max) 40,000 ft (max) 40,000 ft (max)

Operating altitude:
0 to 13,000 ft
(3962 m)
Operating temperature:
Long term: 0 to
45°C, up to 6,000 ft
(1829 m)
NEBS operation (FPR- 2130 Only)3
Long term: 0 to 35°C,
6,000 to 13,000 ft
(1829 to
3964 m)
Short term: -5 to
55°C, up to 6,000 ft
(1829 m)

© 2020 Cisco and/or its affiliates. All rights reserved. Page 6 of 6

1
Dual power supplies are hot-swappable.
2
Fans operate in a 3+1 redundant configuration where the system will continue to function with only 3 operational fans. The 3
remaining fans will run at full speed.
3
FPR-2130 platform is designed to be NEBS ready. The availability of NEBS certification is pending.

Table 4.: Cisco Firepower 2100 Series NEBS, Regulatory, Safety, and EMC Compliance

Specification Description

Regulatory compliance Products comply with CE markings per directives 2004/108/EC and 2006/108/EC

• UL 60950-1
• CAN/CSA-C22.2 No. 60950-1
• EN 60950-1
Safety
• IEC 60950-1
• AS/NZS 60950-1
• GB4943

• 47CFR Part 15 (CFR 47) Class A (FCC Class A)

• AS/NZS CISPR22 Class A
• CISPR22 CLASS A
• EN55022 Class A
• ICES003 Class A
• VCCI Class A
EMC: emissions
• EN61000-3-2
• EN61000-3-3
• KN22 Class A
• CNS13438 Class A
• EN300386
• TCVN7189

• EN55024
• CISPR24
• EN300386
EMC: Immunity • KN24
• TVCN 7317
• EN-61000-4-2, EN-61000-4-3, EN-61000-4-4, EN-61000-4-5, EN-61000-4-6, EN-61000-4-8,
EN61000-4-11

Cisco Capital
Flexible payment solutions to help you achieve your objectives

Cisco Capital makes it easier to get the right technology to achieve your objectives, enable business
transformation and help you stay competitive. We can help you reduce the total cost of ownership, conserve
capital, and accelerate growth. In more than 100 countries, our flexible payment solutions can help you acquire
hardware, software, services and complementary third-party equipment in easy, predictable payments.
Learn more.

PROJECT NUMBER C78-742473-02 01/21

© 2020 Cisco and/or its affiliates. All rights reserved. Page 7 of 6