Cisco Firepower 2100 Series
Cisco 2100 Firepower has superior architecture and improvements to more than 200 percent throughput to eliminate bottlenecks – from the Internet edge to the data center.
The Cisco Firepower 2100 Series is a family of four threat-focused NGFW security platforms that deliver business resiliency through threat defense while increasing network reliability.
When advanced threat functions are enabled, it offers exceptional sustained performance. These platforms uniquely incorporate an innovative dual multi-core CPU architecture that optimizes firewall, cryptographic, and threat inspection functions simultaneously.
The Cisco 2100 series’ firewall throughput range, addresses use cases from the Internet edge to the data center. Network Equipment Building Standards (NEBS) - compliance is supported by the Cisco Firepower 2100 Series. This Series provides businesses with the confidence to pursue new digitization options. Knowing they have the security architecture designed to protect against the greatest threats to the network without affecting critical business functions.
“The Firepower 2100 Series NGFW sustains its throughput performance as threat services are added. They do this by uniquely incorporating an innovative dual multi-core CPU architecture that optimizes firewall, cryptographic, and threat inspection functions simultaneously. They won’t become a network bottleneck or lose effectiveness like competitors when threat inspection is turned on. Now, achieving security doesn’t come at the expense of network performance”
The Cisco 2100 Series firepower NGFW delivers business resiliency through superior threat defense in your network. They provide great network performance when threat inspection features are activated to keep your business running securely. They are now more simple to manage for improved IT efficiency and a lower total cost of ownership.
The Cisco Firepower 2100 Series can be deployed either as a Next-Generation Firewall (NGFW) or as a Next-Generation IPS (NGIPS). They are perfect for the Internet edge and all the way into the data center. Four new models are available.
- The Firepower 2110 and 2120 models offer a 1.9 and 2 Gbps of firewall throughput. They provide increased port density and up to sixteen (16), 1 Gbps ports in a Rack Unit form factor.
- The Firepower 2130 and 2140 models provide 5 and 8.5 Gbps of firewall throughput. These models differ from the others in that they can be customized through the use of network modules and NetMods. They have the potential for twenty-four (24), 1 Gbps ports in an RU appliance. Or up to twelve (12), 10 Gbps ports.
- The Firepower 2100 NGFW’s provide a uniquely sustained performance when supporting threat functions, such as IPS. This is achieved by using an innovative dual multi-core. Layer 2 and 3 functionality is processed on one NPU (Networking Processing Unit). Threat inspection and other services are processed on a separate multi-core (X86 CPU). By splitting the workload, we eliminate the performance degradation that occurs with competing solutions when turning on the threat inspection.
- The Firepower 2100 is the next generation of firewalls. The popularity of
the 2100 will be contingent on 2 things.
- The Price: If the firewall is too expensive, the consumer will most likely find another manufacturer and buy a cheaper model with similar specifications.
- The Feature Set: If the features of the ASA software isn’t implemented in the FTD soon, then the customer will be forced to the ASA X-Series or another manufacturer.
A ‘No Compromises’ Security Architecture
- Sustained throughput performance: When threat functions are enabled vs competing designs.
- Flexibility and future-proofing: Versus ASIC-based designs that inhibit the ability to add new defenses and functions.
- Fast Path: Accelerates flow not requiring threat inspection, further enhancing performance through the appliance.
Comparison of the Firepower 2100 Models
The Firepower 2110 and 2120 appliances come with 12 x 1 Gbit RJ-45 ports and 4 x 1Gbit SFP ports. This is a great rip and is a replacement option for the current owners of the ASA5525-X, ASA5545-X, and ASA5555-X firewalls. If you need to upgrade the firewall edge to 10Gbit you will need to buy either the 2130 or 2140 appliance. The Firepower 2130 and 2140 also come with the same 12 x 1Gbit RJ - 45 ports as the lower end 2100 models. Along with this, there are 4 x 10Gbit SFP+ports and the option to put a network module (NM) card to add an additional 8 x 10Gbit SFP+ ports. Fail-to-wire network modules will be available for these models.
Firepower 2110 | Firepower 2120 |
Up to 2.0 Gbps | Up to 3.0 Gbps |
Multiservice capable | Multiservice capable |
12 x 1 GE fixed, 4 SFP (1GE) ports | 12 x 1 GE fixed, 4 SFP (1GE) ports |
1 RU | 1 RU |
Firepower 2130 | Firepower 2140 |
Up to 5.0 Gbps | Up to 8.5 Gbps |
Multiservice capable | Multiservice capable |
Up to 24 x 1 GE or 12 x 1 GE and 12 x 10 GE ports | Up to 24 x 1 GE or 12 x 1 GE and 12 x 10 GE ports |
1 RU | 1 RU |
Licensing of Cisco 2100 Series Firepower
- L-FPR2140T-T: This license stands for the NGIPS feature in the Cisco Firepower 2100 Series
- L-FPR2140T-™: This license stands for the NGIPS+ AMP feature in the Cisco Firepower 2100 Series
- F-FPR2140T-TMC: This license stands for the NGIPS+AMP+URL filtering feature