Shanghai Chucheng Information Technology Co.,Ltd.

Date: 3rd November 2016
Cisco Firepower 4110& Firepower 4120 And Firepower 4140 And 9300
Cisco Firepower Next-Generation FirewallsThe Cisco Firepower??next-generation firewall (NGFW) is the industry's first fully?integrated, threat-focused next-gen firewall with unified management. It uniquely?provides advanced threat protection before, during, and after attacks.Performance HighlightsTable 1 summarizes the performance highlights of the Cisco Firepower NGFW 4100 Series and 9300 SecurityAppliances and select Cisco ASA 5500-X appliances.Table 1. Performance Highlights?HTTP sessions with an average packet size of 1024 bytes.Note: NGFW performance varies depending on network and traffic characteristics. Consult your Cisco representative for?detailed sizing guidance. Performance is subject to change with new software releases.Platform SupportThe Cisco Firepower NGFW includes Application Visibility and Control (AVC), optional Firepower next-gen IPS?(NGIPS), Cisco Advanced Malware Protection (AMP) for Networks, and URL Filtering. The Cisco Firepower 4100?Series and Cisco Firepower 9300 NGFW appliances use the Cisco Firepower Threat Defense software image.?Alternatively, these appliances can support the Cisco Adaptive Security Appliance (ASA) software image. The?Cisco Firepower Management Center (formerly FireSIGHT) provides unified management of the Cisco Firepower?NGFW, as well as Cisco Firepower NGIPS and Cisco AMP for Networks. Also available, on select Cisco Firepower?appliances, and direct from Cisco, is the Radware Virtual DefensePro (vDP) distributed denial of service (DDoS)?mitigation capability.Cisco Firepower 4100 Series AppliancesThe Cisco Firepower 4100 Series is a family of four threat-focused NGFW security platforms. Their maximum?throughput ranges from 35 to 75 Gbps, addressing use cases from the Internet edge to the data center. They?deliver superior threat defense, at faster speeds, with a smaller footprint.Cisco Firepower 9300 Security ApplianceThe Cisco Firepower 9300 is a scalable (beyond 1 Tbps when clustered), carrier-grade, modular platform designed?for service providers, high-performance computing centers, data centers, campuses, high-frequency trading?environments, and other environments that require low (less than 5-microsecond offload) latency and exceptional?throughput. Cisco Firepower 9300 supports flow-offloading, programmatic orchestration, and the management of?security services with RESTful APIs. It is also available in Network Equipment Building Standards (NEBS)-compliant configurations.Cisco ASA 5500-FTD-X Series AppliancesThe Cisco ASA 5500-FTD-X Series is a family of eight threat-focused NGFW security platforms. Their maximum?throughput ranges from 750 Mbps to 4 Gbps, addressing use cases from the small or branch office to the Internet?edge. They deliver superior threat defense in a cost-effective footprint.Performance Specifications and Feature HighlightsTable 2 summarizes the capabilities of the Cisco Firepower NGFW 4100 Series and 9300 appliances and the?Cisco ASA 5500-FTD-X appliances when running the Cisco Firepower Threat Defense image.Table 2. Performance2?Specifications and Feature Highlights with the Firepower Threat Defense Image1 HTTP sessions with an average packet size of 1024 bytes.2Performance will vary depending on features activated and network traffic protocol mix and packet size characteristics.Performance is subject to change with new software releases. Consult your Cisco representative for detailed sizing guidance.Table 3 summarizes the performance and capabilities of the Cisco Firepower 4100 Series and 9300 appliances?when running the ASA image. For Cisco ASA 5500-X Series performance specifications with the ASA image,?please visit the Cisco ASA with FirePOWER Services data sheet.Table 3. ASA Performance and Capabilities1Throughput measured with User Datagram Protocol (UDP) traffic measured under ideal test conditions.2"Multiprotocol" refers to a traffic profile consisting primarily of TCP-based protocols and applications like HTTP, SMTP, FTP,?IMAPv4, BitTorrent, and DNS.3Available for the firewall feature set.4In unclustered configuration.Hardware SpecificationsTables 4 and 5 summarize the hardware specifications for the 4100 Series and 9300, respectively. Table 6?summarizes regulatory standards compliance. For Cisco ASA 5500-X series hardware specifications, please visit?the Cisco ASA with FirePOWER Services data sheet.Table 4. Cisco Firepower 4100 Series Hardware Specifications1Dual power supplies are hot-swappable.2DC power option is expected on Cisco Firepower 4110 and 4120 in the second half of 2016.Table 5. Cisco Firepower 9300 Hardware Specifications* Minimum turn-on voltage is -44V DCTable 6. Cisco Firepower 4100 Series and Cisco Firepower 9300 NEBS, Regulatory, Safety, and EMC Compliance ?Cisco Trust Anchor TechnologiesCisco Trust Anchor Technologies provide a highly secure foundation for certain Cisco products. They enable?hardware and software authenticity assurance for supply chain trust and strong mitigation against a man-in-themiddle?compromise of software and firmware.Trust Anchor capabilities include:? Image signing: Cryptographically signed images provide assurance that the firmware, BIOS, and other?software are authentic and unmodified. As the system boots, the system's software signatures are checked?for integrity.? Secure Boot: Secure Boot anchors the boot sequence chain of trust to immutable hardware, mitigating?threats against a system's foundational state and the software that is to be loaded, regardless of a user's?privilege level. It provides layered protection against the persistence of illicitly modified firmware.? Trust Anchor module: A tamper-resistant, strong-cryptographic, single-chip solution provides hardware?authenticity assurance to uniquely identify the product so that its origin can be confirmed to Cisco, providing?assurance that the product is genuine.Radware Virtual DefensePro DDoS MitigationRadware Virtual DefensePro (vDP) DDoS Mitigation is available and supported directly from Cisco on the Cisco?Firepower 4120, 4140, 4150 and 9300 with the ASA software image. Plans are to make it available on these?platforms with the Firepower Threat Defense software image in the future. Radware's DefensePro DDoS mitigation?capability is an award-winning, real-time, perimeter attack mitigation solution that protects organizations against?emerging network and application threats. It protects the application infrastructure against network and application?downtime (or slow time), helping organizations win the ongoing security battle against availability attacks.Radware DDoS Mitigation: Protection SetRadware DDoS mitigation consists of patent-protected, adaptive, behavioral-based real-time signature technology?that detects and mitigates zero-day network and application DDoS attacks in real time. It eliminates the need for?human intervention and does not block legitimate user traffic when under attack.The following attacks are detected and mitigated:? SYN flood attacks? Network DDoS attacks, including IP floods, ICMP floods, TCP floods, UDP floods, and IGMP floods? Application DDoS attacks, including HTTP floods and DNS query floods? Anomalous flood attacks, such as nonstandard and malformed packet attacksPerformanceThe performance figures in Table 7 are for Cisco Firepower 9300 with a single (SM-24 or SM-36) Security Module.Table 7. Key DDoS Performance Metrics with Cisco Firepower 9300Ordering InformationCisco Smart LicensingThe Cisco Firepower NGFW is sold with Cisco Smart Licensing. Cisco understands that purchasing, deploying,?managing, and tracking software licenses is complex. As a result, we are introducing Cisco Smart Software?Licensing, a standardized licensing platform that helps customers understand how Cisco software is used across?their network, thereby reducing administrative overhead and operating expenses.With Smart Licensing, you have a complete view of software, licenses, and devices from one portal. Licenses are?easily registered and activated and can be shifted between like hardware platforms. Additional information is?available here: Related information, on?Smart Licensing Smart Accounts, is available here: Smart Net Total Care Support: Move Quickly with Anytime Access?to Cisco Expertise and ResourcesCisco Smart Net Total Care??is an award-winning technical support service that gives your IT staff direct anytime?access to Technical Assistance Center (TAC) engineers and resources. You receive the fast, expert?response and the dedicated accountability you require to resolve critical network issues.Smart Net Total Care provides the following device-level support:? Global access 24 hours a day, 365 days a year to specialized engineers in the Cisco TAC? Anytime access to the extensive online knowledge base, resources, and tools? Hardware replacement options include 2-hour, 4-hour, next-business-day (NDB) advance replacement, as?well as return for repair (RFR)? Ongoing operating system software updates, including both minor and major releases within your licensed?feature set? Proactive diagnostics and real-time alerts on select devices with Smart Call HomeIn addition, with the optional Cisco Smart Net Total Care Onsite Service, a field engineer installs replacement parts?at your location and helps ensure that your network operates optimally. For more information on Smart Net Total?Care please visit: Part NumbersTables 8 and 9 provide details on part numbers for Cisco Firepower NGFW solutions. Please consult the Ordering?Guide for additional configuration options and accessories.Table 8. Cisco Firepower 4100 Series: Select Product ComponentsTable 9. Cisco Firepower 9300: Select Product Components*Note: Firepower 9300 may also be deployed as a dedicated threat sensor, with fail-to-wire network modules.Please contact your Cisco representative for details.Warranty InformationFind warranty information on at the Product Warranties page.Cisco ServicesCisco offers a wide range of service programs to accelerate customer success. These innovative services?programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high?levels of customer satisfaction. Cisco Services help you protect your network investment, optimize network?operations, and prepare your network for new applications to extend network intelligence and the power of your?business. For more information about Cisco services for security, visit CapitalFinancing to Help You Achieve Your ObjectivesCisco Capital??financing can help you acquire the technology you need to achieve your objectives and stay?competitive. We can help you reduce CapEx. Accelerate your growth. Optimize your investment dollars and ROI.Cisco Capital financing gives you flexibility in acquiring hardware, software, services, and complementary third-? 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 12 of 12?party equipment. And there's just one predictable payment. Cisco Capital is available in more than 100 countries.Learn more.