Overblog
Edit post Follow this blog Administration + Create my blog
Cisco & Cisco Network Hardware News and Technology

Cisco Firepower 2100 Series, as a NGFW or a NGIPS

March 7 2018 , Written by Cisco & Cisco Router, Network Switch Published on #Networking, #NGFW, #Cisco Technology - IT News, #IT, #Technology

The new Cisco Firepower 2100 Series appliances help you achieve a better security doesn’t come at the expense of network performance.

Cisco Firepower 2100 Series can be deployed either as a Next-Generation Firewall (NGFW) or as a Next-Generation IPS (NGIPS). They are perfect for the Internet edge and all the way in to the data center.

Four new models are available: 2110, 2120, 2130, and 2140

• The Firepower 2110 and 2120 models offer 2.0 and 3 Gbps of firewall throughput, respectively. They provide increased port density and can provide up to sixteen (16) 1 Gbps ports in a 1 rack unit (RU) form factor.

• The Firepower 2130 and 2140 models provide 5 and 8.5 Gbps of firewall throughput, respectively. These models differ from the others in that they can be customized through the use of network modules, or NetMods. They can provide up to twenty-four (24) 1 Gbps ports in a 1 RU appliance, or to provide up to twelve (12) 10 Gbps ports.

Firepower 2100 NGFWs uniquely provide sustained performance when supporting threat functions, such as IPS. This is done using an innovative dual multi-core architecture. Layer 2 and 3 functionality is processed on one NPU (Network Processing Unit). Threat inspection and other services are processed on a separate multi-core x86 CPU. By splitting the workload, we minimize the performance degradation that you see with competing solutions when turning on threat inspection.

Firepower 2100 Series Appliance Performance Highlights

Features

Cisco Firepower Model

2110

2120

2130

2140

Throughput FW + AVC (Cisco Firepower Threat Defense)1

2.0 Gbps

3 Gbps

4.75 Gbps

8.5 Gbps

Throughput: FW + AVC + NGIPS (Cisco Firepower Threat Defense)1

2.0 Gbps

3 Gbps

4.75 Gbps

8.5 Gbps

1 HTTP sessions with an average packet size of 1024 bytes

2 1024 bytes TCP firewall performance

Learn more: Guide to the New Cisco Firepower 2100 Series

ASA Performance and Capabilities on Firepower 2100 Series Appliances

Features

Cisco Firepower Appliance Model

2110

2120

2130

2140

Stateful inspection firewall throughput1

3 Gbps

6 Gbps

10 Gbps

20 Gbps

Stateful inspection firewall throughput (multiprotocol)2

1.5 Gbps

3 Gbps

5 Gbps

10 Gbps

Concurrent firewall connections

1 million

1.5 million

2 million

3 million

Firewall latency (UDP 64B microseconds)

-

-

-

-

New connections per second

18000

28000

40000

75000

IPsec VPN throughput (450B UDP L2L test)

500 Mbps

700 Mbps

1 Gbps

2 Gbps

IPsec/Cisco AnyConnect/Apex site-to-site VPN peers

1500

3500

7500

10000

Maximum number of VLANs

400

600

750

1024

Security contexts (included; maximum)

2; 25

2; 25

2; 30

2; 40

High availability

Active/active and active/standby

Active/active and active/standby

Active/active and active/standby

Active/active and active/standby

Clustering

-

-

-

-

Scalability

VPN Load Balancing

Centralized management

Centralized configuration, logging, monitoring, and reporting are performed by Cisco Security Manager or alternatively in the cloud with Cisco Defense Orchestrator

Adaptive Security Device Manager

 

Web-based, local management for small-scale deployments

1 Throughput measured with User Datagram Protocol (UDP) traffic measured under ideal test conditions.

2 “Multiprotocol” refers to a traffic profile consisting primarily of TCP-based protocols and applications like HTTP, SMTP, FTP, IMAPv4, BitTorrent, and DNS.

3 In unclustered configuration.

More detailed data sheet of Cisco NGFW:

https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/datasheet-c78-736661.html

Firepower 2100 Series PIDs: See the show inventory and show inventory expand commands in the Cisco FXOS Troubleshooting Guide for the Firepower 2100 Series to display a list of the PIDs for your Firepower 2100. See Product IDs for a list of the product IDs (PIDs) associated with the 2100 series.

More Related

Finding the Sweet Spot–Firepower 2100

The New Cisco Firepower 2100 Series

How to Deploy the Cisco ASA FirePOWER Services in the Internet Edge, VPN Scenarios and Data Center?

The Most Common NGFW Deployment Scenarios

Share this post
Repost0
To be informed of the latest articles, subscribe:
Comment on this post
D
http://www.routexp.com/2017/05/cisco-firepower-next-generations.html
Reply
D
What about the AVC feature in the NGFW ? I saw some articles on www.routexp.com but i am not sure if you can explain something on AVC and URL filtering please
Reply