Cisco Firepower 2100 Series, as a NGFW or a NGIPS
The new Cisco Firepower 2100 Series appliances help you achieve a better security doesn’t come at the expense of network performance.
Cisco Firepower 2100 Series can be deployed either as a Next-Generation Firewall (NGFW) or as a Next-Generation IPS (NGIPS). They are perfect for the Internet edge and all the way in to the data center.
Four new models are available: 2110, 2120, 2130, and 2140

• The Firepower 2110 and 2120 models offer 2.0 and 3 Gbps of firewall throughput, respectively. They provide increased port density and can provide up to sixteen (16) 1 Gbps ports in a 1 rack unit (RU) form factor.
• The Firepower 2130 and 2140 models provide 5 and 8.5 Gbps of firewall throughput, respectively. These models differ from the others in that they can be customized through the use of network modules, or NetMods. They can provide up to twenty-four (24) 1 Gbps ports in a 1 RU appliance, or to provide up to twelve (12) 10 Gbps ports.
• Firepower 2100 NGFWs uniquely provide sustained performance when supporting threat functions, such as IPS. This is done using an innovative dual multi-core architecture. Layer 2 and 3 functionality is processed on one NPU (Network Processing Unit). Threat inspection and other services are processed on a separate multi-core x86 CPU. By splitting the workload, we minimize the performance degradation that you see with competing solutions when turning on threat inspection.
Firepower 2100 Series Appliance Performance Highlights
Features | Cisco Firepower Model | |||
2110 | 2120 | 2130 | 2140 | |
Throughput FW + AVC (Cisco Firepower Threat Defense)1 | 2.0 Gbps | 3 Gbps | 4.75 Gbps | 8.5 Gbps |
Throughput: FW + AVC + NGIPS (Cisco Firepower Threat Defense)1 | 2.0 Gbps | 3 Gbps | 4.75 Gbps | 8.5 Gbps |
1 HTTP sessions with an average packet size of 1024 bytes
2 1024 bytes TCP firewall performance
Learn more: Guide to the New Cisco Firepower 2100 Series
ASA Performance and Capabilities on Firepower 2100 Series Appliances
Features | Cisco Firepower Appliance Model | |||
2110 | 2120 | 2130 | 2140 | |
Stateful inspection firewall throughput1 | 3 Gbps | 6 Gbps | 10 Gbps | 20 Gbps |
Stateful inspection firewall throughput (multiprotocol)2 | 1.5 Gbps | 3 Gbps | 5 Gbps | 10 Gbps |
Concurrent firewall connections | 1 million | 1.5 million | 2 million | 3 million |
Firewall latency (UDP 64B microseconds) | - | - | - | - |
New connections per second | 18000 | 28000 | 40000 | 75000 |
IPsec VPN throughput (450B UDP L2L test) | 500 Mbps | 700 Mbps | 1 Gbps | 2 Gbps |
IPsec/Cisco AnyConnect/Apex site-to-site VPN peers | 1500 | 3500 | 7500 | 10000 |
Maximum number of VLANs | 400 | 600 | 750 | 1024 |
Security contexts (included; maximum) | 2; 25 | 2; 25 | 2; 30 | 2; 40 |
High availability | Active/active and active/standby | Active/active and active/standby | Active/active and active/standby | Active/active and active/standby |
Clustering | - | - | - | - |
Scalability | VPN Load Balancing | |||
Centralized management | Centralized configuration, logging, monitoring, and reporting are performed by Cisco Security Manager or alternatively in the cloud with Cisco Defense Orchestrator | |||
Adaptive Security Device Manager |
Web-based, local management for small-scale deployments |
1 Throughput measured with User Datagram Protocol (UDP) traffic measured under ideal test conditions.
2 “Multiprotocol” refers to a traffic profile consisting primarily of TCP-based protocols and applications like HTTP, SMTP, FTP, IMAPv4, BitTorrent, and DNS.
3 In unclustered configuration.
More detailed data sheet of Cisco NGFW:
https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/datasheet-c78-736661.html
Firepower 2100 Series PIDs: See the show inventory and show inventory expand commands in the Cisco FXOS Troubleshooting Guide for the Firepower 2100 Series to display a list of the PIDs for your Firepower 2100. See Product IDs for a list of the product IDs (PIDs) associated with the 2100 series.
More Related
Finding the Sweet Spot–Firepower 2100
The New Cisco Firepower 2100 Series
How to Deploy the Cisco ASA FirePOWER Services in the Internet Edge, VPN Scenarios and Data Center?