Overview

Features

The Cisco Firepower 4100 is a standalone modular security services platform. It is capable of running multiple security services simultaneously and so is targeted at the data center as a multiservice platform. The series includes the Firepower 4112, 4115, 4125, and 4145. See Product ID Numbers for a list of the product IDs (PIDs) associated with the 4100 series.

The Firepower 4100 supports Cisco Secure Firewall Threat Defense, Cisco Secure Firewall eXtensible Operating System (FXOS), and Cisco Secure Firewall ASA software. See Cisco Firepower 4100/9300 FXOS Compatibility, which lists software and hardware compatibility information for the Firepower 4100 series.

The following figure shows the Firepower 4100.
Figure 1. Firepower 4100

The following table lists the features for the Firepower 4100.

Table 1. Firepower 4100 Features

Feature

4112

4115

4125

4145

Form factor

1 RU

Fits a standard 19-inch (48.3cm) square-hole rack

Rack mount

Slide rails, mount ears, and screws included (4-post EIA-310-D rack)

Airflow

Front to rear

Cold aisle to hot aisle

Processor

One 12-core 2.1-GHz Intel Xeon 4116

Two 12-core 2.1-GHz Intel Xeon 4116

Two 16-core 2.1-GHz Intel Xeon 6130T

Two 22-core 2.1-GHz Intel Xeon 6152

Memory

96-GB DRAM

6 x 16-GB DDR4-2400

192-GB DRAM

12 x 16-GB DDR4-2400

192-GB DRAM

12 x 16-GB DDR4-2666

384-GB DRAM

12 x 32-GB DDR4-2666

Maximum number of interfaces

24

With two 8-port network modules installed

Management port

One Gigabit Ethernet

Supports 1-Gb fiber or copper SFPs

Serial port

One RJ-45 console

USB port

One USB 2.0 Type A

Network ports

Eight fixed 1-Gb and 10-Gb SFP+ ports (named Ethernet 1/1 through 1/8)

Small form-factor pluggable (SFP) ports

Eight fixed 1-Gb and 10-Gb SFP+ ports

Pullout asset card

Displays the serial number; on the front panel

Grounding lug

On rear panel

Locator beacon

On front panel

Power switch

On rear panel
Network modules

Two network module slots (network module 2 and network module 3)

Supported network modules

  • 8-port 10-Gigabit Ethernet SFP+

  • 4-port 40-Gigabit Ethernet QSFP+

  • 2-port 100-Gigabit Ethernet QSFP28

    Note

     

    First supported in threat defense 7.3.1 and ASA 9.18.1.

  • 8-port 1-Gigabit Ethernet copper with hardware bypass

  • 2-port 40-Gigabit Ethernet QSFP+ (built-in) with hardware bypass

  • 6-port 1-Gigabit Ethernet SX fiber SFP (built-in) with hardware bypass

  • 6-port 10-Gigabit Ethernet SR fiber SFP+ (built-in) with hardware bypass

  • 6-port 10-Gigabit Ethernet LR fiber SFP+ (built-in) with hardware bypass

AC power supply

Two (1+1) power supply module slots

Ships with one 1100-W AC power supply module

Hot-swappable

Two (1+1) power supply module slots

Ships with two 1100-W AC power supply modules

Hot-swappable

DC power supply (optional)

Two (1+1) power supply module slots

950-W DC power supply module

Hot-swappable

Redundant power

1+1

Fan

Six fan module slots

5+1 redundancy

Hot-swappable

Storage

Two SSD slots

Ships with one 400-GB SSD installed in slot 1. Slot 1 is the primary SSD and should always be present. Slot 1 is reserved for the logical device application instance (threat defense or ASA).

Note

 

RAID is not supported.

Caution

 

The SSD must be installed in slot 1. Slot 2 is reserved only for the optional Malware Storage Pack (MSP).

Two SSD slots

Ships with one 800-GB SSD installed in slot 1. Slot 1 is the primary SSD and should always be present. Slot 1 is reserved for the logical device application instance (threat defense or ASA).

Note

 

RAID is not supported.

Caution

 

The SSD must be installed in slot 1. Slot 2 is reserved only for the optional MSP.

MSP (optional)

Installed in the second SSD slot only

Network Equipment Building Systems (NEBS) certification

Certified

Security standards certifications

  • Common Criteria (CC) certification for the Network Device Collaborative Protection Profile (NDcPPv2.2E), VPN Gateway Module (VPNGW_MOD_v1.1), and Firewall Module (FW_MOD_v1.4e) for ASA 9.16.x.

  • Common Criteria (CC) and Commercial Solutions for Classified (CSFC) for FTD 6.2.x.

  • CC for the Network Device Collaborative Protection Profile (NDcPPv2.1) for ASA 9.12.x and FX-OS 2.6.x.

  • Federal Information Processing Standards (FIPS) 140-2 on ASA 9.12.x, FTD 6.4.x, and FX-OS 2.6.x.

  • Department of Defense Information Network Approved Product List (DoDIN APL) for ASA 9.12.x and FTD 6.4.x.

  • US Government Compliance for IPv6 (USGv6) for ASA 9.8.x and FTD 6.2.x.

Note

 

Firepower 4112 has not yet completed the above certifications.

Note

 

See the "Security Certifications Compliance" chapter in the Cisco FXOS CLI Configuration Guide or Cisco FXOS Firepower Chassis Manager Configuration Guide for the procedure to enable security modes.

Deployment Options

Here are some examples of how you can deploy the Firepower 4100:

  • In a data center using NGFW and ASA

  • At the core/aggregation layer of a 3-tier data center in a high availability configuration

  • As a dedicated multifunctional security service within converged infrastructure stacks, for example, vBlock, FlexPod, and so forth, at the access layer

  • As a high-performance data center security appliance between the WAN edge and the data center core in a high availability configuration

  • Inter-DC clustering deployments

  • In newer spine/leaf data center designs, deployment as a leaf that exclusively offers security functions

Package Contents

The following figure shows the package contents for the Firepower 4100. Note that the contents are subject to change and your exact contents might contain additional or fewer items.

Figure 2. Firepower 4100 Package Contents

1

Firepower 4100 chassis

2

Blue console cable PC terminal adapter (part number 72-3383-01)

3

Two power cords (country-specific)

See Power Cord Specifications for a list of supported power cords.

4

10/100/1000BASE-T SFP transceiver

5

Ground lug kit (part number 69-1000359-01):

  • One ground lug #6 AWG, 90 degree, #10 post (part number 32-0608-01)

  • Two 10-32 x 39-8-inch Phillips Head screws (part number 48-0700-01)

6

Cable management bracket kit (part number 69-100376-01)

  • Two cable management brackets (part number 700-106377-01)

  • Four 8-32 x 0.375-inch Phillips screws (part number 48-2696-01)

7

Two slide rails with two M3 x 0.5 x 6-mm screws (48-101144-01)

8

Two slide rail locking brackets (part number 700-105350-02)

Six 8-32 x 0.375-inch Phillips screws (part number 48-2696-01)

9

Artesyn tie wrap and tie wrap clamp (part number 52-100204-01)

10

Flextronics tie wrap and tie wrap clamp (part number 52-100202-01)

11

Cisco Secure Firepower 4100

This document has a URL and QR code that point to the Digital Documentation Portal. The portal contains links to the Product Information page, the Hardware Installation Guide, the Regulatory and Safety Information Guide, the Getting Started Guide, and the Easy Deployment Guide.

Serial Number Location

The serial number for the Firepower 4100 series chassis is located on the pullout asset card on the front panel.

Figure 3. Serial Number on the 4100 Chassis

You can also view additional model information on the compliance label located on the bottom of the chassis.

Figure 4. Compliance Label on the 4100 Chassis

Front Panel

The following figure shows the front panel of the Firepower 4100.

Figure 5. Firepower 4100 Front Panel

1

RJ-45 console port

2

Gigabit Ethernet management port

3

USB 2.0 Type A port

4

Eight fixed SFP+ (1-Gb/10-Gb) ports (in network module slot 1)

Ethernet 1/1 through 1/8 labeled top to bottom, left to right

5

SSD 1

Reserved for the primary SSD; slot 1 must always be populated.

6

SSD 2

Reserved for the optional MSP.

7

Power LED

8

Locator LED

9

Pullout asset card

10

Network module 2

Note

 
The 10-Gb network module is shown.

11

Network module 3

Note

 
The 10-Gb network module is shown.
RJ-45 Console Port

The Firepower 4100 has a standard RJ-45 console port. You can use the CLI to configure your Firepower 4100 through the RJ-45 serial console port by using a terminal server or a terminal emulation program on a computer.

The RJ-45 (8P8C) port supports RS-232 signaling to an internal UART controller. The console port does not have any hardware flow control, and does not support a remote dial-in modem. The baud rate is 9600. You can use the standard cable found in your accessory kit to convert the RJ-45 to DB-9 if necessary.

Type A USB Port

You can use the external USB Type A port to attach a data storage device. The external USB drive identifier is disk1:. The USB Type A port supports the following:

  • Hot swapping

  • USB drive formatted with FAT32

  • Boot kick-start image from the Supervisor ROMMON for discovery recovery purposes

  • Copy files to and from workspace:/ and volatile:/ within local-mgmt. The most relevant files are:

    • Core files

    • Ethanalyzer packet captures

    • Tech-support files

    • Security module log files

  • Platform bundle image upload using download image usbA:

The USB Type A port does not support Cisco Secure Package (CSP) image upload.

Network Ports

The Firepower 4100 chassis has eight fixed ports that require 1-Gb/10-Gb SFP/SFP+ transceivers (fiber or copper). They are numbered from left to right starting with 1 and are named Ethernet 1/1 through Ethernet 1/8. The 4100 also has two network module slots that support different numbers of ports depending on the network module. See Network Modules for the supported network modules. See for Supported SFP/SFP+ and QSFP Transceivers the list of supported transceivers.

Each port has LEDs that represent link/activity status.

Management Port

The Firepower 4100 chassis has a management port that requires a 1-Gb fiber or copper SFP.

Front Panel LEDs

The following figure and table describe the Firepower 4100 front panel LEDs.

Figure 6. Front Panel LEDs

1

Management

  • Off—No connection or port is not in use.

  • Amber—No link or network failure.

  • Green—Link up.

  • Green, flashing—Network activity.

2

Health (SYS)

  • Off—System is not booting yet.

  • Green, flashing—Power-up diagnostics are complete and system is booting up.

  • Green—The system has passed power-up diagnostics.

  • Amber—Power-up diagnostics has failed.

  • Amber, flashing—Alarm; power-up diagnostics are running.

3

SSD

  • Off— SSD not present.

  • Green—SSD is present; no activity.

  • Green, flashing—SSD is active.

  • Amber—SSD failure.

  • Amber, flashing—Rebuilding, flashes at 1 Hz.

  • Amber, flashing—Predictive failure analysis (PFA) and hot spare; two fast flashes at 4 Hz, pause for 0.5 seconds.

4

Power

  • Off—Input power not detected.

  • Green, flashing—Appears only when you move the power switch from ON to OFF. System is shutting down and powers off once shutdown is completed.

  • Amber—System is powering up.

  • Green—System fully powered up.

  • Amber, flashing—Reserved.

5

Active (ACT)

This LED is not supported; reserved for future use.

6

Locator LED

  • Off—Locate is off.

  • Blue—Locate is on.

7

Network activity

  • Off—No connection or port is not in use.

  • Amber—No link or network failure.

  • Green—Link up.

  • Green, flashing—Network activity.

Rear Panel

The following figure shows the rear panel of the Firepower 4100.

Figure 7. Firepower 4100 Rear Panel

1

Power on/off switch

2

Power supply module 1

3

Power supply module 2

4

Fan module 1

5

Fan module 2

6

Fan module 3

7

Fan module 4

8

Fan module 5

9

Fan module 6

10

Location for the two-post grounding lug

Note

 

The two-post grounding lug is included in the accessory kit.

The power switch is located to the left of power supply module 1 on the rear of the chassis. It is a toggle switch that controls power to the system. If the power switch is in standby position, only the 3.3-V standby power is enabled from the power supply module and the 12-V main power is OFF. When the switch is in the ON position, the 12-V main power is turned on and the system boots.

You can shut down the chassis in one of two ways:

  • Perform a graceful shutdown using the shutdown commands (see the FXOS CLI Configuration Guide for the procedure). This may take several minutes to complete. Then toggle the power switch to the OFF position. The power LED changes from solid green to off immediately.


    Caution

    If you move the power switch to the OFF position before the shutdown command sequence is complete or if you remove the system power cords before the graceful shutdown is complete, disk corruption can occur.

  • Toggle the power switch to the OFF position. The power LED changes from solid green to off.


Note

After removing power from the chassis either by moving the power switch to OFF or unplugging the power cord, wait at least 10 seconds before turning power back ON.

Network Modules

The Firepower 4100 contains two network module slots that provide optical or electrical network interfaces. Network modules are optional, removable I/O modules that provide either additional ports or different interface types (1/10/40 Gb). The Firepower network modules plug into the chassis on the front panel.

For More Information

10-Gb Network Module

The following figure shows the front panel of the 10-Gb network module (FPR4K-NM-8X10G). The FPR4K-NM-8X10G is a single-wide module that supports hot swapping. The eight ports are numbered from top to bottom, left to right.


Note

Make sure you have the correct firmware package and software version installed to support this network module. For instructions on how to verify your firmware package version and to upgrade the firmware if necessary, see the Cisco Firepower 4100/9300 FXOS Firmware Upgrade Guide. See Cisco Firepower 4100/9300 FXOS Compatibility for the software compatibility matrix.


Note

The FPR4K-NM-8X10G is NEBS-compliant.


Note

You can fit four copper SFPs in either the top row of ports or the bottom row of ports. Both rows cannot be populated at the same time, because of the port row spacing.

Figure 8. FPR4K-NM-8X10G

1

Captive screw/handle

2

Ethernet X/1

3

Ethernet X/3

4

Ethernet X/5

5

Ethernet X/7

6

Ethernet X/2

7

Ethernet X/4

8

Ethernet X/6

9

Ethernet X/8

10

Network activity LEDs

  • Off—No connection or port is not in use.

  • Amber—No link or network failure.

  • Green—Link up.

  • Green, flashing—Network activity.

For More Information

40-Gb Network Module

The following figure shows the front panel of the 40-Gb network module (FPR4K-NM-4X40G.) The FPR4K-NM-4X40G is a single-wide module that supports hot swapping. The four ports are numbered left to right.


Note

Make sure you have the correct firmware package and software version installed to support this network module. For instructions on how to verify your firmware package version and to upgrade the firmware if necessary, see the Cisco Firepower 4100/9300 FXOS Firmware Upgrade Guide. See Cisco Firepower 4100/9300 FXOS Compatibility for the software compatibility matrix.


Note

The FPR4K-NM-4X40G is NEBS-compliant.

Figure 9. FPR4K-NM-4X40G

1

Captive screw/handle

2

Network activity LEDs

  • Off—No connection or port is not in use.

  • Amber—No link or network failure.

  • Green—Link up.

  • Green, flashing—Network activity.

  • 40Gb—Only the leftmost LED indicates the port status.

  • 4x10Gb—Each of the port LEDS indicates the status of respective 10-Gb channel.

3

Ethernet X/1

4

Ethernet X/2

5

Ethernet X/3

6

Ethernet X/4

100-Gb Network Module

The following figure shows the front panel of the 100-Gb network module (FPR4K-NM-2X100G). The FPR4K-NM-2X100G is a two-port single-wide module that supports hot swapping. The two ports are numbered left to right. The FPR4K-NM-2X100G is first supported in FTD 7.2 and ASA 9.18.


Note

Make sure you have the correct firmware package and software version installed to support this network module. For instructions on how to verify your firmware package version and to upgrade the firmware if necessary, see the Cisco Firepower 4100/9300 FXOS Firmware Upgrade Guide. See Cisco Firepower 4100/9300 FXOS Compatibility for the software compatibility matrix.

Figure 10. FPR4K-NM-2X100G

1

Power LED

2

Network activity LEDs

  • Off—No connection or port is not in use.

  • Amber—No link or network failure.

  • Green—Link up.

  • Green, flashing—Network activity.

3

Network activity LEDs

  • Off—No connection or port is not in use.

  • Amber—No link or network failure.

  • Green—Link up.

  • Green, flashing—Network activity.

4

Ethernet X/1

5

Ethernet X/2

6

Captive screw/handle

Hardware Bypass Network Modules

Hardware bypass (also known as fail-to-wire) is a physical layer (Layer 1) bypass that allows paired interfaces to go into bypass mode so that the hardware forwards packets between these port pairs without software intervention. Hardware bypass provides network connectivity when there are software or hardware failures. Hardware bypass is useful on ports where the Firepower security appliance is only monitoring or logging traffic. The hardware bypass network modules have an optical switch that is capable of connecting the two ports when needed. The hardware bypass network modules have built-in SFPs.

Hardware bypass is supported only on a fixed set of ports. You can pair Port 1 with Port 2, Port 3 with Port 4, but you cannot pair Port 1 with Port 4 for example.


Note

When the appliance switches from normal operation to hardware bypass or from hardware bypass back to normal operation, traffic may be interrupted for several seconds. A number of factors can affect the length of the interruption; for example, behavior of the optical link partner such as how it handles link faults and debounce timing; spanning tree protocol convergence; dynamic routing protocol convergence; and so on. During this time, you may experience dropped connections.

There are three configuration options for hardware bypass network modules:

  • Passive interfaces—Connection to a single port.

    For each network segment you want to monitor passively, connect the cables to one interface. This is how the nonhardware bypass network modules operate.

  • Inline interfaces—Connection to any two like ports (10 Gb to 10 Gb for example) on one network module, across network modules, or fixed ports.

    For each network segment you want to monitor inline, connect the cables to pairs of interfaces.

  • Inline with hardware bypass interfaces—Connection of a hardware bypass paired set.

    For each network segment that you want to configure inline with fail-open, connect the cables to the paired interface set.

    For the 40-Gb network module, you connect the two ports to form a paired set. For the 1/10-Gb network modules, you connect the top port to the bottom port to form a hardware bypass paired set. This allows traffic to flow even if the security appliance fails or loses power.


Note

If you have an inline interface set with a mix of hardware bypass and nonhardware bypass interfaces, you cannot enable hardware bypass on this inline interface set. You can only enable hardware bypass on an inline interface set if all the pairs in the inline set are valid hardware bypass pairs.

For More Information

1-Gb Network Module with Hardware Bypass

The following figure shows the front panel view of the 1-Gb network module with hardware bypass (FPR-NM-8X1G-F). Pair ports 1 and 2, 3 and 4, 5 and 6, and 7 and 8 to form hardware bypass paired sets.


Note

Make sure you have the correct firmware package and software version installed to support this network module. For instructions on how to verify your firmware package version and to upgrade the firmware if necessary, see the Cisco Firepower 4100/9300 FXOS Firmware Upgrade Guide. See Cisco Firepower 4100/9300 FXOS Compatibility for the software compatibility matrix.

Figure 11. FPR-NM-8X1G-F

1

Captive screw/handle

2

Bypass LEDs B1 through B4

  • Green—In standby mode.

  • Amber, flashing—Port is in hardware bypass mode, failure event.

3

Ethernet X/1

Ports 1 and 2 are paired together to form a hardware bypass pair. LED B1 applies to this paired port.

4

Ethernet X/2

Ports 3 and 4 are paired together to form a hardware bypass pair. LED B2 applies to this paired port.

5

Ethernet X/2

Ports 5 and 6 are paired together to form a hardware bypass pair. LED B3 applies to this paired port.

6

Ethernet X/2

Ports 7 and 8 are paired together to form a hardware bypass pair. LED B4 applies to this paired port.

7

Network activity LEDs

  • Left LED—Green indicates network activity when a 10M/100M/1G connection is made.

  • Right LED—Not in use at this time.

40-Gb Network Module with Hardware Bypass

The following figure shows the front panel of the 40-Gb hardware bypass network module (FPR4K-NM-2X40G-F). The FPR4K-NM-2X40G-F is a single-wide module that does not support hot swapping. The two ports are numbered left to right. Pair the two ports to create a hardware bypass paired set.


Note

Make sure you have the correct firmware package and software version installed to support this network module. For instructions on how to verify your firmware package version and to upgrade the firmware if necessary, see the Cisco Firepower 4100/9300 FXOS Firmware Upgrade Guide. See Cisco Firepower 4100/9300 FXOS Compatibility for the software compatibility matrix.

Figure 12. FPR4K-NM-2X40G-F

1

Captive screw/handle

2

Port 1 Ethernet X/1

Ports 1 and 2 are paired together to form a hardware bypass pair.

3

Port 2 Ethernet X/2

Ports 1 and 2 are paired together to form a hardware bypass pair.

4

Port 1 network activity LEDs:

  • Amber—No connection, or port is not in use, or no link or network failure.

  • Green—Link up, no network activity.

  • Green, flashing—Network activity.

5

BP (bypass LED):

  • Green—In standby mode.

  • Amber, flashing—Port is in hardware bypass mode, failure event.

6

Port 2 network activity LEDs:

  • Amber—No connection, or port is not in use, or no link or network failure.

  • Green—Link up, no network activity.

  • Green, flashing—Network activity.

The following table describes the cable specifications needed to keep the insertion loss as low as possible.
Table 2. 40-Gb BASE-SR Cable Specifications

Interface

Supported Cable

Ethernet 40-G BASE-SR4

50 microns core diameter

850 nm wavelength

2000/4700 (OM3/4) modal bandwidth (MHz*km)

MPO-12 port adapter

50 m cable distance

Note

See the Cisco 40GBASE QSFP Modules Data Sheet for specifications of the QSFP for the 40-Gb BASE-SR-4.

We recommend the following Cisco OM3 MTP/MPO cables.

Table 3. Cisco Cables

Cisco Part Number

Cable Length

CAB-ETH-40G-5M

5 m

CAB-ETH-40G-10M

10 m

CAB-ETH-40G-20M

20 m

1-Gb SX/10-Gb SR/10-Gb LR Network Module with Hardware Bypass

The following figure shows the front panel of the 1-Gb SX, 10-Gb SR and 10-Gb LR hardware bypass network modules (FPR4K-NM-6X1SX-F, FPR4K-NM-6X10SR-F, FPR4K-NM-6X10LR-F). This is a single-wide module that does not support hot swapping. The six ports are numbered from top to bottom, left to right. Pair ports 1 and 2, 3 and 4, and 5 and 6 to form hardware bypass paired sets.


Note

Make sure you have the correct firmware package and software version installed to support this network module. For instructions on how to verify your firmware package version and to upgrade the firmware if necessary, see the Cisco Firepower 4100/9300 FXOS Firmware Upgrade Guide. See Cisco Firepower 4100/9300 FXOS Compatibility for the software compatibility matrix.

Figure 13. FPR4K-NM-6X1SX-F, FPR4K-NM-6X10SR-F, FPR4K-NM-6X10LR-F

1

Captive screw/handle

2

Six network activity LEDs:

  • Amber—No connection, or port is not in use, or no link or network failure.

  • Green—Link up, no network activity.

  • Green, flashing—Network activity.

3

Ethernet X/1 (top port)

Ethernet X/2 (bottom port)

Ports 1 and 2 are paired together to form a hardware bypass pair.

4

Ethernet X/3 (top port)

Ethernet X/4 (bottom port)

Ports 3 and 4 are paired together to form a hardware bypass pair.

5

Ethernet X/5 (top port)

Ethernet X/6 (bottom port)

Ports 5 and 6 are paired together to form a hardware bypass pair.

6

Bypass LEDs B1 through B3:

  • Green—In standby mode.

  • Amber, flashing—Port is in hardware bypass mode, failure event.

The 1-Gb SX /10-Gb SR/10-Gb LR network modules have the following insertion loss measurements. Insertion loss measurements help you to troubleshoot the network by verifying cable installation and performance.

Table 4. 1-Gb SX Network Module (FPR4K-NM-6X1SX-F)

Operating Mode

Typical

Maximum

Insertion loss

Normal

Hardware bypass

0.9 dB

1.2 dB

1.4 dB

1.7 dB

Core diameter (microns)

Modal bandwidth (MHz/km)

Cable distance

Note

 

Half the distance specified by the IEEE standard.

Cable and operating distance

62.5

62.5

50

50

50

160 (FDDI)

200 (OM1)

400

500 (OM2)

2000 (OM3)

110 m

137 m

250 m

275 m

500 m

Table 5. 10-Gb SR Network Module (FPR4K-NM-6X10SR-F)

Operating Mode

Typical

Maximum

Insertion loss

Normal

Hardware bypass

0.9 dB

1.2 dB

1.4 dB

1.7 dB

Core diameter (microns)

Modal bandwidth (MHz/km)

Cable distance

Note

 

Half the distance specified by the IEEE standard.

Cable and operating distance

62.5

62.5

50

50

50

50

160 (FDDI)

200 (OM1)

400

500 (OM2)

2000 (OM3)

4700 (OM4)

13 m

16.5 m

33 m

41 m

150 m

200 m

Table 6. 10-Gb LR Network Module (FPR4K-NM-6X10LR-F)

Operating Mode

Typical

Maximum

Insertion loss

Normal

Hardware bypass

1.2 dB

1.5 dB

1.6 dB

1.9 dB

Core diameter (microns)

Modal bandwidth (MHz/km)

Cable distance

Note

 

Half the distance specified by the IEEE standard.

Cable and operating distance

G.652

Single mode

5 km

Power Supply Modules

The Firepower 4100 supports two AC or DC power supply modules so that dual power supply redundancy protection is available. Facing the back of the chassis, the power supply modules are numbered left to right, for example, PSU1 and PSU2.


Note

The system power requirements are lower than the power supply module capabilities. See Hardware Specifications for the system power requirements.


Note

After removing power from the chassis either by moving the power switch to OFF or unplugging the power cord, wait at least 10 seconds before turning power back ON.


Attention

Make sure that one power supply module is always active.

See Remove and Replace the Power Supply Module for the procedure for removing and replacing the power supply module.

AC Power Supply

The power supplies can supply up to 1100-W power across the input voltage range. The load is shared when both power supply modules are plugged in and running at the same time. The power supply modules are hot-swappable.

Table 7. AC Power Supply Module Hardware Specifications

Description

Specification

Input voltage

100 to 240 V AC

Maximum current

13 A (at 100 V AC)

Note

 

The system power requirements are lower than the power supply module capabilities. See Hardware Specifications for the system power requirements.

Maximum output power

1100 W

Frequency

50 to 60 Hz

Redundancy

1+1 redundant

Efficiency at 50% load

92%

DC Power Supply

The power supplies can supply up to 950 W of power across the input voltage range. The load is shared when both power supply modules are plugged in and running at the same time. The power supply modules are hot-swappable.

Table 8. DC Power Supply Module Hardware Specifications

Description

Specification

Input voltage

-40 to -60 V DC

Maximum current

26 A (at 40 V DC)

Maximum output power

950 W

Redundancy

1+1 redundant

Efficiency at 50% load

92%

Power Supply Module LEDs

The following figure shows the two-color power supply LEDs. The LEDs are located on the upper right side.

Figure 14. Power Supply Module LEDs

1

Amber FAIL LED

2

Green OK LED

The following table describes the power module supply LEDs and their states.

Table 9. Power Supply Module LEDs

Amber LED (Fail Status)

Green LED (OK Status)

No power to all power supplies

Off

Off

Power supply module failure

Includes overvoltage, overcurrent, overtemperature, and fan failure

On

Off

Power supply module warning events

Power supply continues to operate.

With high temperature, high power, and slow fan

1 Hz flashing

Off

Power is present.

3.3 VSB on (power supply module off)

Off

1 Hz flashing

Power supply module is OK and on.

Off

On

Fan Modules

The Firepower 4100 requires six fan modules, which are hot-swappable. They are installed in the rear of the chassis. The system supports operation with a single fan failure (N+1 fan redundancy), but do not run the system for an extended amount of time without all fan modules installed. Keep removal and replacement time at three minutes. Remove and replace one fan module at a time.

If you remove a fan or a fan fails, the other fans operate at full speed, which can be noisy.

The fan modules are numbered left to right, for example, FAN1, FAN2, FAN3, FAN4, FAN5, and FAN6. See Remove and Replace the Fan Module for the procedure for removing and replacing the fan module.

The following figure shows the location of the fan LED.

Figure 15. Fan LED

1

Two-color LED

The fan module has one two-color LED, which is located on the upper left corner of the fan.

  • Amber—Fan failure.

  • Green—Fan running normally. It may take up to one minute for the LED status to turn green after power is on.

Supported SFP/SFP+ and QSFP Transceivers

The SFP/SFP+ transceivers are bidirectional devices with a transmitter and receiver in the same physical package. It is a hot-swappable optical or electrical (copper) interface that plugs into the SFP/SFP+ ports on the fixed ports and the network module ports, and provides Ethernet connectivity.


Warning
Use appropriate ESD procedures when inserting the transceiver. Avoid touching the contacts at the rear, and keep the contacts and ports free of dust and dirt. Keep unused transceivers in the ESD packing that they were shipped in. The following figure shows a sample SFP transceiver.
Figure 16. SFP

1

Dust plug

2

Bail clasp

3

Receive optical bore

4

Transmit optical bore

Safety Warnings

Take note of the following optical connection warnings:


Warning

Statement 1051—Laser Radiation

Invisible laser radiation may be emitted from disconnected fibers or connectors. Do not stare into beams or view directly with optical instruments.


Warning

Statement 1055—Class 1/1M Laser

Invisible laser radiation is present. Do not expose to users of telescopic optics. This applies to Class 1/1M laser products.

The following table lists the Cisco supported transceivers.

Table 10. Supported Cisco SFP/SFP+ Transceivers

Optics Type

PID

1 Gb

1G-SX

GLC-SX-MMD

1G-LH/LX

GLC-LH-SMD

1G-EX

GLC-EX-SMD

1G-ZX

GLC-ZX-SMD

1G 1000Base-T

GLC-T

1G 1000Base-T

GLC-TE

10 Gb

10G-SR

SFP-10G-SR

10G-SR-S

SFP-10G-SR-S

10G-LR

SFP-10G-LR

10G-LR-S

SFP-10G-LR-S

10G-LRM

SFP-10G-LRM

10G-ER

SFP-10G-ER

10G-ER-S

SFP-10G-ER-S

10G-ZR-S

SFP-10G-ZR-S

10G Cu, 1m

SFP-H10GB-CU1M

10G Cu, 1.5m

SFP-H10GB-CU1-5M

10G Cu, 2m

SFP-H10GB-CU2M

10G Cu, 2.5m

SFP-H10GB-CU2-5M

10G Cu, 3m

SFP-H10GB-CU3M

10G Cu, 5m

SFP-H10GB-CU5M

10G Cu, 7m

SFP-H10GB-ACU7M

10G Cu, 10m

SFP-H10GB-ACU10M

10G AOC, 1m

SFP-10G-AOC1M

10G AOC, 2m

SFP-10G-AOC2M

10G AOC, 3m

SFP-10G-AOC3M

10G AOC, 5m

SFP-10G-AOC5M

10G AOC, 7m

SFP-10G-AOC7M

10G AOC, 10m

SFP-10GAOC10M

40 Gb

40G-SR4

QSFP-40G-SR4

40G-SR4-S

QSFP-40G-SR4-S

40G-CSR4

QSFP-40G-CSR4

40G-SR-BD

QSFP-40G-SR-BD

40GE-LR4

QSFP-40GE-LR4

40GE-LR4-S

QSFP-40GE-LR4-S

40G-LR4L

WSP-Q40GLR4L

40G-CU, 1M, 3M, 5M

QSFP-H40G-CU

40G-4X10G-CU, 1M, 3M, 5M

QSFP-4SFP10G-CU

40G-CU-A, 7M, 10M

QSFP-H40G-ACU

40G-4X10G-CU-A, 7M, 10M

QSFP-4X10G-AC

40G-AOC, 1M, 2M, 3M, 5M, 7M, 10M, 15M

QSFP-H40G-AOC

100Gb
100G-FR QSFP-100G-FR-S

Hardware Specifications

The following table contains hardware specifications for the Firepower 4100.

Table 11. Firepower 4100 Hardware Specifications

Specification

4112

4115

4125

4145

Dimensions (H x W x D)

1.75 x 16.89 x 29.7 inches (4.44 x 42.90 x 75.43 cm)

1.75 x 16.89 x 31.52 inches (4.44 x 42.90 x 80.06 cm) with fans

Weight

39.4 lb (17.87 kg) two power supply modules, two network modules, six fans

31.4 lb (14.24 kg) no power supply modules, no network modules, no fans

System power

AC: 100/240 V AC 10 A (at 100 V), 50 to 60 Hz

DC: -40 V DC to -60 V DC, 26 A (at -40 V)

Temperature

Operating: 32 to 104° F (0 to 40° C) at sea level

1° C reduction of maximum for every 1000 ft (305 m) above sea level

Nonoperating: -40 to 149°F (-40 to 65° C)

NEBS operating temperature

Firepower 4125 only

Long term: 32 to 113° F (0 to 45° C) up to 6000 ft (1829 m)

Long term: 32 to 95° F (0 to 35° C) up to 6000-13,000 ft (1829-3964 m)

Short term: 23 to 131°F (-5 to 55° C) up to 6000 ft (1829 m)

Humidity

Operating and nonoperating: 5 to 95% noncondensing

Altitude

Operating: 10,000 ft maximum (3048 m)

Nonoperating: 15,000 ft maximum (4570 m)

NEBS operating altitude

Firepower 4125 only

0 to 13,000 ft (3962 m)

Sound pressure

63 dBa (typical)

74 dBa (maximum)

Declared sound power

76 dB (typical)

87 dB (maximum)

Product ID Numbers

The following table lists the PIDs associated with the Firepower 4100. All of the PIDs in the table are field-replaceable. If you need to get a return material authorization (RMA) for any component, see Cisco Returns Portal for more information.


Note
See the show inventory command in the Cisco Firepower 4100/9300 FXOS Command Reference, in the Cisco Firepower Threat Defense Command Reference, or in the Cisco ASA Series Command Reference for the procedure to display a list of the PIDs for your Firepower 4100.
Table 12. Firepower 4100 PIDs

PID

Description

FPR4112-ASA-K9

Cisco Firepower 4112 ASA appliance, 1 RU, two network module bays

FPR4112-NGFW-K9

Cisco Firepower 4112 NGFW appliance, 1 RU, two network module bays

FPR4112-NGFW-K9

Cisco Firepower 4112 NGIPS appliance, 1 RU, two network module bays

FPR4115-ASA-K9

Cisco Firepower 4115 ASA appliance, 1 RU, two network module bays

FPR4115-NGFW-K9

Cisco Firepower 4115 NGFW appliance, 1 RU, two network module bays

FPR4115-NGIPS-K9

Cisco Firepower 4115 NGIPS appliance, 1 RU, two network module bays

FPR4125-ASA-K9

Cisco Firepower 4125 ASA appliance, 1 RU, two network module bays

FPR4125-NGFW-K9

Cisco Firepower 4125 NGFW appliance, 1 RU, two network module bays

FPR4125-NGIPS-K9

Cisco Firepower 4125 NGIPS appliance, 1 RU, two network module bays

FPR4145-ASA-K9

Cisco Firepower 4145 ASA appliance, 1 RU, two network module bays

FPR4145-NGFW-K9

Cisco Firepower 4145 NGFW appliance, 1 RU, two network module bays

FPR4145-NGIPS-K9

Cisco Firepower 4145 NGIPS appliance, 1 RU, two network module bays

FPR4K-ACC-KIT2

Firepower hardware accessory kit containing rack mounts and cables

FPR4K-ACC-KIT2=

Firepower hardware accessory kit containing rack mounts and cables (spare)

FPR4K-S-FAN

Fan

FPR4K-S-FAN=

Fan (spare)

FPR4K-NM-2X40G-F

2-port 40-Gb SR hardware bypass network module

FPR4K-NM-2X40G-F=

2-port 40-Gb SR hardware bypass network module (spare)

FPR4K-NM-4X40G

4-port 40-Gb QSFP+ network module

FPR4K-NM-4X40G=

4-port 40-Gb QSFP+ network module (spare)

FPR4K-NM-6X10LR-F

6-port 10-Gb LR hardware bypass network module

FPR4K-NM-6X10LR-F=

6-port 10-Gb LR hardware bypass network module (spare)

FPR4K-NM-6X10SR-F

6-port 10-Gb SR hardware bypass network module

FPR4K-NM-6X10SR-F=

6-port 10-Gb SR hardware bypass network module (spare)

FPR4K-NM-6X1SX-F

6-port 1-Gb SX fiber hardware bypass network module

FPR4K-NM-6X1SX-F=

6-port 1-Gb SX fiber hardware bypass network module (spare)

FPR4K-NM-8X10G

8-port 10-Gb SFP+ network module

FPR4K-NM-8X10G=

8-port 10-Gb SFP+ network module (spare)

FPR4K-NM-8X1G-F

8-port 1-Gb copper hardware bypass network module

FPR4K-NM-8X1G-F=

8-port 1-Gb copper hardware bypass network module (spare)

FPR4K-NM-2X100G

2-port 100-Gb single-wide network module

FPR4K-NM-2X100G=

2-port 100-Gb single-wide network module (spare)

FPR4K-NM-BLANK

Network module blank slot cover

FPR4K-NM-BLANK=

Network module blank slot cover (spare)

FPR4K-PSU-BLANK

Chassis power supply module blank slot cover

FPR4K-PSU-BLANK=

Chassis power supply module blank slot cover (spare)

FPR4K-PWR-AC-1100

1100-W AC power supply module

FPR4K-PWR-AC-1100-

1100-W AC power supply module (spare)

FPR4K-PWR-DC-950

950-W DC power supply module

FPR4K-PWR-DC-950=

950-W DC power supply module (spare)

FPR4K-RACK-MNT

Rack-mount kit

FPR4K-RACK-MNT=

Rack-mount kit (spare)

FPR4K-CBL-MGMT

Cable management brackets

FPR4K-CBL-MGMT=

Cable management brackets (spare)

FPR4K-SSD-BBLKD

SSD slot carrier

FPR4K-SSD-BBLKD=

SSD slot carrier (spare)

FPR4K-SSD400

400-GB SSD for Firepower 4112 and 4115

FPR4K-SSD400=

400-GB SSD for Firepower 4112 and 4115 (spare)

FPR4K-SSD800

800-GB SSD for Firepower 4125 and 4145

FPR4K-SSD800=

800-GB SSD for Firepower 4125 and 4145 (spare)

Power Cord Specifications

Each power supply has a separate power cord. Standard power cords are available for connection to the security appliance.

If you do not order the optional power cord with the system, you are responsible for selecting the appropriate power cord for the product. Using a incompatible power cord with this product may result in electrical safety hazard. Orders delivered to Argentina, Brazil, and Japan must have the appropriate power cord ordered with the system.


Note

Only the approved power cords or jumper power cords provided with the security appliance are supported.

The following power cords are supported.

Figure 17. Argentina CAB-9K10A-AR

1

Plug: IRAM 2073

2

Cord set rating: 10 A, 250 V

3

Connector: IEC 60320-C15

Figure 18. Australia CAB-9K10A-AU

1

Plug: A.S. 3112-2000

2

Cord set rating: 10 A, 250 V

3

Connector: IEC 60320-C15

Figure 19. Brazil CAB-250V-10A-BR

1

Plug: EL223 (NBR 14136)

2

Cord set rating: 10 A, 250 V

3

Connector: EL 701B (EN 60320/C13)

Figure 20. Brazil PWR-CORD-G2A-BZ

1

Plug: NBR 14136

2

Cord set rating: 10 A, 250 V

3

Connector: IEC 60320-C13

Figure 21. China CAB-9K10A-CH

1

Plug: CCC GB2099.1, GB1002

2

Cord set rating: 10 A, 250 V

3

Connector: IEC 60320-C15

Figure 22. Denmark CAB-TA-DN

1

Plug: DK3

2

Cord set rating: 10 A, 250 V

3

Connector: IEC 60320-C13

Figure 23. Europe CAB-AC-EUR

1

Plug: CEE 7/7

2

Cord set rating: 10 A, 250 V

3

Connector: IEC 60320-C15

Figure 24. India CAB-250V-10A-ID

1

Plug: IS 6538-1971

2

Cord set rating: 10 A, 250 V

3

Connector: IEC 60320-C13

Figure 25. Israel CAB-250V-10A-IS

1

Plug: SI-32

2

Cord set rating: 10 A, 250 V

3

Connector: IEC 60320-C13

Figure 26. Italy CAB-9K10A-IT

1

Plug: CEI 23-16/VII

2

Cord set rating: 10 A, 250 V

3

Connector: IEC 60320-C15

Figure 27. Korea CAB-9K10A-KOR

1

Plug: CEE 7/7

2

Cord set rating: 10 A, 250 V

3

Connector: IEC 60320-C19

Figure 28. Japan CAB-L620P-C13-JPN

1

Plug: NEMA L6-20P

2

Cord set rating: 15 A, 250 V

3

Connector: IEC 60320-C13

Figure 29. Japan CAB-TA-JP

1

Plug: NEMA5-15P/JIS 8303

2

Cord set rating: 12 A, 125 V

3

Connector: IEC 60320-C15

Figure 30. North America CAB-TA-NA

1

Plug: NEMA5-15P

2

Cord set rating: 12 A, 125 V

3

Connector: IEC 60320-C15

Figure 31. Saudi Arabia ATA187PWRCORD-SAUD

1

Plug: BS1363A/SS145

2

Cord set rating: 10 A, 250 V

3

Connector: IEC 60320-C13

Figure 32. South Africa CAB-9K10A-SA

1

Plug: SABS 164

2

Cord set rating: 10 A, 250 V

3

Connector: IEC 60320-C15

Figure 33. Switzerland CAB-9K10A-SW

1

Plug: SEV 1011

2

Cord set rating: 10 A, 250 V

3

Connector: IEC 60320-C15

Figure 34. Taiwan CAB-9K10A-TWN

1

Plug: CNS10917-2

2

Cord set rating: 10 A, 125 V

3

Connector: IEC 60320-C15

Figure 35. United Kingdom CP-PWR-CORD-UK

1

Plug: BS1363A/SS145

2

Cord set rating: 10 A, 250 V

3

Connector: IEC 60320-C13