DefensePro and DefensePro Virtual Appliance Data Sheet

Cisco® Secure DDoS Protection – On-Premises

Distributed denial of service (DDoS) attacks, enabled by massive IoT botnets, seek to overwhelm the network with unwanted traffic, causing service disruptions and preventing legitimate users from accessing
business-critical applications. Cisco Secure DDoS Protection defends against both network layer (L3/4) and application layer (L7) attacks using advanced behavioral detection and real-time signature creation to accurately identify malicious traffic and ensure that the network services and applications are available for legitimate users.

DefensePro® and DefensePro® Virtual Appliance (VA) are part of the Cisco Secure DDoS portfolio of solutions.

DefensePro Hardware Appliances

	DefensePro 6	DefensePro 20	DefensePro 60	DefensePro 110/220	DefensePro 200/400
Programmable mitigation performance
On-Demand Scalable Clean Throughput Licenses	DP model 6-02 - 200 Mbps DP model 6-05 - 500 Mbps DP model 6-1 - 1 Gbps DP model 6-2 - 2 Gbps DP model 6-3 - 3 Gbps DP model 6-5 - 5 Gbps	DP model 20-2 - 2 Gbps DP model 20-4 - 4 Gbps DP model 20-8 - 8 Gbps DP model 20-12 - 12 Gbps	DP model 60-10 -10 Gbps DP model 60-20 -20 Gbps DP model 60-40 -40 Gbps	DP model 110-40-40 Gbps DP model 220-120 -120 Gbps	DP model 200-80 -80 Gbps DP model 400-160 -160 Gbps
Max Programmable Mitigation Throughput	6 Gbps	20 Gbps	60 Gbps	110 Gbps/220 Gbps	200 Gbps/400 Gbps
Max Attack Concurrent Sessions	Unlimited
Max DDoS Flood Attack Prevention Rate	7,200,000 pps	27,500,000 pps	27,500,000 pps	50,000,000 pps/ 142,000,000 pps	292,000,000 pps
SSL/TLS Connections per Second	50KCPS (RSA 2K)	83KCPS (RSA 2K)	83KCPS (RSA 2K)	150KCPS (RSA 2K)	-
Latency	<60 microseconds
Real-Time Signatures	Detect attacks and protect in less than 18 seconds
Blocking performance
Accelerated Blocking Throughput	-	240 Gbps	240 Gbps	800 Gbps	760 Gbps
Accelerated Blocking (pps)	-	0.357 billion	0.357 billion	1.19 billion	0.827 billion
Inspection ports
10/100/1000 Copper Ethernet	6	-	-	-	-
1 GE/10 GE	2 (SFP+)	24 (SFP+)	24 (SFP+)	-	20 (SFP+)
1 GE/10 GE/ 25 GE	-	-	-	24 (SFP+/SFP28)	-
40 GE	-	-	-	max. 8/min. 4 (QSFP+)	4 (QSFP+)
100 GE	-	-	-	max. 4/min. 0 (QSFP28)	4 (QSFP28)
Management ports
10/100/1000 Copper Ethernet	2
Management Console	RJ-45
Operation mode
Network Operation	Transparent L2 Forwarding	Transparent L2 Forwarding, IP Forwarding
Deployment Modes	Inline, SPAN port monitoring, Copy port monitoring, Out-of-path mitigation (scrubbing center solution)
Tunneling Protocols	VLAN Tagging, L2TP, MPLS, GRE, GTP, IPinIP
IPv6	Yes
Jumbo Frame	-	Supported
Block Actions	Drop packet, reset (source, destination, both), suspend (source IP address, source port, destination IP address, destination port, or any combination), challenge-response for TCP, HTTP, and DNS suspicious traffic
High availability
Fail-Open/Fail-Close[1]	Internal fail-open/fail-close for integrated copper ports; internal fail-close for fiber ports or optical transceivers (i.e., SFP+)	Internal fail-close for optical transceivers (i.e., SFP+)		Internal fail-close for optical transceivers (e.g., SFP+, SFP28, QSFP+, SFP28)
Dual Power Supply	Yes, hot swappable
Physical
Dimensions (W x D x H) mm	436 x 406 x 44 mm (1U) EIA rack or standalone: 482 mm (19 in)	436 X 480 X 88 mm (2U) EIA rack or standalone: 482 mm (19 in)	436 X 480 X 88 mm (2U) EIA rack or standalone: 482 mm (19 in)	482 x 550 x 87 mm (2U) EIA rack or standalone: 482 mm (19 in)	424 x 600 x 88 mm (2U) EIA rack or standalone: 482 mm (19 in)
Weight	Single power supply: 6 kg (13.2 lbs) Dual power supply: 6.5 kg (14 lbs)	Dual power supply: 13.2 kg (29 lbs)	Dual power supply: 13.2 kg (29 lbs)	Dual power supply: 14.5 kg (31.9 lbs)	Dual power supply: 18.7 kg (41.2 lbs)
Power Supply (Auto-Range)	80 plus certified AC:100–120V/200–240V, 47–63 Hz DC: -36 to -72V	80 plus certified AC:100–120V/200–240V, 47–63 Hz DC: -36 to -72V	80 plus certified AC:100–120V/200– 240V, 47–63 Hz DC: -36 to -72V	80 plus certified AC:100-120V/200- 240V, 47-63 Hz DC: -36 to -72V	80 plus certified AC:100–120V/200–240V, 47–63 Hz DC: -36 to -72V
Power Consumption	Single and dual power supply: 140W	Dual power supply: 320W		Dual power supply: 550W	Dual power supply: 890W
Heat Dissipation	Single and dual power supply: 480 BTU/h	Dual power supply: 1088 BTU/h		Dual power supply: 1880 BTU/h	Dual power supply: 2930 BTU/h
Operating Temperature	0°–40°C (32°–104°F)
Humidity	5% to 95% noncondensing
Compliance & certifications
Compliance
RoHS	Compliant (EU directive 2011/65/EU, 2015/863/EU)
Safety/EMC/EMI	FCC Part 15, Class A; IC ICES-003; UL 60950-1:2007 R12.11; CAN/CSA-C22.2 No. 60950-1-07+A1:2011; EN 60950-1:2006+A11: 2009+A1:2010+A12: 2011+A2:2013; IEC 60950-1:2005 (Second Edition)+Am 1:2009+Am 2:2013; EN 60950-1:2006+A11:2009; AS/NZS 60950.1:2015	FCC Part 15, Class A; IC ICES-003; UL 60950-1:2007 R10.14; CAN/CSA-C22.2 No.60950-1-07+A1:2011+A2:2014; EN 55022:2010/AC:2011 Class A; EN 61000-3-2:2014; EN 61000-3-3:2013; EN 55024:2010; IEC 61000-4-2:2008; IEC 61000-4-3:2006+A1:2007; IEC 61000-4-4:2012; IEC 61000-4-5:2014; IEC 61000-4-6:2013; IEC 61000-4-8:2009; IEC 61000-4-11:2004; IEC 61000-4-12:2006; IEC 60950-1:2005 (Second Edition)+Am 1:2009+Am 2:2013; EN 60950-1:2006+A11:2009+A1 :2010+A12:2011+A2:2013; NEBS		FCC Part 15, Subpart B, Class A; IC ICES- 003:2016 Issue 6, Class A; ANSI C63.4:2014; UL 60950-1:2007 R10.14; CAN/CSA-C22.2 No.60950-1-07+A1:2011+A2:2014; UL 62368-1:2007 R10.14; CAN/CSA-C22.2 No. 62368-1-14; EN 55024:2010; EN 55032:2015 +AC:2016 / CISPR 32:2015+COR1:2016 / AS/NZS CISPR 32:2015, Class A; EN 300 386 V2.1.1 (2016-07); EN 61000-3-2:2014; EN 61000-3-3:2013; EN 61000-4-2:2009; EN 61000-4-3:2006+A1:2008 +A2:2010; EN 61000-4-4:2012; EN 61000-4-5:2014; EN 61000-4-6:2014; EN 61000-4-8:2010; EN 61000-4-11:2004	FCC Part 15B (Class A); ANSI C63.4:2014; CISPR 32:2012/2015, Class A; AS/NZS CISPR 32:2013/2015, Class A; IEC 60950-1:2005/AMD1:2009; IEC 60950-1:2005/AMD2:2013; IEC 60950-1:2005; EN 60950-1: 2006/A11: 2009/ A1:2010/ A12: 2011/A2:2013; AS/NZS 60950.1:2015; IEC 62368-1:2014; EN 62368-1:2014/A11:2017; AS/NZS 62368.1:2018; EN 300 386 V2.1.1(2016-07), Class A; EN 55032:2015 +AC:2016; EN 61000-3-2:2014, Class A; EN 61000-3-3:2013; EN 61000-4-2:2009, EN 61000-4-3:2006+A1:2008 +A2:2010; EN 61000-4-4:2012; EN 61000-4-5:2014; EN 61000-4-6:2014
Certifications	CCC (China), TUV (U.S., Canada), CE (Europe), FCC (U.S.), KCC (Korea), BSMI (Taiwan), EAC (Russia), VCCI (Japan), Anatel (Brazil), SDPPI (Indonesia)	CCC (China), TUV (U.S., Canada), CE (Europe), FCC (U.S.), KCC (Korea), BSMI (Taiwan), EAC (Russia), VCCI (Japan), Anatel (Brazil), SDPPI (Indonesia)		CCC (China), TUV (US, Canada), CE (Europe), FCC (US), KCC (Korea), BSMI (Taiwan), EAC (Russia), VCCI (Japan), Anatel (Brazil)	CCC (China), UL (U.S., Canada), CE (Europe), FCC (U.S.), KCC (Korea), EAC (Russia), VCCI (Japan), Anatel (Brazil)

DefensePro Virtual Appliance (DPVA)

	DefensePro VA for Private Clouds
Hypervisor	KVM kernel 3.19, QEMU 2.0, VMware (ESX server versions: 6.0, 6.5, 6.7)
Minimum VM Requirements	2 vCPUs, 16 GB RAM, 10 GB storage
Performance[2]
On-Demand Scalable Throughput Licenses	DefensePro VA 200 Mbps, 500 Mbps, 1 Gbps, 2 Gbps, 5 Gbps, 10 Gbps, 20 Gbps[3]
Max Mitigation Capacity/Throughput	Up to 50 Gbps per DefensePro VA instance
Max Legit Concurrent Sessions	1,000,000 sessions per vCPU
Max Attack Concurrent Sessions	Unlimited
Max DDoS Flood Attack Prevention Rate	Up to 950,000 pps per vCPU
Latency	<60 microseconds
Real-Time Signatures	Detect attacks and protect in less than 18 seconds
Inspection ports
10 GE, 25 GE, 40 GE	2 (Intel Ethernet Server Adapter X520, 10 GE; Intel Ethernet Controller XL710, 40 GE), PCI Passthrough
10 GE, 25 GE, 40 GE	4 (Intel Ethernet Network Adapter XXV710, 10 GE, 25 GE), SRIOV
Management ports
Ethernet	Via virtual interface (virtio)
Management Console	KVM Virsh; VMware Serial Port
Operation mode
Network Operation	Transparent L2 Forwarding/IP Forwarding
Deployment Modes	In-line
Tunneling Protocols	VLAN Tagging, L2TP, MPLS, GRE, GTP, IPinIP
IPv6	Yes
Jumbo Frame	Up to 2 KB
Block Actions	Drop packet, reset (source, destination, both), suspend (source IP address, source port, destination IP address, destination port, or any combination), challenge-response for TCP, HTTP, and DNS suspicious traffic

	DefensePro VA for Private Clouds
Native Public Cloud Support	AWS, Azure
Minimum VM Requirements	2 vCPUs, 16 GB RAM, 10 GB storage
Performance
Max Mitigation Capacity/Throughput	Up to 25 Gbps per DefensePro VA instance
Max Legit Concurrent Sessions	1,000,000 sessions per vCPU
Max Attack Concurrent Sessions	Unlimited
Max DDoS Flood Attack Prevention Rate	Up to 500,000 pps per vCPU
Inspection ports
Ethernet	1 or 2 inspection ports for typical deployments. Additional inspection ports up to a limit supported by the instance type.
Management ports
Ethernet	1 port
Operation mode
Network Operation	AWS: Symmetric inspection, IP Forwarding Mode Azure: Asymmetric inspection, Destination NAT Forwarding Mode
Deployment Mode	AWS: In-VPC or Security VPC Azure: In-VPC
High availability
Active:Active	AWS and Azure: Integration with AWS Gateway Load Balancer and Azure Load Balancer
Fail-Open/Fail-Close	AWS: With Radware-provided Lambda function

[1] External fiber fail-open switch is available at additional cost.

[2] Performance figures assume Intel® server-grade processor with 3 GHz

[3] 20 Gbps Throughput License supported on KVM

DefensePro and DefensePro Virtual Appliance Data Sheet

Available Languages

Download Options

Bias-Free Language

Available Languages

Download Options

Table of Contents

Our experts recommend

Learn more