Explore Cisco
How to Buy

Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Cisco Secure Firewall Management Center (formerly Firepower Management Center) Data Sheet

Data Sheet

Available Languages

Download Options

  • PDF
    (670.3 KB)
    View with Adobe Reader on a variety of devices
Updated:October 22, 2021

Available Languages

Download Options

  • PDF
    (670.3 KB)
    View with Adobe Reader on a variety of devices
Updated:October 22, 2021
 

 

The Cisco Secure Firewall Management Center (Firepower Management Center) increases the effectiveness of your Cisco® firewalls by providing centralized, integrated, and streamlined management.

Product overview

The Cisco Secure Firewall Management Center is the administrative nerve center for select Cisco security products running on multiple platforms. It provides unified management of Cisco Secure Firewalls with Firewall Threat Defense (FTD) software for port and protocol control, application control, IPS, URL filtering, and malware protection functions. Firewall Management Center is the centralized event and policy manager for:

      Cisco Secure Firewall with the Firewall Threat Defense (FTD) OS

      Cisco ASA with FirePOWER Services

      Cisco Secure IPS (Firepower Next-Gen IPS / NGIPS)

      Cisco FirePOWER Threat Defense for ISR

      Cisco Malware Defense (AMP)

Firewall Management Center (FMC) provides extensive intelligence about the users, applications, devices, threats and vulnerabilities that exist in your network. It also uses this information to analyze your network’s vulnerabilities. It then provides tailored recommendations regarding security policies to implement, plus prioritization of security events to investigate.

FMC provides easy-to-use policy screens to control access and guard against known attacks. It integrates with advanced malware protection and sandboxing technology, and it provides tools to track malware infections throughout your network. It unifies all these capabilities in a single management interface. You can perform a variety of functions, from core firewall management to controlling applications to investigating and remediating malware outbreaks.

Centralized Policy, Event, and Device Management

Figure 1.            

Centralized Policy, Event, and Device Management

Enterprise-Class Management

FMC discovers real-time information about changing network resources and operations. You get a full contextual basis for making informed decisions (see Figure 1). In addition to providing a wide breadth of intelligence, FMC delivers a fine level of detail, including:

      Trends and high-level statistics. This information helps you understand your security posture at a given moment in time as well as how it’s changing, for better or worse

      Event detail, compliance, and forensics. These provide an understanding of what happened during a security event. They help improve defenses, support breach containment efforts, and aid in legal enforcement actions

      Workflow data. You can easily export this data to other solutions to improve incident response management

Features and benefits

Feature

Benefit

Unified management of multiple security functions across multiple solutions

Facilitates the centralized management of the Cisco security environment, including:

  Cisco Secure Firewall with Firewall Threat Defense (FTD) OS
  Cisco ASA with FirePOWER Services
  Cisco Secure IPS (Firepower Next-Gen IPS / NGIPS)
  Cisco FirePOWER Threat Defense for ISR
  Cisco Malware Defense (AMP)

Integrated policy management over multiple security functions

  Configures firewall access, application control, threat prevention, URL filtering, and advanced malware protection settings in a single policy
  Eases policy administration, reduces errors, and promotes consistency Enables a single policy to be deployed to multiple security solutions

Integrated access policy control with Cisco Identify Services Engine (ISE)

  Controls access based on Cisco ISE security group tag, device type and location IP, and rapid threat containment
  Helps enforce compliance, enhance infrastructure security, and streamline service operation

Threat intelligence

  Integrates Cisco Talos ® Group’s security, threat, and vulnerability intelligence for up-to-minute threat protection
  Addresses new attack methods with both IP-based and URL-based security intelligence
  Enables ingestion and correlation of threat intelligence from third-party threat feeds and threat intelligence platforms in STIX/TAXII or flat file formats

Application visibility and control

  Further reduces threats to your network with precise control of more than 3500 commercial applications
  Uses the open-source standard Open App ID for detailed identification and control over custom applications

Multitenancy management and policy inheritance

  Creates up to 100 management domains with separate event data, reporting, and network mapping, enforced through role-based access control
  Implements consistent and efficient management through its policy hierarchy structure, with each level inheriting policies above it

Reporting and dashboards

  Provides the visibility you need through customizable dashboards with custom and template-based reports
  Delivers comprehensive alerts and reports for both general and focused information
  Displays event and contextual information in hyperlinked tables, graphs, and charts for easy-to-use analysis
  Monitors network behavior and performance to identify anomalies and maintain system health

Secure boot

Secure boot is a mechanism to validate the integrity of Cisco software running on the FMC hardware as your system boots. If a signature is missing or software is invalid, it will not load and boot will fail. (FMC 1600, FMC 2600, FMC 4600 only)

 

Single Policy for multiple security functions

Figure 2.            

Single Policy for multiple security functions

Exceptional visibility and insight

You can’t protect what you can’t see. FMC automatically collects, collates, and displays contextual information about everything running in your environment. Table 1 illustrates the breadth of contextual awareness provided into threat vectors that more traditional security technologies do not detect. This critical insight into your network is available for use in your protection policies and gives you a level of protection that other solutions cannot.

Table 1.        Full stack visibility

Category

Cisco Firepower Management Center

Typical IPS

Typical Next-Generation Firewall

Threats

Yes

Yes

Yes

Users

Yes

Yes

Yes

Web applications

Yes

No

Yes

Application protocols

Yes

No

Yes

File transfers

Yes

No

Yes

Malware

Yes

No

No

Command-and-control servers

Yes

No

No

Client applications

Yes

No

No

Network servers

Yes

No

No

Operating systems

Yes

No

No

Routers and switches

Yes

No

No

Mobile devices

Yes

No

No

Printers

Yes

No

No

VoIP phones

Yes

No

No

Virtual machines

Yes

No

No

Vulnerability information

Yes

No

No

Management before, during, and after an attack

FMC provides unified management across the entire “attack continuum”— before, during, and after an attack.

Before

      Provides exceptional visibility into what is running in your network so you can see what needs to be protected

      Creates firewall rules, and controls how more than 4000 commercial and custom applications are used in your environment

During

      Defines the intrusion prevention levels, URL reputation rules, and advanced malware protection pieces to be put in place

      Applies policies such as: “When network traffic is coming from this country using this particular application with a file attached, I will apply this level of intrusion inspection and analyze the file for malware, and even send it to the integrated sandbox, if necessary”

After

      Generates a graphical representation of all the devices the attack has infected

      Provides the ability to easily create a custom rule to stop the attack from advancing

      Gives a detailed analysis of the malware to safely remediate it

Automated security for dynamic defense

      FMC continually monitors how your network is changing. It streamlines operations and improves your security by:

      Automatically correlating and prioritizing new attack events with your network’s vulnerabilities to alert you to attacks that may have been successful. Your security team can focus on those events that matter the most

      Analyzing your network’s vulnerabilities and automatically recommending the appropriate security policies to put in place. You can adapt your defenses to changing conditions and implement security measures tailored specifically to your network

      Correlating specific events from network, endpoint, intrusion, and security intelligence sources. You’re alerted if individual hosts show signs of compromise from unknown attacks

      Applying file policy criteria. If those are met, it automatically analyzes the file to identify known malware and/or sends the file to an integrated sandbox to identify unknown malware

Open APIs for easy integration

FMC makes integration with third-party technologies possible through powerful, feature-rich application programming interfaces. The APIs provide connection points for:

      Moving event data from Threat Defense Manager to another platform, such as a Security Information and Event Management (SIEM) solution

      Enhancing the information contained in the Cisco IPS database with third-party data. Such data might include vulnerability management

      Kicking off workflows and remediation steps that are activated by user-defined correlation rules. You could, for example, integrate your workflow with a Network Access Control (NAC) solution to quarantine an infected endpoint or initiate a digital forensic process

      Supporting third-party reporting and analytics by enabling those solutions to query the Threat Defense Manager database

These APIs are also used to integrate with a number of Cisco security products and workflows. These include Cisco Secure Malware Analytics (formerly Cisco AMP Threat Grid) for sandboxing; the Cisco Identity Services Engine (ISE) for identity data and network segmentation; and Cisco Umbrella for Internet-wide domain visibility.

Threat Intelligence Director

The Threat Intelligence Director is an integrated module within FMC. Using open APIs, it facilitates the ingestion of third-party threat intelligence from sources such as threat feeds and Threat Intelligence Platforms (TIPs). The director supports the ingestion of Structured Threat Information Expression (STIX) and the Trusted Automated Exchange of Indicator Information (TAXII) or select, flat (unformatted) file formats. The Threat Intelligence Director deconstructs the ingested intelligence into observables (IoCs), including IP (IPv4, IPv6), domain, URL, and SHA-256. These are published to Cisco security appliances, which can automatically block malicious activity inline or monitor the network for rapid response.

The Threat Intelligence Director operationalizes available threat intelligence with the following Cisco security solutions:

      Cisco Secure Firewall with FTD OS

      Cisco Secure IPS (formerly Firepower NGIPS)

Threat Intelligence Director Integrates Third-Party Security Intelligence

Figure 3.            

Threat Intelligence Director Integrates Third-Party Security Intelligence

To see the latest list of third-party cyber threat intelligence and TIP partners, visit the Cisco Technical Alliance Partners Listing.

SecureX and SecureX threat response

Cisco SecureX connects the breadth of Cisco’s integrated security portfolio and your entire security infrastructure for a consistent experience that unifies visibility, enables automation, and strengthens your security across the network, endpoint, cloud, and applications. The result is simplified security, built into the solutions that you already have.

SecureX’s threat response feature (formerly CTR) integrates threat intelligence from Cisco Talos and third-party sources to automatically research Indicators of Compromise (IOCs), also known as observables, and confirm threats quickly.

How does it work?

Cisco firewalls send data to SecureX threat response via a secure intermediary cloud service called Cisco Security Service Exchange (SSE). SecureX threat response queries SSE for sightings related to the IP address being investigated and provides the SOC analyst with the additional context. Intrusion events are promoted to investigation-worthy incidents in the Incident Manager, based on Talos IP reputation or user-defined filters, or by the user manually. This allows your team to investigate incidents and speeds up the time needed to perform triage and analytics on intrusion events.

SecureX is available for all Cisco Secure Firewall customers.

Deployment options

FMC can be deployed as a physical or virtual appliance, or from the cloud (Table 2). You can choose which options work best for your environment. The virtual appliances provide the convenience of being able to use your existing VM infrastructure. You can also use cloud computing services to host FMC. These services can help you manage security without you having to invest in computing power and database storage and they will give you the flexibility to scale quickly as needs change.

When using Threat Intelligence Director on NGFWv, for optimal performance, we recommend installing 15 GB memory on the host hardware. For FMC versions supported please visit the current release notes at https://www.cisco.com/c/en/us/support/security/defense-center/products-release-notes-list.html.

Hypervisor compatibility and cloud support

Firewall Management Center Virtual supports the following hypervisor types. All models of the FMC Virtual platform (VMware, KVM, AWS, Azure, GCP, and OCI) will operate with the same RAM requirements; 32 GB recommended, 28 GB required. For current versions supported and compatibility with FMC versions, visit the current Release Notes.

Table 2.        Virtual appliance hypervisor and cloud support

Hypervisor

Version and Details

VMware vSphere

5.1, 5.5, 6.0, 6.5

  ESXi Server
  vCenter Server (optional)
  vSphere Web Client, vSphere Client, or OVF Tool for Windows or Linux

KVM

  Ubuntu 14.04 LTS
  Red Hat Enterprise Linux (RHEL) Version 7.1

Amazon Web Services

  c3.4xlarge: 16 vCPUs, 30 GB
  c4.4xlarge: 16 vCPUs, 30 GB
  c5.4xlarge: 16 vCPUs, 32 GB

Microsoft Azure

Standard_D4_v2: 8 vCPUs, 28 GB

GCP

c2-standard-8: 8 vCPUs, 32 GB

c2-standard-16 : 16 vCPU, 64 GB

OCI

VM.Standard2.4, 60GB

Nutanix

Nutanix AHV (20201105.12 and later)

Hyperflex

Release 4.5(1a)

4-8 vCPUs, 28-32 GB for FMCv-2,10,25

32 vCPU, 64 GB for FMCv-300

Note:      Please refer to the Cisco Firepower Management Virtual Getting Started Guide for version compatibility details.

Platform specifications

There are a number of Firewall Management Center models. Choose the one that’s right for your organization, based on the number of sensor appliances to be monitored (both physical and virtual), the number of hosts in your environment, and the anticipated security events rate (see Table 3). All models provide the same management capabilities, including:

      Centralized device, license, event, and policy management

      Role-based management (segmented and isolated views and duties based on administrator role or group)

      Customizable dashboard with custom and template-based reports Comprehensive reporting and alerts for both general and focused information

      Event and contextual information displayed in hyperlinked tables, graphs, and charts Network behavior and performance monitoring

      Robust high-availability options to help ensure there’s no single point of failure Correlation and remediation features for real-time threat response

      Open APIs for integration with third-party solutions and customer work streams, such as firewalls, network infrastructure, log management, SIEM, trouble ticketing, and patch management

Table 3 compares the capacities of available Cisco Firewall Management Center physical appliances.

Table 3.        Cisco Firewall Management Center Firepower Hardware Models

Performance and Functionality

FMC 1600

FMC 2600

FMC 4600

Maximum number of sensors managed

50

300

750

Maximum IPS events

30 million

60 million

300 million

Management interface

Two built-in RJ-45 SFP+ ports; Support for 100 Mbps, 1 Gbps, and 10 Gbps; The primary management port is eth0. You can use eth1, eth2, and eth3 as secondary management or event ports.

USB ports

Two USB 3.0 Type A

VGA ports

One 3-row 15-pin DB-15 connector; Enabled by default

SFP ports

Two fixed SFP+ ports

Supported SFP+

SFP-10G-SR (10 GB)

SFP-10G-SR (10 GB)

SFP-10G-LR (10 GB)

SFP-10G-SR (10 GB)

SFP-10G-LR (10 GB)

Memory

32 GB

64 GB

128 GB

RDIMMs (Internal component only; not field replaceable)

Two 16-GB DDR4-2400-MHz DIMMs

Four 16-GB DDR4-2400- MHz DIMMs

Eight 16-GB DDR4-2400- MHz DIMMs

CPU

One Intel Xeon 4110 processor

Two Intel Xeon 4110 processors

Two Intel Xeon 4116 processors

Event storage space

900 GB

1.8 TB

3.2 TB

Maximum network map size (hosts/users)

550,000/50,000

150,000/150,000

600,000/600,000

Maximum flow rate (flows per second)

5,000 fps

12,000 fps

20,000 fps

Network interfaces

2 x 1 Gbps

2 x 1 Gbps RJ45 onboard

2 x 10 Gbps SFP+ (order SFPs via Cisco Commerce Workplace)

2 x 1 Gbps RJ45 onboard

2 x 10 Gbps SFP+ (order SFPs via Cisco Commerce Workplace)

Secure boot

Yes

Yes

Yes

Redundancy features

Supports high availability

Yes

Yes

Yes

System power

Two 770-W AC power supplies; Hot swappable and redundant as 1+1

Power consumption

2626 BTU/hr

Storage

Two 1.2 TB 10-K SAS HDDs

RAID-1, hot swappable

Four 600-GB 10-K SAS HDDs

RAID 5, hot-swappable

Ten 1.2 TB 10-K SAS HDDs

RAID-6, hot swappable

RAID controller

One; The chassis has a dedicated internal riser for a PCIe-style Cisco modular RAID controller card. Internal component only; not field replaceable

Physical and environmental

Form factor

1RU

1RU

1RU

Dimensions (D x W x H)

29.8 x 16.9 x 1.7 (75.7 x 43 x 4.3 cm)

Shipping weight

32.2 lb. (16.6 kg)

34.1 lb. (16.8 kg)

36 lb. (17.0 kg)

Watts (max)

770W

770W

770W

Power supply

100-240 VAC (nominal)

90-264 VAC (min/max)

9.5 amp max at 100 VAC

4.5 amp max at 208 VAC

100-240 VAC (nominal)

90-264 VAC (min/max)

9.5 amp max at 100 VAC

4.5 amp max at 208 VAC

100-240 VAC (nominal)

90-264 VAC (min/max)

9.5 amp max at 100 VAC

4.5 amps max at 208 VAC

Airflow

Front to back

Front to back

Front to back

Operating temperature

50 to 95°F (10 to 35°C)

For access to previous FMC model datasheets, visit: www.cisco.com/c/en/us/products/collateral/security/firesight-management-center/datasheet-c78-743216.html

Additionally, for virtual environments, the following options are available based on the number of managed devices. The licensing details are in Table 7.

Table 4 compares the capacities of available Threat Defense Manager virtual appliances.

Table 4.        Cisco Firewall Management Center Virtual (FMCv) Models

Performance and Functionality

FMCv

FMCv300

Maximum number of sensors managed

25

10

2

300

Maximum IPS events

10 million

60 million

Memory

32 GB

64 GB

CPU

8/4 vCPUs

32 vCPUs

Event storage space

250 GB

2.2 TB

Maximum network map size (hosts/users)

50,000/50,000

150,000/150,000

Maximum flow rate (flows per second)

Varies

12,000 fps

Hypervisor and cloud support

VMware, KVM, AWS, Azure, GCP, OCI

VMware

Supports high availability

 VMware only*

VMware only

* High Availability (HA) feature is NOT supported on FMCv2.

Shared features

      Integrated Lights-Out Management (LOM)

      Central management of Cisco next-generation security solutions: NGIPS, NGIPS plus application control, NGFW

Note:      When dealing with Cisco ASA with FirePOWER Services products, Threat Defense Manager manages only the FirePOWER portion of the deployment.

Table 5 lists the supported versions that FMC supports, along with associated hardware platforms.

Table 5.        Supported software versions and their associated platforms

Management Platform

Software Revision Level

Hardware Platform

Cisco Firepower Management Center

Cisco Firepower Threat Defense 6.x (NGFW)

ASA 5500-X (except ASA 5585-X)

Cisco 1010/1100 Series

Cisco 2100 Series

Cisco Firepower 4100 Series

Cisco Firepower 9300

ISA 3000 Series

FirePOWER Services 6.x

ASA 5500-X

Cisco Firepower NGIPS 6.x

Cisco Firepower 7000

Cisco Firepower 8000

FirePOWER Threat Defense for ISR 6.x (Cisco Firepower Services)

4000 Series ISR

ISR G2

FirePOWER Services 5.4.x

ASA 5500-X

Cisco Firepower NGIPS 5.4.x

Cisco Firepower 7000

Cisco Firepower 8000

Ordering information

Licensing

Smart Licensing is Cisco’s standard licensing system. It enables customers to easily move licenses themselves between similar systems in their organization, overcoming limitations associated with previous device-locked Product Authorization Key (PAK)-based licenses. Become familiar with the new Smart Software Licensing portion of the ordering process.

Firewall Management Center physical or virtual appliances running version 6.0 or later do not require separate management licenses. You can purchase either a physical or virtual FMC appliance. Managed devices still require classic or Smart subscription feature licenses. FMC Virtual Smart SKUs can manage any device running Threat Defense (FMC) software.

High Availability is supported for FMC virtual from version 6.7 onwards. For High Availability, you will need two licensed identical Threat Defense Manager virtual appliances. For example, to manage 10 FTD devices with an FMCv300 HA pair, you need two (2) FMCv300 entitlements and 10 FTD entitlements. The "extra" entitlements are released if you break FMCv HA. (You would then have two standalone FMCv300s.) To manage classic (NGIPS) devices, no FMCv entitlements are required.

For FMC virtual appliances, when deployed in public cloud environments, only Bring Your Own Licenses (BYOL) are supported, where an existing virtual license is required.

Cisco Smart Net Total Care support

The award-winning Cisco Smart Net Total Care technical support service gives your IT staff direct, anytime access to Cisco Technical Assistance Center (TAC) engineers and Cisco.com resources. You receive the fast, expert response and the dedicated accountability you need to resolve critical network issues.

Smart Net Total Care provides the following device-level support:

      Global access 24 hours a day, 365 days a year to specialized engineers in the Cisco TAC

      Anytime access to the extensive Cisco.com online knowledge base, resources, and tools

      Hardware replacement options that include 2-hour, 4-hour, and Next-Business-Day (NDB) advance replacement, as well as Return For Repair (RFR)

      Ongoing operating system software updates, including both minor and major releases within your licensed feature set

      Proactive diagnostics and real-time alerts on select devices with Cisco Smart Call Home

In addition, the Cisco Smart Net Total Care Onsite Service is an option that provides a field engineer who will install replacement parts at your location and help ensure that your network operates at the highest levels. For more information on Smart Net Total Care please visit: https://www.cisco.com/c/en/us/services/portfolio/product-technical-support/smart-net-total-care.html.

How to order

Table 6 provides ordering information for virtual and physical FMC appliances and spare hardware. Please consult the Cisco Network Security Ordering Guide for additional configuration options and accessories.

Table 6.        Ordering information

Cisco Threat Defense Manager - FMC (Hardware) Appliances

Part Number

Product Description

FMC1600-K9

Cisco Firepower Management Center 1600 Chassis, 1RU

FMC2600-K9

Cisco Firepower Management Center 2600 Chassis, 1RU

FMC4600-K9

Cisco Firepower Management Center 4600 Chassis, 1RU

Cisco Firepower Management Center (Hardware) Spare

FMC-M5-PS-AC-770W=

Cisco AC Power Supply 770W for FMC1600, FMC2600, FMC4600

Smart Licensing-enabled Cisco Firepower Management Center (Software) Virtual Appliance

SF-FMC-VMW-K9

Cisco Firepower Management Center (VMware) License, for 25 devices

SF-FMC-VMW-10-K9

Cisco Firepower Management Center (VMware) License, for 10 devices

SF-FMC-VMW-2-K9

Cisco Firepower Management Center (VMware) License, for 2 devices

SF-FMC-VMW-300-K9

Cisco Firepower Management Center (VMware) License, for 300 devices

SF-FMC-VMW-25-300

Upgrade SKU from FMCv25 to FMCv300 Cisco Firepower Management Center (VMware)

SF-FMC-KVM-K9

Cisco Firepower Management Center (KVM) License, for 25 devices

SF-FMC-KVM-2-K9

Cisco Firepower Management Center (KVM) License, for 2 devices

SF-FMC-KVM-10-K9

Cisco Firepower Management Center (KVM) License, for 10 devices

To place an order, visit the Cisco ordering homepage. All Smart Licensing-enabled Virtual Appliance SKUs can be used for BYOL licensing in public cloud deployments where applicable.

Warranty information

Find warranty information on Cisco.com at the Product Warranties page.

Cisco environmental sustainability

Information about Cisco’s environmental sustainability policies and initiatives for our products, solutions, operations, and extended operations or supply chain is provided in the “Environment Sustainability” section of Cisco’s Corporate Social Responsibility (CSR) Report.

Reference links to information about key environmental sustainability topics (mentioned in the “Environment Sustainability” section of the CSR Report) are provided in the following table:

Sustainability topic

Reference

Information on product material content laws and regulations

Materials

Information on electronic waste laws and regulations, including products, batteries, and packaging

WEEE compliance

Cisco makes the packaging data available for informational purposes only. It may not reflect the most current legal developments, and Cisco does not represent, warrant, or guarantee that it is complete, accurate, or up to date. This information is subject to change without notice.

Cisco Services

Cisco offers a wide range of service programs to accelerate customer success. These innovative services programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco services help you protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business. For more information about Cisco services for security, visit https://www.cisco.com/go/services/security.

Cisco Capital

Flexible payment solutions to help you achieve your objectives

Cisco Capital makes it easier to get the right technology to achieve your objectives, enable business transformation and help you stay competitive. We can help you reduce the total cost of ownership, conserve capital, and accelerate growth. In more than 100 countries, our flexible payment solutions can help you acquire hardware, software, services and complementary third-party equipment in easy, predictable payments. Learn more.

For more information

For more information, please visit the following links:

      Cisco Firepower Management Center

      Cisco Secure Firewall

      Cisco Secure IPS

      Cisco Advanced Malware Protection (AMP)

      Cisco Security Services

For information about Cisco Secure Firewall in service provider environments, please visit: https://www.cisco.com/c/en/us/solutions/enterprise-networks/service-provider-security-solutions/.

 

 

 

Our experts recommend

Learn more