Overview

Features

The Cisco Firepower 1100 security appliances are a standalone modular security services platform. They are capable of running multiple security services simultaneously and so are targeted at the data center as a multiservice platform. See Product ID Numbers for a list of the product IDs (PIDs) associated with the Firepower 1100.

The Firepower 1000 supports Cisco Firepower Threat Defense and Cisco ASA software. See the Cisco Firepower Compatibility Guide and the Cisco ASA Compatibility guide, which provide Cisco software and hardware compatibility, including operating system and hosting environment requirements, for each supported version.

The following figure shows the Cisco Firepower 1100 chassis.

Figure 1. Cisco Firepower 1100

The following table lists the features for the Firepower 1100

Table 1. Firepower 1120, 1140, and 1150 Features

Feature

1120

1140

1150

Form factor

1 RU

Mounting

Rack mount

4-post Electronic Industries Association (EIA)-310-D rack

Airflow

I/O side to non-I/O side

Rear panel to front panel (cold aisle to hot aisle)

Processor

One 12-core Intel CPU

One 16-core Intel CPU

Memory

16-GB DDR4 DRAM

32-GB DDR4 DRAM

Management port

One Gigabit Ethernet RJ-45 10/100/1000 BaseT

Restricted to network management access only

Console ports

One RJ-45 or one USB Mini B

Provides management access through an external system

USB port

One USB 3.0 Type A

Allows attachment of an external device such as mass storage

Network ports

Eight Gigabit Ethernet RJ-45 10/100/1000 BaseT

Each RJ-45 (8P8C) copper port supports auto Medium Dependent Interface Crossover (MDI/X) as well as auto-negotiation for interface speed, duplex, and other negotiated parameters, and are MDI/X-compliant.

Port numbering is left to right, top to bottom; ports are named Gigabit Ethernet 1/1 through 1/8. Each port includes a pair of LEDs, one each for connection status and link status.

Small form-factor pluggable (SFP) ports

Four fixed 1-Gbps SFP ports

Four fixed 1-Gb SFP ports

Note

 
Two of the SFP ports (ports 9 and 11) support 10 Gbps.

Supported SFPs

  • GLC-T

  • GLC-TE

  • GLC-SX-MMD

  • GLC-LH-SMD

  • GLC-EX-SMD

  • GLC-ZX-SMD

The SPFs are hot-swappable.

  • SFP-10G-SR

  • SFP-10G-SR-S

  • SFP-10G-LR

  • SFP-10G-LR-S

  • SFP-10G-ER

  • SFP-10G-ER-S

  • SFP-10G-ZR

  • SFP-10G-ZR-S

  • SFP-H10GB-CUxM

  • SFP-H10GB-ACUxM

  • SFP-10G-AOCxM

The SPFs are hot-swappable.

Power switch

Yes

On rear panel; standard rocker-type power on/off switch

Note

 
The power switch controls system power and operates as a soft notification switch that supports the graceful shutdown of the system. Graceful shutdown reduces the risk of system software and data corruption.

Reset button

Yes

A small recessed button that if pressed for longer than three seconds resets the chassis to its default state following the next reboot. Configuration variables are reset to factory default. However, the flash is not erased, and no files are removed.

AC power supply

One fixed AC power supply

The power supply is internal; there is no user access.

The power supply is not field-replaceable; you must return the chassis to Cisco for power supply replacement.

Redundant power

No

Fan

One fixed fan

The fan is internal; there is no user access.

The fan is not field-replaceable; you must return the chassis to Cisco for fan replacement.

Storage

One SSD slot

200-GB 2.5-in. SATA SSD drive

The drive is field-replaceable. See Replace the SSD for more information.

Package Contents

The following figure shows the package contents for the Firepower 1100. Note that the contents are subject to change, and your exact contents might contain additional or fewer items.

Figure 2. Firepower 1100 Package Contents

1

Chassis

2

Country-specific power cord

Optional; in package if ordered

See Power Cord Specifications for a list of supported power cords.

3

Four M4 x 8-mm Phillips screws for securing the rack-mounting bracket to the chassis

4

Two rack-mount brackets

5

Cisco Secure Firepower 1100

This document has links to the hardware installation guide, regulatory and safety information guide, and warranty and licensing information. It also contains a QR code and URL that point to the Digital Documentation Portal. The portal contains links to the product information page, the hardware installation guide, the regulatory and safety information guide, the getting started guide, and the zero-touch provisioning guide.

6

USB console cable (optional)

Type A to Mini Type B (CAB-CONS-USB-MINI)

QR Code Sticker

The QR code sticker on the rear panel of the chassis points to the Easy Deployment Guide for Cisco Secure Firewall Threat Defense with Cisco Security Cloud Control that explains zero-touch provisioning. Zero-touch provisioning allows anyone to connect a new Firepower 1100 to a network so that the IT department can on board the device to Security Cloud Control and configure it remotely. Security Cloud Control supports Firepower Threat Defense version 6.7 and later.

The following figure shows the QR code sticker.

Figure 3. QR Code Sticker

The following figure shows the placement of the QR code sticker on the rear panel of the chassis.

Figure 4. QR Code Sticker on the Chassis

1

QR code sticker

Serial Number and Digital Documentation Portal QR Code

The compliance label on the bottom of the chassis contains the chassis serial number, regulatory compliance marks, and the Digital Documentation Portal QR code that points to the getting started guide, the regulatory and compliance guide, the zero-touch provisioning guide, and the hardware installation guide.

The following figure shows an example compliance label found on the bottom of the chassis.

Figure 5. Compliance Label on the Chassis

1

Chassis model number

2

 Chassis serial number

3

Digital Documentation Portal QR code

Front Panel

The following figure shows the front panel of the Firepower 1100. Note that there are no connectors or LEDs on the front panel.

Figure 6. Firepower 1100 Front Panel

Rear Panel

The following figure shows the rear panel of the Firepower 1100. See Rear Panel LEDs for a description of the LEDs. See Features for a description of each feature. See Console Ports and USB Ports for a description of the console and USB ports.

Figure 7. Firepower 1100 Rear Panel

1

Power switch

Note

 

The power switch provides a way to gracefully shut down the system and place it in standby. The power supply and fan remain active and the fan may continue to spin at slow speed. To achieve total power shut down, unplug the power supply from the chassis.

2

Power cord socket

3

Management port

4

SFP ports (numbered 9 through 12)

5

USB Type A port

6

USB Mini B console port

7

RJ-45 (8P8C) console port

8

Network data ports

9

Status LEDs

10

Reset button

11

SSD LED

12

SSD bay

Console Ports and USB Ports

Console Ports

The Firepower 1100 has two external console ports, a standard RJ-45 port and a USB Mini B serial port. Only one console port can be active at a time. When a cable is plugged into the USB console port, the RJ-45 port becomes inactive. Conversely, when the USB cable is removed from the USB port, the RJ-45 port becomes active. The console ports do not have any hardware flow control. You can use the CLI to configure the chassis through either serial console port by using a terminal server or a terminal emulation program on a computer.

  • RJ-45 (8P8C) port—Supports RS-232 signaling to an internal UART controller. The RJ-45 console port does not support a remote dial-in modem. You can use a standard management cable (Cisco part number 72-3383-01) to convert the RJ45-to-DB9 connection if necessary.

  • USB Mini B port—Lets you connect to a USB port on an external computer. For Linux and Macintosh systems, no special driver is required. For Windows systems, you must download and install a USB driver (available on software.cisco.com). You can plug and unplug the USB cable from the console port without affecting Windows HyperTerminal operations. We recommend shielded USB cables with properly terminated shields. Baud rates for the USB console port are 1200, 2400, 4800, 9600, 19200, 38400, 57600, and 115200 bps.


Note
For Windows operating systems, you must install a Cisco Windows USB Console Driver on any PC connected to the console port before using the USB console port. See Connect to the Console Port with Microsoft Windows for information on installing the driver.
USB Ports

The chassis contains a standard USB Type A port that you can use to attach an external device. The USB port can provide output power of 5 volts, up to a maximum of 1 A (5 USB power units).

  • External USB drive (optional)—You can use the external USB Type A port to attach a data-storage device. The external USB drive identifier is disk1. When the chassis is powered on, a connected USB drive is mounted as disk1 and is available for you to use. Additionally, the file-system commands that are available to disk0 are also available to disk1, including copy, format, delete, mkdir, pwd, cd, and so on.

  • FAT-32 File System—The Firepower 1100 only supports FAT-32-formatted file systems for the external USB drive. If you insert an external USB drive that is not in FAT-32 format, the system mounting process fails, and you receive an error message. You can enter the command format disk1: to format the partition to FAT-32 and mount the partition to disk1 again; however, data might be lost.

Rear Panel LEDs

The following figure shows the LEDs on the rear panel of the Firepower 1100 and describes their states.

Figure 8. Firepower 1100 Rear Panel LEDs

1

Network

Status of the network ports:

Link status (L):

  • Off—No link, or port is not in use.

  • Green—Link established.

  • Green, flashing—Link activity.

2

Network

Status of the network ports:

Connection-speed status (S):

  • Green, flashing—One flash every three seconds = 10 Mbps.

  • Green, flashing—Two rapid flashes = 100 Mbps.

  • Green, flashing—Three rapid flashes = 1000 Mbps.

3

SFP

Status of the SFP transceiver:

Link status (L):

  • Off—No SFP.

  • Amber—SFP present, but no link.

  • Green, flashing—Link established and transmitting.

4

Power

Power supply status:

  • Off —Power supply off.

  • Green—Power supply on.

5

Status

System operating status:

  • Off—System has not booted up yet.

  • Green, flashing quickly—System is booting up.

  • Green—Normal system function.

  • Amber—Critical alarm indicating one or more of the following:

    • Major failure of a hardware or software component.

    • Over-temperature condition.

    • Power voltage outside the tolerance range.

  • Green, flashing slowly (twice in 5 seconds)—Cloud connected.

    Note

     
    Security Cloud Control is valid for FTD 6.7 and later.

  • Green and amber, flashing—Cloud connection failure.

  • Green—Cloud disconnected.

Note

 
The Security Cloud Control LED pattern applies to zero-touch provisioning. See the Easy Deployment Guide for Cisco Secure Firewall Threat Defense with Cisco Security Cloud Control for more information.

6

Active

Status of the failover pair:

  • Off— Failover is not operational.

  • Green—Failover pair operating normally. The LED is green always unless the chassis in a high availability pair.

  • Amber—When the chassis is in a high availability pair, the LED is amber for the standby unit.

Note

 

For Active-Active cases with multi-context enabled, since there will be multiple groups with Active and Standby units, any unit can be in the Active or Standby state in each group, thus the LED behavior is not deterministic. Therefore, you must ignore the LED status for Active-Active cases.

7

SSD

Status of the SSD:

  • Off— No SSD present.

  • Green—SSD detected.

  • Green, flashing—Activity on the SSD.

Note

 

See Replace the SSD for the procedure for replacing a failed SSD.

Supported Transceivers

The SFP transceiver is a bidirectional device with a transmitter and receiver in the same physical package. It is a hot-swappable optical or electrical (copper) interface that plugs into the SFP ports on the fixed ports and the network module ports, and provides Ethernet connectivity.


Note

When using fiber-based optics, make sure that the same SFP type is used on both sides of the cable because speed is not negotiated when using SFP transceivers. This is true for both copper SFPs (the exception being that the GLC-T RJ45-based copper SFPs can negotiate speed) and fiber SFPs. If a port is configured for sfp-detect, then the software configures the port’s speed to match the speed capability of the SFP. For dual-rate SFPs, when sfp-detect is configured, the port is always configured for the highest supported speed of the port. For example, a port that has a 10/25-Gbps SFP installed is configured to operate at 25 Gbps when sfp-detect is configured.

See Cisco SFP Modules for Gigabit Ethernet Applications Data Sheet for more information.

Figure 9. SFP Transceiver

1

Dust plug

2

Bail clasp

3

Receive optical bore

4

Transmit optical bore

Safety Warnings

Take note of the following warnings:


Warning

Statement 1055—Class 1/1M Laser

Invisible laser radiation is present. Do not expose to users of telescopic optics. This applies to Class 1/1M laser products.


Warning

Statement 1056—Unterminated Fiber Cable

Invisible laser radiation may be emitted from the end of the unterminated fiber cable or connector. Do not view directly with optical instruments. Viewing the laser output with certain optical instruments, for example, eye loupes, magnifiers, and microscopes, within a distance of 100 mm, may pose an eye hazard.


Warning

Statement 1057—Hazardous Radiation Exposure

Use of controls, adjustments, or performance of procedures other than those specified may result in hazardous radiation exposure.


Warning

Use appropriate ESD procedures when inserting the transceiver. Avoid touching the contacts at the rear, and keep the contacts and ports free of dust and dirt. Keep unused transceivers in the ESD packing that they were shipped in.


Caution

Although non-Cisco are allowed, we do not recommend using them because they have not been tested and validated by Cisco. Cisco TAC may refuse support for any interoperability problems that result from using an untested third-party SFP transceiver.

The following table lists the SFPs that are supported on the Firepower 1120, 1140, and 1150 fixed ports.

Table 2. FPR1120, FPR1140, and FPR1150 Fixed Ports

Port Type

Transceiver PID

First Supported Release

Fixed SFP ports

  • GLC-T

  • GLC-TE

  • GLC-SX-MMD

  • GLC-LH-SMD

  • GLC-EX-SMD

  • GLC-ZX-SMD

Threat Defense 6.4/ASA 9.15

The following table lists the SFPs that are supported on the Firepower 1150 fixed ports.

Table 3. FPR1150 Fixed Ports

Port Type

Transceiver PID

First Supported Release

Fixed SFP ports

  • SFP-10G-SR

  • SFP-10G-SR-S

  • SFP-10G-LR

  • SFP-10G-LR-S

  • SFP-10G-ER

  • SFP-10G-ER-S

  • SFP-10G-ZR

  • SFP-10G-ZR-S

  • SFP-H10GB-CUxM

  • SFP-H10GB-ACUxM

  • SFP-10G-AOCxM

Threat Defense 6.4/ASA 9.15

Hardware Specifications

The following table contains hardware specifications for the Firepower 1100.

Table 4. Hardware Specifications

Specification

1120

1140

1150

Dimensions (H x W x D)

1.72 x 10.58 x 17.2 inches (4.37 x 26.87 x 43.69 cm)

Weight

8 lb (3.63 kg)

Temperature

Operating: 32 to 104⁰F (0 to 40⁰C)

Derate the maximum operating temperature 1.5⁰C per 1000 ft above sea level.

Nonoperating: -13 to 158°F (-25 to 70°C) maximum altitude is 40,000 ft

Humidity

Operating: 90%

Nonoperating: 10 to 90%

Altitude

Operating: 0 to 3,000 (0 to 9843 m)

Nonoperating: 0 to 15,000 ft (0 to 4570 m)

Acoustic noise

56.8 dBa (sound pressure) at maximum fan speed at 40C

31.7 dBa at room temperature

56.8 dBa (sound pressure) at maximum fan speed at 40C

34.2 dBa at room temperature

Product ID Numbers

The following table lists the field-replaceable PIDs associated with the Firepower 1100. The spare components are ones that you can order and replace yourself. If any internal components fail, you must get a return material authorization (RMA) for the entire chassis. See the Cisco Returns Portal for more information.


Note

See the show inventory command in the Cisco Firepower Threat Defense Command Reference or the Cisco ASA Series Command Reference to display a list of the PIDs for your Firepower 1100.

Table 5. Firepower 1100 Series PIDs

PID

Description

FPR1120-NGFW-K9

Cisco Firepower 1120 NGFW appliance

FPR1140-NGFW-K9

Cisco Firepower 1140 NGFW appliance

FPR1150-NGFW-K9

Cisco Firepower 1150 NGFW appliance

FPR1K-RM-SSD200

Cisco Firepower 1100 200-GB drive

FPR1K-RM-SSD200=

Cisco Firepower 1100 200-GB drive (spare)

FPR1K-CBL-MGMT

Cisco Firepower 1100 cable-management brackets

FPR1K-CBL-MGMT=

Cisco Firepower 1100 cable-management brackets (spare)

FPR1K-RM-ACY-KIT

Cisco Firepower 1100 accessory kit

FPR1K-RM-BRKT=

Cisco Firepower 1100 rack-mount brackets (spare)

FPR1K-RM-FIPS-KIT

Cisco Firepower 1100 FIPS kit

Power Cord Specifications

Each power supply has a separate power cord. Standard power cords or jumper power cords are available for connection to the security appliance. The jumper power cords for use in racks are available as an optional alternative to the standard power cords.

If you do not order the optional power cord with the system, you are responsible for selecting the appropriate power cord for the product. Using a incompatible power cord with this product may result in electrical safety hazard. Orders delivered to Argentina, Brazil, and Japan must have the appropriate power cord ordered with the system.


Note

Only the approved power cords or jumper power cords provided with the chassis are supported.

The following power cords are supported.

Figure 10. Argentina (CAB-ACR)

1

Plug: VA2073

2

Cord set rating: 10 A, 250 V

3

Connector: V1625
Figure 11. Australia/New Zealand (CAB-ACA)

1

Plug: AU10LS3

2

Cord set rating: 10 A, 250 V

3

Connector: V1625
Figure 12. Brazil (CAB-C13-ACB)

1

Plug: NBR 14136

2

Cord set rating: 10 A, 250 V

3

Connector: EL 701B (EN 60320/C13)
Figure 13. China (CAB-ACC)

1

Plug: V3203C

2

Cord set rating: 10 A, 250 V

3

Connector: V1625
Figure 14. Europe (CAB-ACE)

1

Plug: M2511

2

Cord set rating: 16 A, 250 V

3

Connector: V1625
Figure 15. India (CAB-IND-10A)

1

Plug: IA16A3-C

2

Cord set rating: 16 A, 250 V

3

Connector: V1625BS-E
Figure 16. Italy (CAB-ACI)

1

Plug: IT10S3

2

Cord set rating: 10 A, 250 V

3

Connector: V1625
Figure 17. Japan (CAB-C13-C14-2M-JP) PSE Mark

1

IEC 60320-2-2/E

2

Cord set rating: 10 A, 250 V

3

Connector: IEC 60320/C13

Cord length: 2 m
Figure 18. Japan (CAB-JPN-3PIN)

1

Plug: M744

2

Cord set rating: 12 A, 125 V

3

Connector: V1625
Figure 19. Jumper (CAB-C13-C14-2M)

1

IEC 60320/C14G

2

Cord set rating: 10 A, 250 V

3

Connector: IEC 60320/C13

Cord length: 2.5 m
Figure 20. Korea (CAB-AC-C13-KOR)

1

Plug: M2511

2

Cord set rating: 10 A, 250 V

3

Connector: V1625
Figure 21. North America (CAB-AC)

1

Plug: PS204

2

Cord set rating: 10 A, 250 V

3

Connector: V1625
Figure 22. South Africa (AIR-PWR-CORD-SA)

1

Plug: SA16A

2

Cord set rating: 10 A, 250 V

3

Connector: V1625
Figure 23. Switzerland (CAB-ACS)

1

Plug: SW10ZS3

2

Cord set rating: 10 A, 250 V

3

Connector: V1625
Figure 24. Taiwan (CAB-ACTW)

1

Plug: EL 302 (CNS10917)

2

Cord set rating: 10 A, 125 V

3

Connector: EL 701 (EN 60320/C13)
Figure 25. United Kingdom (CAB-ACU)

1

Plug: 3P BS 1363

2

Cord set rating: 10 A, 250 V

3

Connector: IEC 60320/C13