Overview

Features

The Cisco Firepower 2100 series security appliance is a standalone modular security services platform. The series includes the Firepower 2110, 2120, 2130, and 2140. See Product ID Numbers for a list of the product IDs (PIDs) associated with the 2100 series.

The Firepower 2100 series supports Cisco Firepower Threat Defense and Cisco ASA software. See the Cisco Firepower Compatibility Guide and the Cisco ASA Compatibility guide, which provide Cisco software and hardware compatibility, including operating system and hosting environment requirements, for each supported version.


Note


Threat Defense Version 7.4 and ASA Version 9.20 are the final supported software versions for the Firepower 2100 series.


The following figures show the Firepower 2100 series.
Figure 1. Firepower 2110 and 2120
Figure 2. Firepower 2130 and 2140

The following table lists the features for the Firepower 2100 series.

Table 1. Firepower 2100 Series Features

Feature

2110

2120

2130

2140

Form factor

1 RU

Fits a standard 19-inch (48.3-cm) square-hole rack

Rack mount

Two 2-post mount brackets

(Optional) 4-post Electronic Industries Association (EIA)-310-D rack

4-post EIA-310-D rack

(Optional) Two 2-post mount brackets

Airflow

Front to rear

Cold aisle (front panel) to hot aisle (I/O side)

System memory

16 GB

32 GB

64 GB

Cavium NPU RAM

8 G

16G

Flash

8 G (nominal)

Maximum number of interfaces

16

24

Management port

1 Gigabit Ethernet (10 M/100 M/1 G Base-T)

Console port

One Cisco Serial (RS-232 on RJ-45)

USB port

USB 2.0 Type A (500 mA)

Network ports

12 fixed RJ-45 1 G/100 M/10 M ports (named Ethernet 1/1 through 1/12 )

Small form-factor pluggable (SFP) ports

Four fixed 1-Gbps SFP ports

Four fixed 1/10-Gbps SFP+ ports

Pullout asset card

Displays serial number

Grounding lug

On rear panel

Locator beacon

On front panel

Power switch

On rear panel

Network module slots

No

One

Not hot-swappable

Network modules

—

  • 8-port 1-Gbps SFP (FPR2K-NM-8X1G)

  • 8-port 10-Gbps SFP+ (FPR2K-NM-8X10G)

  • 8-port 1-Gbps copper with hardware bypass (FPR-NM-8X1G-F)

  • 6-port 1-Gbps SX fiber SFP (built-in) with hardware bypass (FPR2K-NM-6X1SX-F)

  • 6-port 10-Gbps SR fiber SFP+ (built-in) with hardware bypass (FPR2K-NM-6X10SR-F)

  • 6-port 10-Gbps LR fiber SFP+ (built-in) with hardware bypass (FPR2K-NM-6X10LR-F)

AC power supply

One fixed AC power supply module

Two power supply slots

Ships with one 400-W AC power supply module

Hot-swappable

Two power supply slots

Ships with two 400-W AC power supply modules

Hot-swappable

DC power supply

No

Yes (optional)

Redundant power

No

Yes

Fan

Two fixed fans

Internal component only; not field-replaceable

One hot-swappable fan tray with four fans

Storage

Two SSD slots (100 GB )

Ships with one 100-GB SSD installed in slot 1

Note

 

We may ship larger capacity SSDs depending on component supply availability. The larger capacity SSDs are formatted to 100-GB for the Firepower 2110 and 2120.

Slot 2 is reserved for the Malware Storage Pack (MSP).

Two SSD slots (200 GB )

Ships with one 200-GB SSD installed in slot 1

Note

 

We may ship larger capacity SSDs depending on component supply availability. The larger capacity SSDs are formatted to 200-GB for the Firepower 2130 and 2140.

Slot 2 is reserved for the MSP.

MSP

Installed in SSD slot 2

Network Equipment Building Systems (NEBS) certification

—

—

Certified

—

Package Contents

The following figure shows the package contents for the Firepower 2110 and 2120. The contents are subject to change and your exact contents will contain additional or fewer items depending on whether you order the optional parts. See Product ID Numbers for a list of the PIDs associated with the Firepower 2110 and 2120 package contents.


Note


There are three sets of four screws that you can use to secure the chassis to your rack. Chose the screws that fit your rack.
Figure 3. Firepower 2110 and 2120 Package Contents

1

Firepower 2110 or 2120 chassis

2

Console cable RJ-45 to DB-9

3

One power cord (country-specific)

See Power Cord Specifications for the list of supported power cords.

4

SFP transceiver

(Optional; in package if ordered)

5

Two rack-mount brackets and six Phillips 8-32 x 0.281-inch screws

6

One ground lug kit

  • One #6 AWG, 90 degree, #10 post ground lug

  • Two 10-32 x 0.38-inch Phillips screws

7

Cable management bracket kit

  • Two cable management brackets

  • Four 8-32 x 0.375-inch Phillips screws

(Optional; in package if ordered)

8

Cisco Secure Firepower 2100

This document has links to the hardware installation guide, regulatory and safety information guide, and warranty and licensing information. It also contains a QR code and URL that point to the Digital Documentation Portal. The portal contains links to the product information page, the hardware installation guide, the regulatory and safety information guide, the getting started guide, and the zero-touch provisioning guide.

9

Rack-mount screws:

  • Four 12-24 x 0.75-inch Phillips screws for securing the chassis to your rack

  • Four 10-32 x 0.75-inch Phillips screwsfor securing the chassis to your rack

  • Four M6 x 1 x 19-mm Phillips screws for securing the chassis to your rack

—

The following figure shows the package contents for the Firepower 2130 and 2140. The contents are subject to change and your exact contents will contain additional or fewer items depending on whether you order the optional parts. See Product ID Numbers for a list of the product IDs (PIDs) associated with the Firepower 2130 and 2140 package contents.

Figure 4. Firepower 2130 and 2140 Package Contents

1

Firepower 2130 or 2140 chassis

2

Console cable RJ-45 to DB-9

3

One or two power cords (country-specific)

See Power Cord Specifications for a list of supported power cords.

4

SFP transceiver

(Optional; in package if ordered)

5

Slide rail kit

  • Left and right slide rails

  • Two M3 x 0.5 x 6-mm Phillips screws

6

Six 8-32 x 0.25-inch slide rail locking bracket Phillips screws

7

Two slide rail locking brackets

8

One ground lug kit

  • One #6 AWG, 90 degree, #10 post ground lug

  • Two 10-32 x 0.38-inch Phillips screws

9

Cable management bracket kit

  • Two cable management brackets

  • Four 8-32 x 0.375-inch Phillips screws

(Optional; in package if ordered)

10

Cisco Secure Firepower 2100

This document has links to the hardware installation guide, regulatory and safety information guide, and warranty and licensing information. It also contains a QR code and URL that point to the Digital Documentation Portal. The portal contains links to the product information page, the hardware installation guide, the regulatory and safety information guide, the getting started guide, and the zero-touch provisioning guide.

11

Two power supply module tie wraps and clamps

—

QR Code Sticker

The QR code sticker on the front panel of the chassis points to the Easy Deployment Guide for Cisco Secure Firewall Threat Defense with Security Cloud Control that explains zero-touch provisioning (ZTP). ZTP allows anyone to connect a new Firepower 2100 to a network so that the IT department can on board the device to Security Cloud Control and configure it remotely. Security Cloud Control supports Firepower Threat Defense (FTD) version 6.7 and later.

The following figure shows the QR code sticker.

Figure 5. QR Code Sticker

The following figure shows the placement of the QR code sticker on the front panel of the Firepower 2100 chassis.

Figure 6. QR Code Sticker on the Firepower 2100 Front Panel

1

QR code sticker

—

Serial Number Location

The serial number for the Firepower 2100 series chassis is located on the pullout asset card on the front panel.

Figure 7. Serial Number on the Chassis

You can also view additional model information on the compliance label located on the bottom of the chassis.

Figure 8. Compliance Label on the Chassis

Front Panel

The following figure shows the front panel of the Firepower 2110 and 2120. See Front Panel LEDs for a description of the LEDs.

Figure 9. Firepower 2110 and 2120 Front Panel

1

Power LED

2

Gigabit Ethernet management port:

  • Firepower Threat Defense—Management 0 (also referred to as Management 1/1 and Diagnostic 1/1)

  • ASA—Management 1/1

3

12 RJ-45 1 G/100 M/10 M auto duplex/auto MDI-X Base-T ports

Ethernet 1/1 through 1/12 labeled top to bottom, left to right

4

SSD 1 (slot 1)

5

Locator LED

6

System LEDs

7

Type A USB 2.0 port

8

RJ-45 console port

9

Pullout asset card with chassis serial number

10

Four fixed SFP (1 Gbps) ports

Fiber ports 1/13 through 1/16 labeled left to right

11

SSD (slot 2)

—

The following figure shows the front panel of the Firepower 2130 and 2140. See Front Panel LEDs for a description of the LEDs.

Figure 10. Firepower 2130 and 2140 Front Panel

1

Power LED

2

Locator LED

3

Gigabit Ethernet management port:

  • Firepower Threat Defense—Management 0 (also referred to as Management 1/1 and Diagnostic 1/1)

  • ASA—Management 1/1

4

12 RJ-45 1 G/100 M/10 M auto duplex/auto MDI-X Base-T ports

Ethernet 1/1 through 1/12 labeled top to bottom, left to right

5

SSD 1

6

SSD 2

7

System LEDs

8

Type A USB 2.0 port

9

RJ-45 console port

10

Pullout asset card with chassis serial number

11

Four fixed SFP+ (1/10 Gbps) ports

Fiber ports 1/13 through 1/16 labeled left to right

12

Network module (network module slot 1)

Management Port

The Firepower 2100 chassis has an RJ-45 copper management port.

RJ-45 Console Port

The Firepower 2100 chassis has a standard RJ-45 console port. You can use the CLI to configure your Firepower 2100 through the RJ-45 serial console port by using a terminal server or a terminal emulation program on a computer.

The RJ-45 (8P8C) port supports RS-232 signaling to an internal UART controller. The console port does not have any hardware flow control, and does not support a remote dial-in modem. The baud rate is 9600. You can use the cable found in your accessory kit to convert the RJ-45 to DB-9 if necessary.

Type A USB Port

You can use the external Type A USB port to attach a data-storage device. The external USB drive identifier is usbA:. The Type A USB port supports the following:

  • Hot swapping

  • USB drive formatted with FAT32

  • Boot kickstart image from ROMMON for discovery recovery purposes

  • Copy files to and from workspace:/ and volatile:/ within local-mgmt. The most relevant files are:

    • Core files

    • Ethanalyzer packet captures

    • Tech-support files

    • Security module log files

  • Platform bundle image upload using download image usbA:

The Type A USB port does not support Cisco Secure Package (CSP) image upload support.

Network Ports

The Firepower 2100 chassis has 12 fixed RJ-45 1 G/100 M/10 M) ports. They are numbered from top to bottom, left to right starting with 1 and are named Ethernet 1/1 through Ethernet 1/12.

The Firepower 2110 and 2120 also have four fixed SFP (1 Gbps) ports, and the Firepower 2130 and 2140 have four fixed SFP+ (1/10 Gbps) ports. They are fiber ports numbered left to right (1/13 through 1/16).

Each port has LEDs that represent Link/Activity status.

Front Panel LEDs

The following figure shows the Firepower 2110 and 2120 front panel LEDs.

Figure 11. Firepower 2110 and 2120 Front Panel LEDs

1

PWR

  • Off—Input power is not detected. Standby power is off.

  • Green, flashing—System has detected a power switch toggle event, and initiated the shutdown sequence.

    Note

     

    If the power switch is in the OFF position, the system powers off after shutdown is completed. Do not remove the AC or DC power source while this LED is blinking so that the system has time to perform a graceful shutdown.

  • Amber—System is powering up (before the BIOS boots). This takes one to five seconds at most.

  • Green—System is fully powered up.

2

Ethernet Link

  • Green—The link partner is detected; no activity.

  • Green, flashing—Network activity is detected.

3

Ethernet Speed

  • Green, flashing—The number of flashes determines link speed; 1 flash=10 Mbit, 2=100 Mbit, 3=1 Gbit.

4

Locator

  • Off—Locate is off.

  • Blue—Locate is on.

Note

 

The Locator LED helps you locate a unit that needs physical service attention. This feature is activated in the software.

5

SYS (Health)

  • Off—System has not booted up yet.

  • Green, flashing quickly—System is booting up.

  • Green—Normal system function.

  • Amber—System boot up has failed.

  • Amber, flashing—Alarm condition, system needs service or attention and may not boot properly.

  • Green, flashing slowly (twice in 5 seconds)—Cloud connected.

    Note

     
    Security Cloud Control is valid for FTD 6.7 and later.
  • Green and amber, flashing—Cloud connection failure.

  • Green—Cloud disconnected.

Note

 
The Security Cloud Control LED pattern applies to zero-touch provisioning (ZTP). See the Easy Deployment Guide for Cisco Secure Firewall Threat Defense with Cisco Defense Orchestrator for more information.

6

ACT (Role of a high-availability pair)

  • Off—Unit is not configured or enabled in a high-availability pair.

  • Green—Unit is in active mode.

  • Amber—Unit is in standby mode.

7

SSD1

  • Off—SSD is not present.

  • Green—SSD is present; no activity.

  • Green, flashing—SSD is active.

8

SSD2

  • Off—SSD is not present.

  • Green—SSD is present; no activity.

  • Green, flashing—SSD is active.

9

Fiber Port

  • Green—Port is enabled, the link partner is detected.

  • Amber—Port is enabled, but the link partner is not detected.

  • Green, flashing—Port is enabled; network activity is detected.

10

FAN

  • Off—Environmental subsystem is not active yet.

  • Green—Fans are running normally. It may take up to one minute for the LED status to turn green after power is on.

  • Amber—One fan has failed. The system can continue to operate normally, but fan service is required.

  • Amber, flashing—Two or more fans have failed, or the fan tray has been removed from the system. Immediate attention is required.

11

SSD1 Alert Status

  • Off—SSD has normal activity.

  • Amber—SSD failure.

12

SSD2 Alert Status

  • Off—SSD has normal activity.

  • Amber—SSD failure.

The following figure shows the Firepower 2130 and 2140 front panel LEDs.

Figure 12. Firepower 2130 and 2140 Front Panel LEDs

1

Power

  • Off—Input power is not detected. Standby power is off.

  • Green, flashing—The system has detected a power switch toggle event, and initiated the shutdown sequence. If the power switch is in the OFF position, the system powers off after shutdown is completed. Do not remove the AC or DC power source while this LED is blinking so that the system has time to perform a graceful shutdown.

  • Amber—The system is powering up (before the BIOS boots). This takes one to five seconds at most.

  • Green—The system is fully powered up.

2

Locator

  • Off—Locate is off.

  • Blue—Locate is on.

Note

 

The Locator LED helps you locate a unit that needs physical service attention. This feature is activated in the software.

3

Ethernet Link

  • Green—The link partner is detected; no activity.

  • Green, flashing—Network activity is detected.

4

Ethernet Speed

  • Green, flashing—The number of flashes determines link speed; 1 flash=10 Mbit, 2=100 Mbit, 3=1 Gbit.

5

SYS (Health)

  • Off—System has not booted up yet.

  • Green, flashing quickly—System is booting up.

  • Green—Normal system function.

  • Amber—System boot up has failed.

  • Amber, flashing—Alarm condition, system needs service or attention and may not boot properly.

  • Green, flashing slowly (twice in 5 seconds)—Cloud connected.

    Note

     
    Security Cloud Control is valid for FTD 6.7 and later.
  • Green and amber, flashing—Cloud connection failure.

  • Green—Cloud disconnected.

Note

 
The Security Cloud Control LED pattern applies to low touch provisioning (LTP). See the Firepower Easy Deployment Guide for Cisco Firepower 1000 or 2100 Firewalls for more information.

6

ACT (Role of a high-availability pair)

  • Off—The unit is not configured or enabled in a high-availability pair.

  • Green—The unit is in active mode.

  • Amber—The unit is in standby mode.

7

SSD1

  • Off—The SSD is not present.

  • Green—The SSD is present; no activity.

  • Green, flashing—The SSD is active.

8

SSD2

  • Off—The SSD is not present.

  • Green—The SSD is present; no activity.

  • Green, flashing—The SSD is active.

9

Fiber Port

  • Green—Port is enabled, the link partner is detected.

  • Amber—Port is enabled, but the link partner is not detected.

  • Green, flashing—Port is enabled; network activity is detected.

10

PSU-1

  • Off—The power supply module is not present or not detected.

  • Green—The power supply module is present and working properly.

  • Amber—The power supply module is present but a fault or problem has been detected.

11

PSU-2

  • Off—The power supply module is not present or not detected.

  • Green—The power supply module is present and working properly.

  • Amber—The power supply module is present but a fault or problem has been detected.

12

FAN

  • Off—The environmental subsystem is not active yet.

  • Green—The fans are running normally. It may take up to one minute for the LED status to turn green after power is on.

  • Amber—One fan has failed. The system can continue to operate normally, but fan service is required.

  • Amber, flashing—Two or more fans have failed, or the fan tray has been removed from the system. Immediate attention is required.

13

SSD1 Alert Status

  • Off—SSD has normal activity.

  • Amber—SSD failure.

14

SSD2 Alert Status

  • Off—SSD has normal activity.

  • Amber—SSD failure.

Rear Panel

The following figure shows the rear panel of the Firepower 2110 and 2120.

Figure 13. Firepower 2110 and 2120 Rear Panel

1

Power on/off switch

2

Fixed power supply module

3

Fixed fans

4

Two-post grounding pad

Note

 

The two-post grounding lug is included in the accessory kit.

The following figure shows the rear panel of the Firepower 2130 and 2140.

Figure 14. Firepower 2130 and 2140 Rear Panel

1

Power on/off switch

2

Power supply module 1 FAIL LED

3

Power supply module 2 FAIL LED

4

Power supply module 1

5

Power supply module 1 OK LED

6

Fan tray

7

Power supply module 2

8

Power supply module 2 OK LED

9

Two-post grounding pad

Note

 

The two-post grounding lug is included in the accessory kit.

Power Switch

The power switch is located to the left of power supply module 1 on the rear of the chassis. It is a toggle switch that controls power to the system. If the power switch is in standby position, only the 3.3-V standby power is enabled from the power supply module and the 12-V main power is OFF. When the switch is in the ON position, the 12-V main power is turned on and the system boots.

Before you move the power switch to the OFF position, use the shutdown commands so that the system can perform a graceful shutdown. This may take several minutes to complete. After the graceful shutdown is complete, the console displays It is safe to power off now. The front panel blue locator beacon LED lights up indicating the system is ready to be powered off. You can now move the switch to the OFF position. The front panel PWR LED flashes momentarily and turns off.

See Front Panel LEDs for the PWR LED description. See the FXOS Configuration Guide for more information on using the shutdown commands.


Note


On the Firepower 2130 and 2140, the OK LEDs on the rear power supplies flash after the switch is turned off; this is expected behavior.



Caution


If you move the power switch to the OFF position before the shutdown command sequence is complete or if you remove the system power cords before the graceful shutdown is complete, disk corruption can occur.



Note


After removing power from the chassis by unplugging the power cord, wait at least 10 seconds before turning power back ON.


For More Information

Network Modules

The Firepower 2130 and 2140 contain one network module slot that provides optical or electrical network interfaces. Network modules are optional, removable I/O modules that provide either additional ports or different interface types. The Firepower network module plugs into the chassis on the front panel.

For More Information

8-Port 1-Gbps Network Module (FPR2K-NM-8X1G)

The following figure shows the front panel of the 1-Gbps network module (FPR2K-NM-8X1G). The eight ports are numbered from top to bottom, left to right.


Note


Make sure you have the correct firmware package and software version installed to support this network module. See Cisco FXOS Troubleshooting Guide for the Firepower 1000/2100 with Firepower Threat Defense for the procedure to verify your firmware package and software version. See Cisco Firepower 2100 ASA Platform Mode FXOS Configuration Guide for the procedure to upgrade the firmware package for the Firepower 2100 running ASA with FXOS. See the Cisco Firepower Compatibility Guide and the Cisco ASA Compatibility guide, which provide Cisco software and hardware compatibility, including operating system and hosting environment requirements, for each supported version



Note


The FPR2K-NM-8X1G is NEBS-compliant.



Note


You can fit four copper SFPs in either the top row of ports or the bottom row of ports. Both rows cannot be populated at the same time, because of the port row spacing.


Figure 15. FPR2K-NM-8X1G

1

Captive screw/handle

2

Ethernet X/1

3

Ethernet X/3

4

Ethernet X/5

5

Ethernet X/7

6

Ethernet X/2

7

Ethernet X/4

8

Ethernet X/6

9

Ethernet X/8

10

Network activity LEDs

  • Off—No connection or port is not in use.

  • Amber—No link or network failure.

  • Green—Link up.

  • Green, flashing—Network activity.

For More Information

8-Port 10-Gbps Network Module (FPR2K-NM-8X10G)

The following figure shows the front panel of the 8-port 10-Gbps single-wide network module (FPR2K-NM-8X10G). The eight ports are numbered from top to bottom, left to right. This network module is first supported on FTD Version 6.4 and ASA Version 9.14.


Note


Make sure you have the correct firmware package and software version installed to support this network module. See Cisco FXOS Troubleshooting Guide for the Firepower 1000/2100 with Firepower Threat Defense for the procedure to verify your firmware package and software version. See Cisco Firepower 2100 ASA Platform Mode FXOS Configuration Guide for the procedure to upgrade the firmware package for the Firepower 2100 running ASA with FXOS. See the Cisco Firepower Compatibility Guide and the Cisco ASA Compatibility guide, which provide Cisco software and hardware compatibility, including operating system and hosting environment requirements, for each supported version



Note


The FPR2K-NM-8X10G is NEBS-compliant.



Note


You can fit four copper SFPs in either the top row of ports or the bottom row of ports. Both rows cannot be populated at the same time, because of the port row spacing.


Figure 16. FPR2K-NM-8X10G

1

Captive screw/handle

2

Ethernet X/1

3

Ethernet X/3

4

Ethernet X/5

5

Ethernet X/7

6

Ethernet X/2

7

Ethernet X/4

8

Ethernet X/6

9

Ethernet X/8

10

Network activity LEDs

  • Off—No connection or port is not in use.

  • Amber—No link or network failure.

  • Green—Link up.

  • Green, flashing—Network activity.

Hardware Bypass Network Modules

Hardware bypass (also known as fail-to-wire) is a physical layer (Layer 1) bypass that allows paired interfaces to go into bypass mode so that the hardware forwards packets between these port pairs without software intervention. Hardware bypass provides network connectivity when there are software or hardware failures. Hardware bypass is useful on ports where the Firepower security appliance is only monitoring or logging traffic. The hardware bypass network modules have an optical switch that is capable of connecting the two ports when needed. The hardware bypass network modules have built-in SFPs.

Hardware bypass is supported only on a fixed set of ports. You can pair Port 1 with Port 2, Port 3 with Port 4, but you cannot pair Port 1 with Port 4 for example.


Note


When the appliance switches from normal operation to hardware bypass or from hardware bypass back to normal operation, traffic may be interrupted for several seconds. A number of factors can affect the length of the interruption; for example, behavior of the optical link partner such as how it handles link faults and debounce timing; spanning tree protocol convergence; dynamic routing protocol convergence; and so on. During this time, you may experience dropped connections.


There are three configuration options for hardware bypass network modules:

  • Passive interfaces—Connection to a single port.

    For each network segment you want to monitor passively, connect the cables to one interface. This is how the nonhardware bypass network modules operate.

  • Inline interfaces—Connection to any two like ports (10 Gb to 10 Gb for example) on one network module, across network modules, or fixed ports.

    For each network segment you want to monitor inline, connect the cables to pairs of interfaces.

  • Inline with hardware bypass interfaces—Connection of a hardware bypass paired set.

    For each network segment that you want to configure inline with fail-open, connect the cables to the paired interface set.

    For the 40-Gb network module, you connect the two ports to form a paired set. For the 1/10-Gb network modules, you connect the top port to the bottom port to form a hardware bypass paired set. This allows traffic to flow even if the security appliance fails or loses power.


Note


If you have an inline interface set with a mix of hardware bypass and nonhardware bypass interfaces, you cannot enable hardware bypass on this inline interface set. You can only enable hardware bypass on an inline interface set if all the pairs in the inline set are valid hardware bypass pairs.


For More Information

6-Port 1-Gbps SX/10-Gbps SR/10-Gbps LR Network Module with Hardware Bypass

The following figure shows the front panel of the 1-Gbps SX, 10-Gbps SR and 10-Gbps LR hardware bypass network modules (FPR4K-NM-6X1SX-F, FPR2K-NM-6X1SX-F, FPR4K-NM-6X10SR-F, FPR2K-NM-6X10SR-F, FPR4K-NM-6X10LR-FFPR2K-NM-6X10LR-F). This is a single-wide module that does not support hot swapping. The six ports are numbered from top to bottom, left to right. Pair ports 1 and 2, 3 and 4, and 5 and 6 to form hardware bypass paired sets.


Note


Make sure you have the correct firmware package and software version installed to support this network module. See Cisco FXOS Troubleshooting Guide for the Firepower 1000/2100 with Firepower Threat Defense for the procedure to verify your firmware package and software version. See Cisco Firepower 2100 ASA Platform Mode FXOS Configuration Guide for the procedure to upgrade the firmware package for the Firepower 2100 running ASA with FXOS. See the Cisco Firepower Compatibility Guide and the Cisco ASA Compatibility guide, which provide Cisco software and hardware compatibility, including operating system and hosting environment requirements, for each supported version


Figure 17. FPR2K-NM-6X1SX-F, FPR2K-NM-6X10SR-F, FPR2K-NM-6X10LR-F

1

Captive screw/handle

2

Six network activity LEDs:

  • Amber—No connection, or port is not in use, or no link or network failure.

  • Green—Link up, no network activity.

  • Green, flashing—Network activity.

3

Ethernet X/1 (top port)

Ethernet X/2 (bottom port)

Ports 1 and 2 are paired together to form a hardware bypass pair.

4

Ethernet X/3 (top port)

Ethernet X/4 (bottom port)

Ports 3 and 4 are paired together to form a hardware bypass pair.

5

Ethernet X/5 (top port)

Ethernet X/6 (bottom port)

Ports 5 and 6 are paired together to form a hardware bypass pair.

6

Bypass LEDs B1 through B3:

  • Green—In standby mode.

  • Amber, flashing—Port is in hardware bypass mode, failure event.

The 1-Gbps SX /10-Gbps SR/10-Gbps LR network modules have the following insertion loss measurements. Insertion loss measurements help you to troubleshoot the network by verifying cable installation and performance.

Table 2. 1-Gbps SX Network Module (FPR2K-NM-6X1SX-F)

Operating Mode

Typical

Maximum

Insertion loss

Normal

Hardware bypass

0.9 dB

1.2 dB

1.4 dB

1.7 dB

Core diameter (microns)

Modal bandwidth (MHz/km)

Cable distance

Note

 

Half the distance specified by the IEEE standard.

Cable and operating distance

62.5

62.5

50

50

50

160 (FDDI)

200 (OM1)

400

500 (OM2)

2000 (OM3)

110 m

137 m

250 m

275 m

500 m

Table 3. 10-Gbps SR Network Module (FPR2K-NM-6X10SR-F)

Operating Mode

Typical

Maximum

Insertion loss

Normal

Hardware bypass

0.9 dB

1.2 dB

1.4 dB

1.7 dB

Core diameter (microns)

Modal bandwidth (MHz/km)

Cable distance

Note

 

Half the distance specified by the IEEE standard.

Cable and operating distance

62.5

62.5

50

50

50

50

160 (FDDI)

200 (OM1)

400

500 (OM2)

2000 (OM3)

4700 (OM4)

13 m

16.5 m

33 m

41 m

150 m

200 m

Table 4. 10-Gbps LR Network Module (FPR2K-NM-6X10LR-F)

Operating Mode

Typical

Maximum

Insertion loss

Normal

Hardware bypass

1.2 dB

1.5 dB

1.6 dB

1.9 dB

Core diameter (microns)

Modal bandwidth (MHz/km)

Cable distance

Note

 

Half the distance specified by the IEEE standard.

Cable and operating distance

G.652

Single mode

5 km

8-Port 1-Gbps Network Module with Hardware Bypass (FPR-NM-8X1G-F)

The following figure shows the front panel view of the 1-Gbps network module with hardware bypass (FPR-NM-8X1G-F). Pair ports 1 and 2, 3 and 4, 5 and 6, and 7 and 8 to form hardware bypass paired sets.


Note


Make sure you have the correct firmware package and software version installed to support this network module. See Cisco FXOS Troubleshooting Guide for the Firepower 1000/2100 with Firepower Threat Defense for the procedure to verify your firmware package and software version. See Cisco Firepower 2100 ASA Platform Mode FXOS Configuration Guide for the procedure to upgrade the firmware package for the Firepower 2100 running ASA with FXOS.


Figure 18. FPR-NM-8X1G-F

1

Captive screw/handle

2

Bypass LEDs B1 through B4

  • Green—In standby mode.

  • Amber, flashing—Port is in hardware bypass mode, failure event.

3

Ethernet X/1

Ports 1 and 2 are paired together to form a hardware bypass pair. LED B1 applies to this paired port.

4

Ethernet X/2

Ports 3 and 4 are paired together to form a hardware bypass pair. LED B2 applies to this paired port.

5

Ethernet X/2

Ports 5 and 6 are paired together to form a hardware bypass pair. LED B3 applies to this paired port.

6

Ethernet X/2

Ports 7 and 8 are paired together to form a hardware bypass pair. LED B4 applies to this paired port.

7

Network activity LEDs

  • Left LED—Green indicates network activity when a 10 Mbps/100 Mbps/1 Gbps connection is made.

  • Right LED—Not in use at this time.

—

Power Supply Modules

The Firepower 2110 and 2120 have one fixed AC power supply that is not field-replaceable. If the power supply fails, you must get a return material authorization (RMA) for the entire chassis. See the Cisco Returns Portal for more information.

The Firepower 2130 and 2140 support two AC power supply modules so that dual power supply redundancy protection is available. The Firepower 2130 ships with one AC power supply and the Firepower 2140 ships with two AC power supplies. You can also install DC power supply modules instead of AC power on the 2130 and 2140. Facing the back of the chassis, the power supply modules are numbered left to right, for example, PSU1 and PSU2.

The power supply module is hot-swappable.

See Product ID Numbers for a list of the PIDs associated with the Firepower 2100 series power supply modules.


Note


You cannot mix AC and DC power supply modules in the chassis.



Note


After removing power from the chassis by unplugging the power cord, wait at least 10 seconds before turning power back ON.



Attention


Make sure that one power supply module is always active.



Note


The system power requirements are lower than the power supply module capabilities. See the following table.


AC Power Supply

The dual power supplies can supply up to 800-W power across the input voltage range. The load is shared when both power supply modules are plugged in and running at the same time.


Note


The system does not consume more than the capacity of one power supply module, so it will always operate in full redundancy mode (Firepower 2130 and 2140 only) when two power supply modules are installed.


Table 5. AC Power Supply Module Hardware Specifications

2110

2120

2130

2140

Input voltage

100 to 240 V AC

Maximum input current

< 4 A

< 6 A

Maximum output power

250 W

400 W

Frequency

50 to 60 Hz

Efficiency

85% at 50% load

89% at 50% load

Maximum redundancy output power

—

800W

Redundancy

—

1+1 redundancy with dual power supply modules

DC Power Supply

The power supplies can supply up to 350 W power across the input voltage range. The load is shared when both power supply modules are plugged in and running at the same time.

Table 6. DC Power Supply Module Hardware Specifications

2130

2140

Input voltage

-48 to -60 V DC

Maximum input current

< 15 A at -48 V

Note

 

The power supply module is rated at 15 A but the system power is limited to 6.1 A. See Hardware Specifications for more system specifications.

Maximum output power

350 W

Redundancy

1+1 redundancy with dual power supply modules

Efficiency

> 88% at 50% load

Power Supply Module LEDs

The following figure shows the bicolor power supply LEDs on the power supply module. The figure shows the AC power supply module. The DC power supply module has the same LEDs.

Figure 19. Power Supply Module LEDs

1

Amber FAIL LED

2

Green OK LED

The following describes the power module supply LEDs.

Green LED (OK Status)

  • Off—Input power not present.

  • Green, flashing—Input power present, but system is not powered up (power switch is off).

  • Green—The power supply module is enabled and running.

Amber LED (Fail Status)

  • Off—No fault detected.

  • Amber, flashing—Fault warning, power supply may still work but could fail due to high temperature, failing fan, or over current.

  • Amber—Fault detected; power supply not working properly. Includes over voltage, over current, over temperature, and fan failure.

For More Information

Fan Modules

The Firepower 2110 and 2120 have two fixed fans. If the fans fail, you must send your Firepower 2110 or 2120 for RMA.

The Firepower 2130 and 2140 have a removable fan tray with 3 + 1 redundant fans that are hot-swappable. The fan tray is installed in the rear of the chassis. Any one fan can fail indefinitely and the system continues to function. When a fan fails, the remaining fans automatically spin up to full speed.

The fan LED is located on the front of the chassis. See Product ID Numbers for a list of the PIDs associated with the 2100 series fans.

For More Information

SSDs

The Firepower 2110 and 2120 have two SSD slots. These models ship with one 100-GB SSD installed in slot 1. The Firepower 2130 and 2140 have two SSD slots. These models ship with one 200-GB SSD installed in slot 1. See Product ID Numbers for a list of the PIDs associated with the Firepower 2100 series SSDs. The SSD drive identifiers are disk1 and disk2.

You can use the second SSD slot to upgrade to the MSP. The MSP must be installed in the second slot. The second SSD slot remains empty unless you install the MSP in the second slot. The MSP stores threat detection results for use in future analysis. It supports the Advanced Malware Protection (AMP) software feature. It is used as both storage and as the Malware application repository. RAID is not supported.


Caution


You cannot swap SSDs between different Firepower platforms. For example, you cannot use a 4100 series SSD in a 2100 series chassis.



Note


The 100-GB SSD is restricted to the Firepower 2110 and 2120 models. The 200-GB SSD is restricted to the Firepower 2130 and 2140 models. Do not mix them.


Although the hardware supports hot swapping for the SSDs, the software does not, so you must power down the chassis before removing and replacing them.

For More Information

Supported SFP/SFP+ Transceivers

The SFP/SFP+ transceiver is a bidirectional device with a transmitter and receiver in the same physical package. It is a hot-swappable optical or electrical (copper) interface that plugs into the SFP/SFP+ ports on the fixed ports and the network module ports, and provides Ethernet connectivity.

See Cisco SFP Modules for Gigabit Ethernet Applications Data Sheet for more information.

Figure 20. SFP Transceiver

1

Dust plug

2

Bail clasp

3

Receive optical bore

4

Transmit optical bore

Safety Warnings

Take note of the following optical connection warnings:


Warning


Statement 1051—Laser Radiation

Invisible laser radiation may be emitted from disconnected fibers or connectors. Do not stare into beams or view directly with optical instruments.



Warning


Statement 1055—Class 1/1M Laser

Invisible laser radiation is present. Do not expose to users of telescopic optics. This applies to Class 1/1M laser products.



Warning


Use appropriate ESD procedures when inserting the transceiver. Avoid touching the contacts at the rear, and keep the contacts and ports free of dust and dirt. Keep unused transceivers in the ESD packing that they were shipped in.



Note


When using fiber-based optics, make sure that the same SFP type is used on both sides of the cable because speed is not negotiated when using SFP transceivers. This is true for both copper SFPs (the exception being that the GLC-T RJ45-based copper SFPs can negotiate speed) and fiber SFPs. If a port is configured for sfp-detect, then the software configures the port’s speed to match the speed capability of the SFP. For dual-rate SFPs, when sfp-detect is configured, the port is always configured for the highest supported speed of the port. For example, a port that has a 10/25-Gbps SFP installed is configured to operate at 25 Gbps when sfp-detect is configured.



Caution


Although non-Cisco SFPs are allowed, we do not recommend using them because they have not been tested and validated by Cisco. Cisco TAC may refuse support for any interoperability problems that result from using an untested third-party SFP transceiver.


The following table lists the SFPs that are supported on the Secure Firewall 2100 fixed ports.

Table 7. FPR2110, FPR2120, FPR2130, and FPR2140 Fixed Ports

Port Type

Transceiver PID

First Supported Release

Fixed SFP/SFP+ ports

  • GLC-T

  • GLC-TE

  • GLC-SX-MMD

  • GLC-LH-SMD

  • GLC-EX-SMD

  • GLC-ZX-SMD

Threat Defense 6.2/ASA 9.12

The following table lists the SFPs supported on the Secure Firewall 2130 and 2140 fixed ports.

Table 8. FPR2130 and FPR2140 Fixed Ports

Port Type

Transceiver PID

First Supported Release

Fixed SFP/SFP+ ports

  • SFP-10G-SR

  • SFP-10G-SR-S

  • SFP-10G-LR

  • SFP-10G-LR-S

  • SFP-10G-ER

  • SFP-10G-ER-S

  • SFP-10G-ZR

  • SFP-10G-ZR-S

  • SFP-10G-LRM

  • SFP-H10GB-CUxM

  • SFP-H10GB-ACUxM

  • SFP-10G-AOCxM

Threat Defense 6.2/ASA 9.12

The following table lists the SFPs that are supported on the Secure Firewall 2100 management ports.

Table 9. FPR2110, FPR2120, FPR2130, and FPR2140 Management Ports

Port Type

Transceiver PID

First Supported Release

Management SFP/SFP+ ports

  • GLC-T

  • GLC-TE

  • GLC-SX-MMD

  • GLC-LH-SMD

  • GLC-EX-SMD

  • GLC-ZX-SMD

Threat Defense 6.2/ASA 9.12

The following table lists the SFPs that are supported on the Secure Firewall 2130 and 2140 management ports.

Table 10. FPR2130 and FPR2140 Management Ports

Port Type

Transceiver PID

First Supported Release

Management SFP/SFP+ ports

  • SFP-10G-SR

  • SFP-10G-SR-S

  • SFP-10G-LR

  • SFP-10G-LR-S

  • SFP-10G-ER

  • SFP-10G-ER-S

  • SFP-10G-ZR

  • SFP-10G-ZR-S

  • SFP-10G-LRM

  • SFP-H10GB-CUxM

  • SFP-H10GB-ACUxM

  • SFP-10G-AOCxM

Threat Defense 6.2/ASA 9.12

The following table lists the SFPs that are supported on the 8-port 1-Gbps network module.

Table 11. FPR2130 and FPR2140 8-port 1-Gbps Network Module

Port Type

Transceiver PID

First Supported Release

FPR2K-NM-8X1G

  • GLC-T

  • GLC-TE

  • GLC-SX-MMD

  • GLC-LH-SMD

  • GLC-EX-SMD

  • GLC-ZX-SMD

Threat Defense 6.2/ASA 9.12

The following table lists the SFPs that are supported on the 8-port 10-Gbps network module.

Table 12. FPR2130 and FPR2140 8-Port 10-Gbps Network Module

Port Type

Transceiver PID

First Supported Release

FPR2K-NM-8X10G

  • GLC-T

  • GLC-TE

  • GLC-SX-MMD

  • GLC-LH-SMD

  • GLC-EX-SMD

  • GLC-ZX-SMD

  • SFP-10G-SR

  • SFP-10G-SR-S

  • SFP-10G-LR

  • SFP-10G-LR-S

  • SFP-10G-ER

  • SFP-10G-ER-S

  • SFP-10G-ZR

  • SFP-10G-ZR-S

  • SFP-10G-LRM

  • SFP-H10GB-CUxM

  • SFP-H10GB-ACUxM

  • SFP-10G-AOCxM

Threat Defense 6.2/ASA 9.12

Hardware Specifications

The following table contains hardware specifications for the Firepower 2100 series.

Specification

2110

2120

2130

2140

Chassis dimensions (H x W x D)

1.73 x 16.90 x 19.76 inches (4.4 x 42.9 x 50.2 cm)

Network module dimensions

1.2 x 3.7 x 9.6 inches (4.39 x 9.4 x 24.38)

Weight

16.1 lb (7.3 kg)

19.4 lb (8.79 kg)

21 lb (9.52 kg)

System power

100/240V AC 1.9 A (at 100 VAC), 50 to 60 Hz

Note

 

The power supply module is rated at 4 A, but the system power is limited to 1.9 A.

100/240 V AC 2.9 A (at 100 VAC), 50 to 60 Hz

Note

 

The power supply module is rated at 6.3 A, but the system power is limited to 2.9 A.

Temperature

Operating: 32 to 104°F (0 to 40°C)

Nonoperating: -40 to 149°F (-40 to 65°C) maximum altitude is 40,000 ft

NEBS

Operating altitude: 0 to 13,000 ft (3962 m)

Operating temperature:

  • Long Term: 0 to 45°C up to 6000 ft (1829 m)

  • Long Term: 0 to 35°C 6000-13000 ft (1829-3964 m)

  • Short Term: -5 to 55°C up to 6000 ft (1829 m)

Note

 

Firepower 2100 series NEBS compliance applies only to the 2130.

Humidity

Operating: 10 to 85 % noncondensing

Nonoperating: 5 to 95 % noncondensing

Altitude

Operating: 10,000 ft maximum

Nonoperating: 40,000 ft maximum

Sound pressure

47.3 dBA (typical)

73.4 dBA (maximum)

55.7 dBA (typical)

76.7 dBA (maximum)

Sound power

60.2 (typical)

85.1 (maximum)

66 (typical)

84.5 (maximum)

Product ID Numbers

The following table lists the PIDs associated with the Firepower 2100 series. All of the PIDs in the table are field-replaceable. If you need to get a return material authorization (RMA) for any component, see Cisco Returns Portal for more information.


Note


See the show inventory and show inventory expand commands in the Cisco FXOS Troubleshooting Guide for the Firepower 2100 Series to display a list of the PIDs for your Firepower 2100. Or see the show inventory command in the Cisco Firepower Threat Defense Command Reference or the Cisco ASA Series Command Reference to display a list of the PIDs for your Firepower 2100.
Table 13. Firepower 2100 Series PIDs

PID

Description

FPR2110-NGFW-K9

Cisco Firepower 2110 appliance 1 RU, NGFW

FPR2120-NGFW-K9

Cisco Firepower 2120 appliance 1 RU, NGFW

FPR2130-NGFW-K9

Cisco Firepower 2130 appliance 1 RU with one network module bay, NGFW

FPR2140-NGFW-K9

Cisco Firepower 2140 appliance 1 RU with one network module bay, NGFW

FPR2110-ASA-K9

Cisco Firepower 2110 appliance 1 RU, ASA

FPR2120-ASA-K9

Cisco Firepower 2120 appliance 1 RU, ASA

FPR2130-ASA-K9

Cisco Firepower 2130 appliance 1 RU with one network module bay, ASA

FPR2140-ASA-K9

Cisco Firepower 2140 appliance 1 RU with one network module bay, ASA

FPR2110-K9=

Firepower 2110 appliance 1 RU with no power supply or fan (spare)

FPR2120-K9=

Firepower 2120 appliance 1 RU with no power supply or fan (spare)

FPR2130-K9=

Firepower 2130 appliance with one network module bay and no power supply or fan (spare)

FPR2140-K9=

Firepower 2140 appliance with one network module bay and no power supply or fan (spare)

FPR2K-PWR-DC-350

350 W DC power supply

FPR2K-PWR-DC-350=

350 W DC power supply (spare)

FPR2K-PWR-AC-400

400 W AC power supply

FPR2K-PWR-AC-400=

400 W AC power supply (spare)

FPR2K-PSU-BLANK

Power supply blank slot cover

FPR2K-PSU-BLANK=

Power supply blank slot cover (spare)

FPR2K-SSD100

SSD for Firepower 2110 and 2120

FPR2K-SSD100=

SSD for Firepower 2110 and 2120 (spare)

FPR2K-SSD200

SSD for Firepower 2130 and 2140

FPR2K-SSD200=

SSD for Firepower 2130 and 2140 (spare)

FPR2K-SSD-BBLKD

SSD slot carrier

FPR2K-SSD-BBLKD=

SSD slot carrier (spare)

FPR-MSP-SSD

MSP SSD

FPR-MSP-SSD=

MSP SSD (spare)

FPR2K-FAN

Fan tray for the Firepower 2130 and 2140

FPR2K-FAN=

Fan tray for the Firepower 2130 and 2140 (spare)

FPR2K-NM-8X1G

8-port 1-Gbps SFP network module

FPR2K-NM-8X1G=

8-port 1-Gbps SFP network module (spare)

FPR2K-NM-8X10G

8-port 10-Gbps SFP+ network module

FPR2K-NM-8X10G=

8-port 10-Gbps SFP+ network module (spare)

FPR2K-NM-6X1SX-F

6-port 1-Gbps SX fiber hardware bypass network module

FPR2K-NM-6X1SX-F=

6-port 1-Gbps SX fiber hardware bypass network module (spare)

FPR2K-NM-6X10LR-F

6-port 10-Gbps LR hardware bypass network module

FPR2K-NM-6X10LR-F=

6-port 10-Gbps LR hardware bypass network module

(spare)

FPR2K-NM-6X10SR-F

6-port 10-Gbps SR hardware bypass network module

FPR2K-NM-6X10SR-F=

6-port 10-Gbps SR hardware bypass network module (spare)

FPR2K-NM-8X1G-F

8-port 1-Gbps copper hardware bypass network module

FPR2K-NM-8X1G-F=

8-port 1-Gbps copper hardware bypass network module (spare)

FPR2K-NM-BLANK

Network module blank slot cover

FPR2K-NM-BLANK=

Network module blank slot cover (spare)

FPR2K-CBL-MGMT

Cable management brackets

FPR2K-CBL-MGMT=

Cable management brackets (spare)

FPR2K-RM-BRKT=

Rack-mount brackets (spare)

FPR2K-SLIDE-RAILS

Slide rail kit

FPR2K-SLIDE-RAILS=

Slide rail kit (spare)

FPR2K-RAIL-BRKT=

Slide rail brackets (spare)

Power Cord Specifications

Each power supply has a separate power cord. Standard power cords or jumper power cords are available for connection to the security appliance. The jumper power cords for use in racks are available as an optional alternative to the standard power cords.

If you do not order the optional power cord with the system, you are responsible for selecting the appropriate power cord for the product. Using a incompatible power cord with this product may result in electrical safety hazard. Orders delivered to Argentina, Brazil, and Japan must have the appropriate power cord ordered with the system.


Note


Only the approved power cords or jumper power cords provided with the security appliance are supported.


The following power cords are supported.

Figure 21. Argentina CAB-ACR

1

Plug: IRAM 2073

2

Cord set rating: 10 A, 250 V

3

Connector: IEC 60320/C13

Figure 22. Australia CAB-ACA

1

Plug: A.S. 3112

2

Cord set rating: 10 A, 250 V

3

Connector: IEC 60320/C13

Figure 23. Brazil CAB-C13-ACB

1

Plug: NBR 14136

2

Cord set rating: 10 A, 250 V

3

Connector: IEC 60320/C13

Figure 24. China CAB-ACC

1

Plug: GB2099.1-2008/GB1002

2

Cord set rating: 10 A, 250 V

3

Connector: IEC 60320/C13

Figure 25. Europe CAB-ACE

1

Plug: CEE 7 VII

2

Cord set rating: 10 A, 250 V

3

Connector: IEC 60320/C13

Figure 26. India PWR-CORD-IND-D

1

Plug: IS 6538-1971

2

Cord set rating: 10 A, 250 V

3

Connector: IEC 60320/C13

Figure 27. Italy CAB-ACI

1

Plug: CEI 23-16

2

Cord set rating: 10 A, 250 V

3

Connector: IEC 60320/C13

Figure 28. Japan CAB-JPN

1

Plug: JIS C8303

2

Cord set rating: 12 A, 125 V

3

Connector: IEC 60320/C13

Figure 29. Japan CAB-JPN-3PIN

1

Plug: JIS C8303/JIS C8306

2

Cord set rating: 12 A, 125 V

3

Connector: IEC 60320/C13

Figure 30. Jumper CAB-C13-C14-2M

1

IEC 60320/C14G

2

Cord set rating: 10 A, 250 V

3

Connector: IEC 60320/C13

Figure 31. Korea CAB-AC-C13-KOR

1

Plug: KSC 8305

2

Cord set rating: 10 A, 250 V

3

Connector: IEC 60320/C13

Figure 32. North America CAB-AC

1

Plug: NEMA5-15P

2

Cord set rating: 10 A, 125 V

3

Connector: IEC 60320/C13

Figure 33. South Africa CAB-ACSA

1

Plug: SABS 164

2

Cord set rating: 16 A, 250 V

3

Connector: IEC 60320/C13

Figure 34. Switzerland CAB-ACS

1

Plug: SEV 1011

2

Cord set rating: 10 A, 250 V

3

Connector: IEC 60320/C13

Figure 35. Taiwan CAB-ACTW

1

Plug: CNS10917

2

Cord set rating: 10 A, 125 V

3

Connector: IEC 60320/C13

Figure 36. United Kingdom CAB-ACU

1

Plug: BS1363A/SS145

2

Cord set rating: 10 A, 250 V

3

Connector: IEC 60320/C13