Introduction to the Firepower Security Appliance

About the Firepower Security Appliance

The Cisco Firepower 4100/9300 chassis is a next-generation platform for network and content security solutions. The Firepower 4100/9300 chassis is part of the Cisco Application Centric Infrastructure (ACI) Security Solution and provides an agile, open, secure platform that is built for scalability, consistent control, and simplified management.

The Firepower 4100/9300 chassis provides the following features:

  • Modular chassis-based security system—provides high performance, flexible input/output configurations, and scalability.

  • Firepower Chassis Manager—graphical user interface provides streamlined, visual representation of current chassis status and simplified configuration of chassis features.

  • FXOS CLI—provides command-based interface for configuring features, monitoring chassis status, and accessing advanced troubleshooting features.

  • FXOS REST API—allows users to programmatically configure and manage their chassis.

How the Logical Device Works with the Firepower

The Firepower runs its own operating system on the supervisor called the Firepower eXtensible Operating System (FXOS). The on-the-box Firepower Chassis Manager provides simple, GUI-based management capabilities. You configure hardware interface settings, smart licensing (for the ASA), and other basic operating parameters on the supervisor using the FXOS CLI.

A logical device lets you run one application instance and also one optional decorator application to form a service chain. When you deploy the logical device, the supervisor downloads an application image of your choice and establishes a default configuration. You can then configure the security policy within the application operating system.

Logical devices cannot form a service chain with each other, and they cannot communicate over the backplane with each other. All traffic must exit the chassis on one interface and return on another interface to reach another logical device. For container instances, you can share data interfaces; only in this case can multiple logical devices communicate over the backplane.

Supported Applications

You can deploy logical devices on your chassis using the following application types.

Firepower Threat Defense

The FTD provides next-generation firewall services, including stateful firewalling, routing, VPN, Next-Generation Intrusion Prevention System (NGIPS), Application Visibility and Control (AVC), URL filtering, and Advanced Malware Protection (AMP).

You can manage the FTD using the FMC, a full-featured, multidevice manager on a separate server.

ASA

The ASA provides advanced stateful firewall and VPN concentrator functionality in one device. You can manage the ASA using one of the following managers:

  • ASDM—A single device manager included on the device.

  • CLI

  • Cisco Defense Orchestrator (CDO)—A cloud-based, multidevice manager.

  • Cisco Security Manager—A multidevice manager on a separate server.

Radware DefensePro (Decorator)

You can install Radware DefensePro (vDP) to run in front of the ASA or FTD as a decorator application. vDP is a KVM-based virtual platform that provides distributed denial-of-service (DDoS) detection and mitigation capabilities on the Firepower . Traffic from the network must first pass through the vDP before reaching the ASA or FTD.