Overview

Features

The Cisco Firepower 1100 security appliances are a standalone modular security services platform. They are capable of running multiple security services simultaneously and so are targeted at the data center as a multiservice platform. See Product ID Numbers for a list of the product IDs (PIDs) associated with the Firepower 1100.

The Firepower 1000 supports Cisco Firepower Threat Defense and Cisco ASA software. See the Cisco Firepower Compatibility Guide and the Cisco ASA Compatibility guide, which provide Cisco software and hardware compatibility, including operating system and hosting environment requirements, for each supported version.

The following figure shows the Cisco Firepower 1100 chassis.

Figure 1. Cisco Firepower 1100

The following table lists the features for the Firepower 1100

Table 1. Firepower 1120, 1140, and 1150 Features

Feature

1120

1140

1150
Security standards certifications

  • Certified for the 1120, 1140, and 1150 on ASA 9.16.x:

    • Common Criteria Certification for the Network Device Collaborative Protection Profile (NDcPPv2.2E)

    • Firewall Collaborative Protection Profile Module (FW_MOD_v1.4e)

    • Virtual Private Network Gateway Protection Profile Module (VPNGW_MOD_v1.1)

  • Certified for the 1120 and 1140 on FTD 6.4.x and FX-OS 2.6.x:

    • Common Criteria Certification for the Network Device Collaborative Protection Profile (NDcPPv2.2E)

    • IPS Extended Package (IPSEP v2.11)

    • Firewall Collaborative Protection Profile Module (MOD_FW_v1.4e)

    • Virtual Private Network Gateway Protection Profile Module (MOD_VPNGW_v1.1)

  • Federal Information Processing Standards (FIPS) 140-2 certified for the 1120 and 1140 on FTD 6.4.x and FX-OS 2.6.x.

  • Department of Defense Information Network Approved Product List (DoDIN APL) certified on the 1120 and 1140.

  • US Government Compliance for IPv6 (USGv6) on FTD 7.0.x— Certification Approval under the R1 Profile for the Product Classification “NPP” certified on the 1120, 1140, and 1150.

See the "Security Certifications Compliance" topic in the "Appliance Platform Settings" chapter in the Firepower Management Center Configuration Guide, Version 6.7 for the instructions on how to enable security certifications compliance.

Form factor

1 RU

Mounting

Rack mount

4-post Electronic Industries Association (EIA)-310-D rack

Airflow

I/O side to non-I/O side

Rear panel to front panel (cold aisle to hot aisle)

Processor

One 12-core Intel CPU

One 16-core Intel CPU

Memory

16-GB DDR4 DRAM

32-GB DDR4 DRAM

Management port

One Gigabit Ethernet RJ-45 10/100/1000 BaseT

Restricted to network management access only

Console ports

One RJ-45 or one USB Mini B

Provides management access through an external system

USB port

One USB 3.0 Type A

Allows attachment of an external device such as mass storage

Network ports

Eight Gigabit Ethernet RJ-45 10/100/1000 BaseT

Each RJ-45 (8P8C) copper port supports auto Medium Dependent Interface Crossover (MDI/X) as well as auto-negotiation for interface speed, duplex, and other negotiated parameters, and are MDI/X-compliant.

Port numbering is left to right, top to bottom; ports are named Gigabit Ethernet 1/1 through 1/8. Each port includes a pair of LEDs, one each for connection status and link status.

Small form-factor pluggable (SFP) ports

Four fixed 1-Gb SFP ports

Four fixed 1-Gb SFP ports

Note

 
Two of the SFP ports (ports 9 and 11) support 10 Gbps.

Supported SFPs

  • GLC-SX-MMD

  • GLC-LH-SMD

  • GLC-EX-SMD

  • GLC-ZX-SMD

  • GLC-T/TE

The SPFs are hot-swappable.

  • SFP-10G-SR

  • SFP-10G-LR

  • SFP-10G-ER

  • SFP-10G-SR-S

  • SFP-10G-LR-S

  • SFP-10G-ZR-S

  • SFP-10G-ER-S

  • SFP-H10GB-CU

    1M/1-5M/2M/

    2-5M/3M/5M

  • SFP-H10GB-ACU

    7M/10M

  • SFP-10G-AOC

    1M/2M/3M/

    5M/7M/10M

Power switch

Yes

On rear panel; standard rocker-type power on/off switch

Note

 
The power switch controls system power and operates as a soft notification switch that supports the graceful shutdown of the system. Graceful shutdown reduces the risk of system software and data corruption.

Reset button

A small recessed button that if pressed for longer than three seconds resets the chassis to its default state following the next reboot. Configuration variables are reset to factory default. However, the flash is not erased, and no files are removed.

AC power supply

One fixed AC power supply

The power supply is internal; there is no user access.

The power supply is not field-replaceable; you must return the chassis to Cisco for power supply replacement.

Redundant power

No

Fan

One fixed fan

The fan is internal; there is no user access.

The fan is not field-replaceable; you must return the chassis to Cisco for fan replacement.

Storage

One SSD slot

200-GB 2.5-in. SATA SSD drive

The drive is field-replaceable. See Replace the SSD for more information.

Console Ports
The Firepower 1100 has two external console ports, a standard RJ-45 port and a USB Mini B serial port. Only one console port can be active at a time. When a cable is plugged into the USB console port, the RJ-45 port becomes inactive. Conversely, when the USB cable is removed from the USB port, the RJ-45 port becomes active. The console ports do not have any hardware flow control. You can use the CLI to configure the chassis through either serial console port by using a terminal server or a terminal emulation program on a computer.

  • RJ-45 (8P8C) port—Supports RS-232 signaling to an internal UART controller. The RJ-45 console port does not support a remote dial-in modem. You can use a standard management cable (Cisco part number 72-3383-01) to convert the RJ45-to-DB9 connection if necessary.

  • USB Mini B port—Lets you connect to a USB port on an external computer. For Linux and Macintosh systems, no special driver is required. For Windows systems, you must download and install a USB driver (available on software.cisco.com). You can plug and unplug the USB cable from the console port without affecting Windows HyperTerminal operations. We recommend shielded USB cables with properly terminated shields. Baud rates for the USB console port are 1200, 2400, 4800, 9600, 19200, 38400, 57600, and 115200 bps.


Note
For Windows operating systems, you must install a Cisco Windows USB Console Driver on any PC connected to the console port before using the USB console port. See Connect to the Console Port with Microsoft Windows for information on installing the driver.
External Flash Storage
The chassis contains a standard USB Type A port that you can use to attach an external device. The USB port can provide output power of 5 volts, up to a maximum of 1 A (5 USB power units).

  • External USB drive (optional)—You can use the external USB Type A port to attach a data-storage device. The external USB drive identifier is disk1. When the chassis is powered on, a connected USB drive is mounted as disk1 and is available for you to use. Additionally, the file-system commands that are available to disk0 are also available to disk1, including copy, format, delete, mkdir, pwd, cd, and so on.

  • FAT-32 File System—The Firepower 1100 only supports FAT-32-formatted file systems for the external USB drive. If you insert an external USB drive that is not in FAT-32 format, the system mounting process fails, and you receive an error message. You can enter the command format disk1: to format the partition to FAT-32 and mount the partition to disk1 again; however, data might be lost.

Package Contents

The following figure shows the package contents for the Firepower 1100. Note that the contents are subject to change, and your exact contents might contain additional or fewer items.


Note
There are three sets of four screws that you can use to secure the chassis to your rack. Chose the screws that fit your rack.
Figure 2. Firepower 1100 Package Contents

1

Chassis

2

USB console cable

Type A to Mini Type B (part number 53-1977-01)

3

Power cord

4

Four 10-32 x 0.75-inch Phillips screws (part number 48-0441-01) for securing the chassis to your rack

5

Four 12-24 x 0.75-inch Phillips screws (part number 48-0440-01) for securing the chassis to your rack

6

Four M6 x 1 x1 9-mm Phillips screws (part number 48-101022-01) for securing the chassis to your rack

7

Four M4 x 8-mm Phillips screws (part number 48-0451-01) for securing the rack-mounting bracket to the chassis

8

Tow rack-mount brackets (part number 700-117078-01)

9

Cisco Secure Firepower 1100

This document has a URL and QR code that point to the Digital Documentation Portal. The portal contains links to the Product Information page, the Hardware Installation Guide, the Regulatory and Safety Information Guide, the Getting Started Guide, and the Easy Deployment Guide.

QR Code Sticker

The QR code sticker on the rear panel of the chassis points to the Easy Deployment Guide for Cisco Secure Firewall 1000, 2100, and 3100 Series that explains low touch provisioning (LTP). LTP allows anyone to connect a new Firepower 1100 to a network so that the IT department can on board the device to Security Cloud Control and configure it remotely. Security Cloud Control supports Firepower Threat Defense (FTD) version 6.7 and later.

The following figure shows the QR code sticker.

Figure 3. QR Code Sticker

The following figure shows the placement of the QR code sticker on the rear panel of the chassis.

Figure 4. QR Code Sticker on the Chassis

1

QR code sticker

Serial Number and Digital Documentation Portal QR Code

The compliance label on the bottom of the chassis contains the chassis serial number, regulatory compliance marks, and the Digital Documentation Portal QR code that points to the getting started guide, the regulatory and compliance guide, the easy deployment guide, and the hardware installation guide.

The following figure shows an example compliance label found on the bottom of the chassis.

Figure 5. Compliance Label on the Chassis

1

Chassis model number

2

 Chassis serial number

3

Digital Documentation Portal QR code

Front Panel

The following figure shows the front panel of the Firepower 1100. Note that there are no connectors or LEDs on the front panel.

Figure 6. Firepower 1100 Front Panel

Rear Panel

The following figure shows the rear panel of the Firepower 1100. See Rear Panel LEDs for a description of the LEDs. See Features for a description of each feature.

Figure 7. Firepower 1100 Rear Panel

1

Power switch

Note

 

The power switch provides a way to gracefully shut down the system and place it in standby. The power supply and fan remain active and the fan may continue to spin at slow speed. To achieve total power shut down, unplug the power supply from the chassis.

2

Power cord socket

3

Management port

4

SFP ports (numbered 9 through 12)

5

USB Type A port

6

USB Mini B console port

7

RJ-45 (8P8C) console port

8

Network data ports

9

Status LEDs

10

Reset button

11

SSD LED

12

SSD bay

Rear Panel LEDs

The following figure shows the LEDs on the rear panel of the Firepower 1100 and describes their states.

Figure 8. Firepower 1100 Rear Panel LEDs

1

Network

Status of the network ports:

Link status (L):

  • Off—No link, or port is not in use.

  • Green—Link established.

  • Green, flashing—Link activity.

2

Network

Status of the network ports:

Connection-speed status (S):

  • Green, flashing—One flash every three seconds = 10 Mbps.

  • Green, flashing—Two rapid flashes = 100 Mbps.

  • Green, flashing—Three rapid flashes = 1000 Mbps.

3

SFP

Status of the SFP transceiver:

Link status (L):

  • Off—No SFP.

  • Amber—SFP present, but no link.

  • Green, flashing—Link established and transmitting.

4

Power

Power supply status:

  • Off —Power supply off.

  • Green—Power supply on.

5

Status

System operating status:

  • Off—System has not booted up yet.

  • Green, flashing quickly—System is booting up.

  • Green—Normal system function.

  • Amber—Critical alarm indicating one or more of the following:

    • Major failure of a hardware or software component.

    • Over-temperature condition.

    • Power voltage outside the tolerance range.

  • Green, flashing slowly (twice in 5 seconds)—Cloud connected.

    Note

     
    Security Cloud Control is valid for FTD 6.7 and later.

  • Green and amber, flashing—Cloud connection failure.

  • Green—Cloud disconnected.

Note

 
The Security Cloud Control LED pattern applies to low touch provisioning (LTP). See the Firepower Easy Deployment Guide for Cisco Firepower 1000 or 2100 Firewalls for more information.

6

Active

Status of the failover pair:

  • Off— Failover is not operational.

  • Green—Failover pair operating normally. The LED is green always unless the chassis in a high availability pair.

  • Amber—When the chassis is in a high availability pair, the LED is amber for the standby unit.

7

SSD

Status of the SSD:

  • Off— No SSD present.

  • Green—SSD detected.

  • Green, flashing—Activity on the SSD.

Note

 

See Replace the SSD for the procedure for replacing a failed SSD.

Hardware Specifications

The following table contains hardware specifications for the Firepower 1100.

Table 2. Hardware Specifications

Specification

1120

1140

1150

Dimensions (H x W x D)

1.72 x 10.58 x 17.2 inches (4.37 x 26.87 x 43.69 cm)

Weight

8 lb (3.63 kg)

Temperature

Operating: 32 to 104⁰F (0 to 40⁰C)

Derate the maximum operating temperature 1.5⁰C per 1000 ft above sea level.

Nonoperating: -13 to 158°F (-25 to 70°C) maximum altitude is 40,000 ft

Humidity

Operating: 90%

Nonoperating: 10 to 90%

Altitude

Operating: 0 to 3,000 (0 to 9843 m)

Nonoperating: 0 to 15,000 ft (0 to 4570 m)

Acoustic noise

56.8 dBa (sound pressure) at maximum fan speed at 40C

31.7 dBa at room temperature

56.8 dBa (sound pressure) at maximum fan speed at 40C

34.2 dBa at room temperature

Product ID Numbers

The following table lists the field-replaceable PIDs associated with the Firepower 1100. The spare components are ones that you can order and replace yourself. If any internal components fail, you must get a return material authorization (RMA) for the entire chassis. See the Cisco Returns Portal for more information.


Note

See the show inventory command in the Cisco Firepower Threat Defense Command Reference or the Cisco ASA Series Command Reference to display a list of the PIDs for your Firepower 1100.

Table 3. Firepower 1100 Series PIDs

PID

Description

FPR1120-NGFW-K9

Cisco Firepower 1120 NGFW appliance

FPR1140-NGFW-K9

Cisco Firepower 1140 NGFW appliance

FPR1150-NGFW-K9

Cisco Firepower 1150 NGFW appliance

FPR1K-RM-SSD200

Cisco Firepower 1100 200-GB drive

FPR1K-RM-SSD200=

Cisco Firepower 1100 200-GB drive (spare)

FPR1K-CBL-MGMT

Cisco Firepower 1100 cable-management brackets

FPR1K-CBL-MGMT=

Cisco Firepower 1100 cable-management brackets (spare)

FPR1K-RM-ACY-KIT

Cisco Firepower 1100 accessory kit

FPR1K-RM-BRKT=

Cisco Firepower 1100 rack-mount brackets (spare)

FPR1K-RM-FIPS-KIT

Cisco Firepower 1100 FIPS kit

Power Cord Specifications

Each power supply has a separate power cord. Standard power cords or jumper power cords are available for connection to the security appliance. The jumper power cords for use in racks are available as an optional alternative to the standard power cords.

If you do not order the optional power cord with the system, you are responsible for selecting the appropriate power cord for the product. Using a incompatible power cord with this product may result in electrical safety hazard. Orders delivered to Argentina, Brazil, and Japan must have the appropriate power cord ordered with the system.


Note

Only the approved power cords or jumper power cords provided with the chassis are supported.

The following power cords are supported.

Figure 9. Argentina (CAB-ACR)

1

Plug: VA2073

2

Cord set rating: 10 A, 250 V

3

Connector: V1625
Figure 10. Australia/New Zealand (CAB-ACA)

1

Plug: AU10LS3

2

Cord set rating: 10 A, 250 V

3

Connector: V1625
Figure 11. Brazil (CAB-C13-ACB)

1

Plug: NBR 14136

2

Cord set rating: 10 A, 250 V

3

Connector: EL 701B (EN 60320/C13)
Figure 12. China (CAB-ACC)

1

Plug: V3203C

2

Cord set rating: 10 A, 250 V

3

Connector: V1625
Figure 13. Europe (CAB-ACE)

1

Plug: M2511

2

Cord set rating: 16 A, 250 V

3

Connector: V1625
Figure 14. India (CAB-IND-10A)

1

Plug: IA16A3-C

2

Cord set rating: 16 A, 250 V

3

Connector: V1625BS-E
Figure 15. Italy (CAB-ACI)

1

Plug: IT10S3

2

Cord set rating: 10 A, 250 V

3

Connector: V1625
Figure 16. Japan (CAB-C13-C14-2M-JP) PSE Mark

1

IEC 60320-2-2/E

2

Cord set rating: 10 A, 250 V

3

Connector: IEC 60320/C13

Cord length: 2 m
Figure 17. Japan (CAB-JPN-3PIN)

1

Plug: M744

2

Cord set rating: 12 A, 125 V

3

Connector: V1625
Figure 18. Jumper (CAB-C13-C14-2M)

1

IEC 60320/C14G

2

Cord set rating: 10 A, 250 V

3

Connector: IEC 60320/C13

Cord length: 2.5 m
Figure 19. Korea (CAB-AC-C13-KOR)

1

Plug: M2511

2

Cord set rating: 10 A, 250 V

3

Connector: V1625
Figure 20. North America (CAB-AC)

1

Plug: PS204

2

Cord set rating: 10 A, 250 V

3

Connector: V1625
Figure 21. South Africa (AIR-PWR-CORD-SA)

1

Plug: SA16A

2

Cord set rating: 10 A, 250 V

3

Connector: V1625
Figure 22. Switzerland (CAB-ACS)

1

Plug: SW10ZS3

2

Cord set rating: 10 A, 250 V

3

Connector: V1625
Figure 23. Taiwan (CAB-ACTW)

1

Plug: EL 302 (CNS10917)

2

Cord set rating: 10 A, 125 V

3

Connector: EL 701 (EN 60320/C13)
Figure 24. United Kingdom (CAB-ACU)

1

Plug: 3P BS 1363

2

Cord set rating: 10 A, 250 V

3

Connector: IEC 60320/C13