Introduction to the Security Appliance

About the Firepower Security Appliance

The Cisco Firepower 4100/9300 chassis is a next-generation platform for network and content security solutions. The Firepower 4100/9300 chassis is part of the Cisco Application Centric Infrastructure (ACI) Security Solution and provides an agile, open, secure platform that is built for scalability, consistent control, and simplified management.

The Firepower 4100/9300 chassis provides the following features:

  • Modular chassis-based security system—provides high performance, flexible input/output configurations, and scalability.

  • Firepower Chassis Manager—graphical user interface provides streamlined, visual representation of current chassis status and simplified configuration of chassis features.

  • Firepower eXtensible Operating System (FXOS) CLI—provides command-based interface for configuring features, monitoring chassis status, and accessing advanced troubleshooting features.

  • FXOS REST API—allows users to programmatically configure and manage their chassis.

How the Logical Device Works with the Firepower 4100/9300

The Firepower 4100/9300 runs its own operating system on the supervisor called the Firepower eXtensible Operating System (FXOS). The on-the-box Firepower Chassis Manager provides simple, GUI-based management capabilities. You configure hardware interface settings, smart licensing (for the ASA), and other basic operating parameters on the supervisor using the FXOS CLI.

A logical device lets you run one application instance and also one optional decorator application to form a service chain. When you deploy the logical device, the supervisor downloads an application image of your choice and establishes a default configuration. You can then configure the security policy within the application operating system.

Logical devices cannot form a service chain with each other, and they cannot communicate over the backplane with each other. All traffic must exit the chassis on one interface and return on another interface to reach another logical device. For container instances, you can share data interfaces; only in this case can multiple logical devices communicate over the backplane.

Supported Applications

You can deploy logical devices on your chassis using the following application types.

FTD

The Firepower Threat Defense provides next-generation firewall services, including stateful firewalling, routing, VPN, Next-Generation Intrusion Prevention System (NGIPS), Application Visibility and Control (AVC), URL filtering, and malware defense.

You can manage the Firepower Threat Defense using one of the following managers:

  • FMC—A full-featured, multidevice manager on a separate server.

  • FDM—A simplified, single device manager included on the device.

  • CDO—A cloud-based, multidevice manager.

ASA

The ASA provides advanced stateful firewall and VPN concentrator functionality in one device. You can manage the ASA using one of the following managers:

  • ASDM—A single device manager included on the device.

  • CLI

  • CDO—A cloud-based, multidevice manager.

  • CSM—A multidevice manager on a separate server.

Radware DefensePro (Decorator)

You can install Radware DefensePro (vDP) to run in front of the ASA or the Firepower Threat Defense as a decorator application. vDP is a KVM-based virtual platform that provides distributed denial-of-service (DDoS) detection and mitigation capabilities on the Firepower 4100/9300. Traffic from the network must first pass through the vDP before reaching the ASA or the Firepower Threat Defense.

Monitoring Chassis Health

You can use the show environment summary command to view the following pieces of information that show the overall health for the Firepower 4100/9300 chassis:

  • Total Power Consumption—Total power consumed in watts.

  • Inlet Temperature—Ambient system temperature in Celsius.

  • CPU Temperature—Processor temperature in Celsius.

  • Power Supply Type—AC or DC.

  • Power Supply Input Feed Status—Input status (Ok, Fault).

  • Power Supply Output Status—12V output status (Ok, Fault).

  • Power Supply Overall Status—Overall health of PSU (Operable, Removed, Thermal problem).

  • Fan Speed RPM—Highest RPM of both fans in single fan tray.

  • Fan Speed Status—Fan speed (Slow, Ok, High, Critical).

  • Fan Overall Status—Overall health of Fan (Operable, Removed, Thermal problem)

  • Blade Total Power Consumption—Total power consumed by security module/engine in watts.

  • Blade Processor Temperature—Highest temperature in Celsius of processors on security module/engine.

Procedure

Step 1

Connect to the FXOS CLI (see Accessing the FXOS CLI).

Step 2

Enter chassis mode:

Firepower-chassis# scope chassis 1

Step 3

To view a summary of the chassis health, enter the following command:

Firepower-chassis /chassis # show environment summary

Example


Firepower-chassis# scope chassis 1
Firepower-chassis /chassis # show environment summary

Chassis INFO :

Total Power Consumption: 638.000000
Inlet Temperature (C): 32.000000
CPU Temperature (C): 47.000000
Last updated Time: 2017-01-05T23:34:39.115

PSU 1:
Type: AC
Input Feed Status: Ok
12v Output Status: Ok
Overall Status: Operable
PSU 2:
Type: AC
Input Feed Status: Ok
12v Output Status: Ok
Overall Status: Operable

FAN 1
Fan Speed RPM (RPM): 3168
Speed Status: Ok
Overall Status: Operable
FAN 2
Fan Speed RPM (RPM): 3388
Speed Status: Ok
Overall Status: Operable
FAN 3
Fan Speed RPM (RPM): 3168
Speed Status: Ok
Overall Status: Operable
FAN 4
Fan Speed RPM (RPM): 3212
Speed Status: Ok
Overall Status: Operable

BLADE 1:
Total Power Consumption: 216.000000
Processor Temperature (C): 58.000000
BLADE 2:
Total Power Consumption: 222.000000
Processor Temperature (C): 62.500000