Overview

Features

The Cisco Secure Firewall 4200 is a standalone modular security services platform that includes the Secure Firewall 4215, 4225, and 4245.

The Secure Firewall 4200 supports Cisco Secure Firewall Threat Defense and Cisco ASA software. See the Cisco Secure Firewall Threat Defense Compatibility Guide and the Cisco Secure Firewall ASA Compatibility guide, which provide Cisco software and hardware compatibility, including operating system and hosting environment requirements, for each supported version.

The following figure shows the Secure Firewall 4200.

Figure 1. Secure Firewall 4200

The following table lists the features for the Secure Firewall 4200.

Table 1. Secure Firewall 4200 Features

Feature

4215

4225

4245

Form factor

1 RU

Fits a standard 19-inch (48.3-cm) square-hole rack

Rack mount

Two slide-rail mounting brackets and two slide rails

4-post Electronic Industries Association (EIA)-310-D rack

Airflow

Front to rear (I/O side to non-I/O side)

Cold aisle to hot aisle

Core count

Single socket 32-core

Single socket 64-core

Dual socket two 64-cores

System memory

8 x 32 GB (256 GB) at 3200 Mt/s

8 x 64 GB (512 GB) at 3200 Mt/s

16 x 64 GB (1 TB) at 3200 Mt/s

Management ports

Two 1/10/25-Gbps SFP28 ports

Console port

One RJ-45 serial port

USB port

One USB 3.0 with 5 W Type A port

Network ports

Eight fixed 1/10/25-Gbps SFP28 fiber ports

Named Ethernet 1/1 through 1/8

Network module slots

Two (hot-swappable)

Note

 

Hot-swapping of identical modules is supported, but if you replace a network module with another type, you must reboot the system so that the new network module is recognized.

Network modules

  • 8-port 1/10Gb SFP+ (FPR-X-NM-8X10G)

  • 8-port 1/10/25Gb SFP+ (FPR-X-NM-8X25G)

  • 4-port 40-Gb QSFP/QSFP+ (FPR-X-NM-4X40G)

  • 4-port 40/100/200-Gb QSFP28/QSFP (FPR-X-NM-4X200G)

    Note

     

    200-Gb traffic is not supported until a later release.

  • 2-port 100-Gb QSFP56/QSFP28/QSFP (FPR-XNM-2X100G)

  • 6-port 10-Gb SFP SR multimode hardware bypass (FPR-X-NM-6X10SRF)

  • 6-port 10-Gb SFP LR single mode hardware bypass (FPR-X-NM-6X10LRF)

  • 6-port 25-Gb SFP SR multimode hardware bypass (FPR-X-NM-6X25SRF)

  • 6-port 25-Gb SFP LR single mode hardware bypass (FPR-X-NM-6X25LRF)

  • 8-port copper 1-Gb 1000Base-T hardware bypass (FPR-X-NM-8X1GF)

  • 2-port 200/400-Gb QSFP-DD (FPR-X-NM-2X400G)

AC power supply

Ships with one 1900 W AC power supply (second power supply is optional)

Hot-swappable

Ships with two 1900 W AC power supplies

Hot-swappable

Redundant power

Yes

Note

 

You must order a second power supply.

Yes

Note

 

Ships with two power supplies.

Fans

Three dual fan modules (hot-swappable)

Storage

Two Nonvolatile Memory Express (NVMe) SSD slots for EDSFF (Enterprise & Datacenter SSD Form Factor) SSD drives

Ships with two 1.8-TB SSDs; factory-configured for RAID1.

Pullout asset card

Displays the serial number and a QR code that points to the Documentation Portal

Grounding

Grounding pad on the left side of chassis near the rear power switch; use the grounding lug kit that ships with the chassis.

Power switch

On rear panel

Reset button

Resets the system to factory default without requiring serial console access

Note

 

The reset button is recessed. Press with a pin and hold longer than 5 seconds to set the system back to the factory default.

Deployment Options

Here are some examples of how you can deploy the Secure Firewall 4200:

  • As a firewall:

    • At the enterprise internet edge in a redundant configuration

    • At branch offices in either a high availability pair or standalone

    • At data centers in a high availability pair or clustered, which serves the needs of smaller enterprises

  • As a device that provides additional application control, URL filtering, or IPS/threat-centered capabilities:

    • Behind an enterprise internet edge firewall in an inline configuration or as a standalone (requires hardware fail-open network module support)

    • Deployed passively off a SPAN port on a switch or a tap on a network, or standalone

  • As a branch native SD-WAN solution that offers remote deployment and can be managed over a 4G LTE

  • As a VPN device:

    • For remote access VPN

    • For site-to-site VPN

Package Contents

The following figure shows the package contents for the Secure Firewall 4200. The contents are subject to change and your exact contents contain additional or fewer items depending on whether you order the optional parts. See Product ID Numbers for a list of PIDs associated with the package contents.

Figure 2. Secure Firewall 4200 Package Contents

1

Secure Firewall 4200 chassis

2

One or two power cords (country-specific)

See Power Cord Specifications for a list of supported power cords.

3

SFP transceiver

(Optional; in package if ordered)

4

Ground lug, screws, and washers

  • One ground lug (part number 32-100152-01)

  • One ground lug bracket (part number 700-122528-01)

  • Two M4.0 x 0.6 mm flat head Phillips screws (part number 48-2030-01)

  • Two ¼-20 x 0.297-inch screws (part number 48-102252-01)

  • Two 0.469-inch OD, 0.261-inch ID, 0.025-inch T washers (part number 49-100464-01)

5

Cable management bracket kit (part number 69-101031-01)

  • Two cable management brackets (part number 700-130991-01)

  • Four 8-32 x 0.375-inch Phillips screws (part number 48-2696-01)

(Optional; in package if ordered)

6

Two slide rails (800-109129-01)

Slide rail accessories kit (53-101561-01):

  • Two slide rail mounting brackets (part number 700-121935-01)

  • Six 8-32 x 0.302-inch slide rail mounting bracket Phillips screws (part number 48-102184-01) for securing the brackets to the chassis

  • Two M3 x 0.5 x 6-mm Phillips screws (part number 48-101144-01) for securing the chassis to your rack

7

Cisco Secure Firewall 4200

This document has links to the hardware installation guide, regulatory and safety information guide, and warranty and licensing information. It also contains a QR code and URL that point to the Digital Documentation Portal. The portal contains links to the product information page, the hardware installation guide, the regulatory and safety information guide, and the getting started guide.

—

Serial Number and Documentation Portal QR Code

The pullout asset card on the front panel of your Secure Firewall 4200 chassis contains the chassis serial number and the Documentation Portal QR code, which points to product information, the getting started guide, the regulatory and compliance guide, and the hardware installation guide.

Figure 3. Pullout Asset Card

1

Pullout asset tag

2

Documentation Portal QR code

3

Chassis serial number

—

The compliance label on the bottom of the chassis contains the chassis serial number, regulatory compliance marks, and also the Documentation Portal QR code that points to the guides listed above. The following figure shows an example compliance label found on the bottom of the chassis.

Figure 4. Example Compliance Label

1

Chassis model number

2

Documentation Portal QR code

3

Serial number

—

Front Panel

The following figure shows the front panel of the Secure Firewall 4200. See Front Panel LEDs for a description of the LEDs.

Figure 5. Secure Firewall 4200 Front Panel

1

SSD slot (SSD-1)

2

SSD slot (SSD-2)

3

RJ-45 console port

4

Eight 1/10/25-Gb SFP28 fixed fiber ports (NM-1)

Fiber ports named 1/1 through 1/8 left to right

5

Dual stacked management ports (supports 1/10/25-Gb Gigabit Ethernet)

Top port:

  • Secure Firewall Threat Defense—Management 0 (also referred to as Management 1/1)

  • ASA—Management 1/1

Bottom port:

  • Secure Firewall Threat Defense—Management 1 (also referred to as Management 1/2)

  • ASA—Management 1/2

6

Network module slot (NM-2)

7

System LEDs

8

Recessed factory reset button

9

Type A USB 3.0 port

10

Pullout asset card with chassis serial number and QR code to the Digital Documentation Portal that has links to the getting started guide, hardware guide, and regulatory and compliance guide.

11

Network module slot (NM-3)

—
Management Port

The Secure Firewall 4200 chassis management port is a 1/10/25-Gb SFP port that supports fiber as well as DAC or GLC-TE.

RJ-45 Console Port

The Secure Firewall 4200 does not ship with an RJ-45 serial cable unless you order it with the chassis. You can obtain a cable, for example, a USB-to-RJ-45 serial cable. You can use the CLI to configure your 4200 through the RJ-45 serial console port by using a terminal server or a terminal emulation program on a computer.

The RJ-45 (8P8C) port supports RS-232 signaling to an internal UART controller. The console port does not have any hardware flow control, and does not support a remote dial-in modem. The default console port settings are displayed as follows:

  • 9,600 bits per second

  • 8 data bits

  • No parity

  • 1 stop bit

  • No flow control

Type A USB 3.0 Port

You can use the external Type A USB port to attach a data-storage device. The external USB drive identifier is usb:. The Type A USB port supports the following:

  • Hot swapping

  • USB drive formatted with FAT32

  • Boot kickstart image from ROMMON for discovery recovery purposes

  • Copy files to and from workspace:/ and volatile:/ within local-mgmt. The most relevant files are:

    • Core files

    • Ethanalyzer packet captures

    • Tech-support files

    • Security module log files

  • Platform bundle image upload using download image usbA:

The Type A USB port does not support Cisco Secure Package (CSP) image upload support.

Network Ports

The Secure Firewall 4200 chassis has two network module slots that support the following network modules:

  • 4-port 40-Gb QSFP/QSFP+ (FPR-X-NM-4X40G)

  • 4-port 40/100/200-Gb QSFP28/QSFP (FPR-X-NM-4X200G)

  • 2-port 100-Gb QSFP56/QSFP28/QSFP (FPR-X-NM-2X100G)

  • 8-port 1/10-Gb SFP (FPR-X-NM-8X10G)

  • 8-port 1/10/25-Gb ZSFP (FPR-X-NM-8X25G)

  • 6-port 10-Gb SFP SR multimode hardware bypass (FPR-X-NM-6X10SR-F)

  • 6-port 10-Gb SFP LR single mode hardware bypass (FPR-X-NM-6X10LR-F)

  • 6-port 25-Gb SFP SR multimode hardware bypass (FPR-X-NM-6X25SR-F)

  • 6-port 25-Gb SFP LR single mode hardware bypass (FPR-X-NM-6X25LR-F)

  • 8-port 1-Gb 1000Base-T hardware bypass (FPR-X-NM-8X1G-F)

  • 2-port 200-Gb/400-Gb QSFP-DD (FPR-X-NM-2X400G)

Factory Reset Button

The Secure Firewall 4200 chassis has a recessed reset button that resets the system to the factory default. Pressing the button down for five seconds deletes the current configuration and current files.


Note


Use the reset button if the current credentials are lost and you want to initialize the box without having console access.


The following occurs:

  • ROMMON NVRAM is cleared and returned to default.

  • All extra images are removed; the current running image remains.

  • FXOS logs, core files, SSH keys, certificates, FXOS configuration, and Apache configuration are removed.


Note


If power is lost between when you pushed the reset button and when the reset process is complete, the process stops and you have to push the button again after the system powers back on.


Front Panel LEDs

The following figure shows the Secure Firewall 4200 front panel LEDs.

Figure 6. Secure Firewall 4200 Front Panel LEDs

1

SSD-1 Status

Note

 

The left LED is active. The right LED is always off.

  • Off—The SSD is not present.

  • Green—The SSD is present; no activity.

  • Green, flashing—The SSD is active.

  • Amber—The SSD has a problem or failure.

2

SSD-2 Status

Note

 

The left LED is active. The right LED is always off.

  • Off—The SSD is not present.

  • Green—The SSD is present; no activity.

  • Green, flashing—The SSD is active.

  • Amber—The SSD has a problem or failure.

3

Factory Reset Button Status
  • Green, flashing—Flashes 5 seconds after you depress the button.

  • Off—Reset is complete.

Note

 

The factory reset button begins flashing after it has been depressed for at least 5 seconds, and persists until the software has completely applied all factory default settings or it is interrupted by a power cycle.

4

Fiber Port Link/Activity Status

Each fiber port has one dual color LED under the SFP cage.

  • Off—No SFP.

  • Green—Link up.

  • Green, flashing—Network activity at >1G is detected.

  • Amber—No link or network failure.

5

Management Port Status

The 1/10/25-Gb fiber management port has a bicolor LED under the SFP cage that indicates link/activity/fault:

  • Off—No SFP.

  • Green—Link up.

  • Green, flashing—Network activity.

  • Amber—SFP present, but no link.

6

Managed Status

Reserved for future use.

7

Alarm Status

  • Off—No alarms.

  • Amber—Environmental error.

  • Green—Status is ok.

8

System Status

  • Off—System has not booted up yet.

  • Green, flashing quickly—System is booting up.

  • Green—Normal system function.

  • Amber—System boot up has failed.

  • Amber, flashing—Alarm condition, system needs service or attention and may not boot properly.

9

Power Status

  • Off—System is powered off. If the AC power cord is plugged in, and the LED on the power supply is blinking green, standby power is still on.

    Note

     

    If the LED is off, then the power switch is set to OFF or there is no input power.

  • Green, flashing—The system has detected a power switch toggle event, and initiated the shutdown sequence. If the power switch is in the OFF position, the system powers off after shutdown is completed. Do not remove the AC or DC power source while this LED is blinking so that the system has time to perform a graceful shutdown.

  • Amber—The system is powering up (before the BIOS boots). This takes one to five seconds at most.

  • Green—The system is fully powered up.

10

Activity Status (Role of a high-availability pair)

  • Off—The unit is not configured or enabled in a high-availability pair.

  • Green—The unit is in active mode.

  • Amber—The unit is in standby mode.

Rear Panel

The following figure shows the rear panel of the Secure Firewall 4200.

Figure 7. Secure Firewall 4200 Rear Panel

1

Power on/off switch

2

Power supply LED (PSU-1)

3

Dual fan modules (FAN-1, FAN-2, FAN-3) LEDs

4

System power LED

This system power LED has the same behavior as the front panel LED. See Front Panel LEDs for more information.

Note

 

Power supply module 1 (PSU-1)

5

Power supply module 1 (PSU-1)

6

Power supply module 1 (PSU-1) connector

7

Dual fan module 1 (FAN-1)

8

Dual fan module 2 (FAN-2)

9

Dual fan module 3 (FAN-3)

10

Power supply module 2 (PSU-2)

11

Power supply module 2 (PSU-2) connector

12

Power supply LED (PSU-2)

Power Switch

The power switch is located to the left of PSU-1 on the rear of the chassis. It is a toggle switch that controls power to the system. Turning the switch to OFF starts the graceful shutdown process. During the shutdown process the power LEDs flash green indicating that the process has started.  Once the shutdown is complete, the system is powered off. Wait for the system power LEDs to turn off before unplugging the AC power cables. See Front Panel LEDs for the power status LED description.


Note


Threat defense requires a graceful shutdown. See the Cisco Secure 4200 Getting Started Guide for the procedure.



Caution


If you remove the system power cords before the graceful shutdown is complete, disk corruption can occur. You can move the power switch to OFF before the shutdown. The system ignores it.



Note


After removing power from the chassis by unplugging the power cord, wait at least 10 seconds before turning power back ON. You want to keep the system power off, including the standby power, for 10 seconds.


8-Port 1/10/25-Gb Network Module

The Secure Firewall 4200 chassis has two network module slots named NM-2 and NM-3 (left to right on the front panel). Network modules are optional, removable I/O modules that provide either additional ports or different interface types. The network module plugs into the chassis on the front panel. See Front Panel for the location of the network module slots on the chassis.

FPR-X-NM-8X10G supports 1 Gb and 10 Gb full-duplex Ethernet traffic per port and is supported on all Secure Firewall 4200s. FPR-X-NM-8X25G supports 1 Gb, 10 Gb, or 25 Gb full-duplex Ethernet traffic per port and is supported on all Secure Firewall 4200s.

The top ports are numbered from left to right—Ethernet 2/1 or 3/1, Ethernet 2/3 or 3/3, Ethernet 2/5 or 3/5, and Ethernet 2/7 or 3/7. The bottom ports are numbered from left to right—Ethernet 2/2 or 3/2, Ethernet 2/4 or 3/4, Ethernet 2/6 or 3/6, and Ethernet 2/8 or 3/8 (see the figure below). Up arrows are the top ports and down arrows are the bottom ports (see the figure below). This network module supports SFP/SFP+/SFP28 transceivers. See Supported SFP/SFP+/QSFP+ Transceivers for the list of Cisco-supported transceivers.


Note


The hardware and the system support hot swapping if you are replacing a network module with the same type of network module. You must first disable the network port and then reenable it after replacement. If you replace the 8-port 1/10/25-Gb network module with another supported network module, you must reboot the chassis so that the new network module is recognized. See the configuration guide for your operating system for the detailed procedures for managing network modules.


The following figure shows the front panel of the 1/10-Gb and 1/10/25-Gb network module.

Figure 8. 8-Port 1/10-Gb (FPR-X-NM-8X10G) and 8-Port 1/10/25-Gb (FPR-X-NM-8X25G) Network Module

1

Captive screw

2

Ethernet 2/1 or 3/1

3

Ethernet 2/3 or 3/3

4

Ethernet 2/5 or 3/5

5

Ethernet 2/7 or 3/7

6

Power on LED

7

Ejector handle

8

Ethernet 2/2 or 3/2

9

Ethernet 2/4 or 3/4

10

Ethernet 2/6 or 3/6

11

Ethernet 2/8 or 3/8

12

Network activity LEDs

The up arrows represent the top ports and the down arrows represent the bottom ports.

  • Off—No SFP.

  • Amber—No link or network failure.

  • Green—Link up.

  • Green, flashing—Network activity.

For More Information

4-Port 40-Gb Network Module

The Secure Firewall 4200 chassis has two network module slots named NM-2 and NM-3 (left to right on the front panel). Network modules are optional, removable I/O modules that provide either additional ports or different interface types. The network module plugs into the chassis on the front panel. See Front Panel for the location of the network module slots on the chassis.

The FPR-X-NM-4X40G supports 40-Gb operation. This network module provides full-duplex Ethernet traffic per port. The 40-Gb network module has four QSFP+ ports. The 40-Gb ports are numbered left to right, Ethernet 2/1 or 3/1 through Ethernet 2/4 or 3/4. See Supported SFP/SFP+/QSFP+ Transceivers for the list of Cisco-supported transceivers.

You can break each of the four 40-Gb ports into four 10-Gb ports using the supported breakout cables (see Supported SFP/SFP+/QSFP+ Transceivers for a list of the breakout cables). With the four-port 40-Gb network module, you now have 16 10-Gb interfaces. The added interfaces are Ethernet 2/1/1 or 3/1/1 through Ethernet 2/4/4 or 3/4/4.


Note


The hardware and the system support hot swapping if you are replacing a network module with the same type of network module. If you replace the 4-port 40-Gb network module with another supported network module, you must reboot the chassis so that the new network module is recognized. See the configuration guide for your operating system for the detailed procedures for managing network modules.


The following figure shows the front panel of the 4-port 40-Gb network module.

Figure 9. 4-Port 40-Gb Network Module (FPR-X-NM-4X40G)

1

Captive screw

2

Network activity LEDs

The up arrows represent the top ports and the down arrows represent the bottom ports.

  • Off—No SFP.

  • Amber—No link or a network failure.

  • Green—Link is up.

  • Green, flashing—Network activity.

3

Power on LED

4

Ejector handle

5

Ethernet 2/1 or 3/1

6

Ethernet 2/2 or 3/2

7

Ethernet 2/3 or 3/3

8

Ethernet 2/4 or 3/4

For More Information

2-Port 100-Gb Network Module

The Secure Firewall 4200 chassis has two network module slots named NM-2 and NM-3 (left to right on the front panel). Network modules are optional, removable I/O modules that provide either additional ports or different interface types. The network module plugs into the chassis on the front panel. See Front Panel for the location of the network module slots on the chassis.

The FPR-X-NM-2X100G supports 40/100-Gb operation. This network module has two QSFP/QSFP28 ports and provides full-duplex Ethernet traffic per port. The maximum bandwidth supported is 200 Gb full duplex, where each port operates at 100 Gb. The 100-Gb ports are numbered left to right, Ethernet 2/1 or 3/1 through Ethernet 2/2 or 3/2. See Supported SFP/SFP+/QSFP+ Transceivers for the list of Cisco-supported transceivers.

The network module has two 100-Gb ports named E2/1 and E2/2. You can break each 100-Gb port into four 10-Gb or four 25-Gb ports using the supported breakout cables. For E2/1 the new interfaces are named E2/1/1, E2/1/2, E2/1/3 and E2/1/4. For E2/2 the new interfaces are named E2/1/2, E2/2/2, E2/2/3, and E2/2/4.


Note


The hardware and the system support hot swapping if you are replacing a network module with the same type of network module. If you replace the 100-Gb network module with another supported network module, you must reboot the chassis so that the new network module is recognized. See the configuration guide for your operating system for the detailed procedures for managing network modules.


The following figure shows the front panel of the 2-port 100-Gb network module.

Figure 10. 2-Port 100-Gb Network Module (FPR-X-NM-2X100G)

1

Captive screw

2

Network activity LEDs

  • Off—No SFP.

  • Amber—No link or a network failure.

  • Green—Link is up.

  • Green, flashing—Network activity.

3

Network activity LEDs

  • Off—No SFP.

  • Amber—No link or a network failure.

  • Green—Link is up.

  • Green, flashing—Network activity.

4

Power on LED

5

Ejector handle

6

Ethernet 2/1 or 3/1

7

Ethernet 2/2 or 3/2

—

For More Information

4-Port 200-Gb Network Module

The Secure Firewall 4200 chassis has two network module slots NM-2 and NM-3 (left to right on the front panel). Network modules are optional, removable I/O modules that provide either additional ports or different interface types. The network module plugs into the chassis on the front panel. See Front Panel for the location of the network module slots on the chassis.

The FPR-X-NM-4X200G supports 40/100/200-Gb operation. This network module provides full-duplex Ethernet traffic per port. The 200-Gb network module has four QSFP+ ports. The ports are numbered left to right, Ethernet 2/1 or 3/1 through Ethernet 2/4 or 3/4. See Supported SFP/SFP+/QSFP+ Transceivers for the list of Cisco-supported transceivers.


Note


The FPR-X-NM-4X200G supports 40/100 Gb operation initially. Support for 200 Gb is added in a future software release.


You can break each 100-Gb port into four 10-Gb or 25-Gb ports using the supported breakout cables. With the two-port 100-Gb network module, you now have 8 10-Gb or 25-Gb interfaces. The added interfaces are Ethernet 2/1/1 or 3/1/1 through Ethernet 2/4/4 or 3/4/4.


Note


The hardware and the system support hot swapping if you are replacing a network module with the same type of network module. If you replace the 4-port 200-Gb network module with another supported network module, you must reboot the chassis so that the new network module is recognized. See the configuration guide for your operating system for the detailed procedures for managing network modules.


The following figure shows the front panel of the 4-port 200-Gb network module.

Figure 11. 4-Port 200-Gb Network Module (FPR-X-NM-4X200G)

1

Captive screw

2

Network activity LEDs

The up arrows represent the top ports and the down arrows represent the bottom ports.

  • Off—No SFP.

  • Amber—No link or a network failure.

  • Green—Link is up.

  • Green, flashing—Network activity.

3

Power on LED

4

Ejector handle

5

Ethernet 2/1 or 3/1

6

Ethernet 2/2 or 3/2

7

Ethernet 2/3 or 3/3

8

Ethernet 2/4 or 3/4

For More Information

2-Port 200/400-Gb Network Module

The Secure Firewall 4200 chassis has two network module slots named NM-2 and NM-3 (left to right on the front panel). Network modules are optional, removable I/O modules that provide either additional ports or different interface types. The network module plugs into the chassis on the front panel. See Front Panel for the location of the network module slots on the chassis.


Note


The FPR-X-NM-2X400G is first supported in FTD 7.6 and ASA 9.22.1.


The FPR-X-NM-2X400G supports 400-Gb operation, and is also designed to support 200-Gb, 100-Gb, and 40-Gb per port. This network module provides full-duplex Ethernet traffic per port. The 400-Gb network module supports two QSFP-DD transceivers and is designed to also support 200-Gb QSFP56, 100-Gb QSFP28, and 40-Gb QSFP+ transceivers. The 400-Gb ports are numbered left to right, Ethernet 2/1 or 3/1 through Ethernet 2/2 or 3/2. See Supported SFP/SFP+/QSFP+ Transceivers for the full list of Cisco-supported transceivers.


Note


The hardware and the system support hot swapping if you are replacing a network module with the same type of network module. If you replace the 2-port 200/400-Gb network module with another supported network module, you must reboot the chassis so that the new network module is recognized. See the configuration guide for your operating system for the detailed procedures for managing network modules.


The following figure shows the front panel of the 2-port 200/400-Gb network module.

Figure 12. 2-Port 200/400-Gb Network Module (FPR-X-NM-2X400G)

1

Captive screw

2

Power on LED

3

Ejector handle

4

Network activity LEDs

  • Off—No SFP.

  • Amber—No link or a network failure.

  • Green—Link is up.

  • Green, flashing—Network activity.

5

Ethernet 2/1 or 3/1

6

Ethernet 2/2 or 3/2

7

Network activity LEDs

  • Off—No SFP.

  • Amber—No link or a network failure.

  • Green—Link is up.

  • Green, flashing—Network activity.

—
For More Information

8-Port 1000Base-T Network Module with Hardware Bypass

8-Port 1000Base-T Network Module (FPR-X-NM-8X1GF)

The Secure Firewall 4200 chassis has two network module slots named NM-2 and NM-3 (left to right on the front panel). Network modules are optional, removable I/O modules that provide either additional ports or different interface types. The network module plugs into the chassis on the front panel. See Front Panel for the location of the network module slots on the chassis.

FPR4K-XNM-8X1GF is an 8-port 1000Base-T hardware bypass network module. The eight ports are numbered from top to bottom, left to right. Ports 1 and 2, 3 and 4, 5 and 6, and 7 and 8 are paired for hardware bypass mode. In hardware bypass mode, data is not processed by the Secure Firewall 4200 but is routed to the paired port.

Hardware bypass (also known as fail-to-wire) is a physical layer (Layer 1) bypass that allows paired interfaces to go into bypass mode so that the hardware forwards packets between these port pairs without software intervention. Hardware bypass provides network connectivity when there are software or hardware failures. Hardware bypass is useful on ports where the secure firewall is only monitoring or logging traffic. The hardware bypass network modules have a switch that is capable of connecting the two ports when needed.


Note


Hardware bypass is only supported with threat defense, although you can use these modules in nonbypass mode in threat defense or ASA.


Hardware bypass is supported only on a fixed set of ports. You can pair Port 1 with Port 2, Port 3 with Port 4, but you cannot pair Port 1 with Port 4 for example.

When the appliance switches from normal operation to hardware bypass or from hardware bypass back to normal operation, traffic may be interrupted for several seconds. A number of factors can affect the length of the interruption; for example, behavior of the link partner such as how it handles link faults and debounce timing; spanning tree protocol convergence; dynamic routing protocol convergence; and so on. During this time, you may experience dropped connections.


Note


If you have an inline interface set with a mix of hardware bypass and nonhardware bypass interfaces, you cannot enable hardware bypass on this inline interface set. You can only enable hardware bypass on an inline interface set if all the pairs in the inline set are valid hardware bypass pairs.



Note


The 8-port 10/100/1000Base-T network module is supported beginning with FTD 7.2.3 and ASA 9.18.2.


The hardware and the system support hot swapping if you are replacing a network module with the same type of network module. If you replace the 8-port 10/100/1000Base-T network module with another supported network module, you must reboot the chassis so that the new network module is recognized. See the configuration guide for your operating system for the detailed procedures for managing network modules.

Make sure you have the correct firmware package and software version installed to support this network module. See the configuration guide for your software for the procedures for updating the firmware package and verifying the software version. See the Cisco Secure Firewall Threat Defense Compatibility Guide and the Cisco Secure Firewall ASA Compatibility guide, which provide Cisco software and hardware compatibility, including operating system and hosting environment requirements, for each supported version.

The following figure shows the front panel of the 8-port 1000Base-Tnetwork module.

1

Bypass LEDs B1 through B4

  • Green—In standby mode.

  • Amber, flashing—Port is in hardware bypass mode, failure event.

2

Ethernet 2/1 and 2/2 or Ethernet 3/1 and 3/2

Ports 1 and 2 are paired together to form a hardware bypass pair. LED B1 applies to this paired port.

3

Ethernet 2/3 and Ethernet 2/4 or Ethernet 3/3 and 3/4

Ports 3 and 4 are paired together to form a hardware bypass pair. LED B2 applies to this paired port.

4

Ethernet 2/5 and 2/6 or Ethernet 3/5 and 3/6

Ports 5 and 6 are paired together to form a hardware bypass pair. LED B3 applies to this paired port.

5

Ethernet 2/7 and 2/8 or Ethernet 3/7 and 3/8

Ports 7 and 8 are paired together to form a hardware bypass pair. LED B4 applies to this paired port.

6

Captive screw

7

Power LED

8

Handle

9

Left Port LED

  • Unlit—No connection or port is not in use.

  • Green—Link up.

  • Green, flashing—Network activity.

10

Right Port LED

  • Unlit—No connection or port is not in use.

  • Green—Link up.

  • Green, flashing—Network activity.

For More Information

6-Port 10-Gb SR/10-Gb LR/25-Gb SR/25-Gb LR Network Module with Hardware Bypass

The Secure Firewall 4200 chassis has two network module slots named NM-2 and NM-3 (left to right on the front panel). Network modules are optional, removable I/O modules that provide either additional ports or different interface types. The network module plugs into the chassis on the front panel. See Front Panel for the location of the network module slots on the chassis.

The FPR-X-NM-6X10SRF, FPR-X-NM-6X10LRF, FPR-X-NM-6X25SRF, and FPR-X-NM-6X25LRF hardware bypass network modules have six ports that are numbered from top to bottom, left to right. Pair ports 1 and 2, 3 and 4, and 5 and 6 to form hardware bypass paired sets. In hardware bypass mode, data is not processed by the Secure Firewall 4200 but is routed to the paired port. This network module has built-in SFP transceivers. Hot swapping and field replacement of transceivers are not supported.

Hardware bypass (also known as fail-to-wire) is a physical layer (Layer 1) bypass that allows paired interfaces to go into bypass mode so that the hardware forwards packets between these port pairs without software intervention. Hardware bypass provides network connectivity when there are software or hardware failures. Hardware bypass is useful on ports where the secure firewall is only monitoring or logging traffic. The hardware bypass network modules have a switch that is capable of connecting the two ports when needed. This hardware bypass network module has built-in SFPs.


Note


Hardware bypass is only supported with threat defense, although you can use these modules in nonbypass mode in threat defense or ASA.


Hardware bypass is supported only on a fixed set of ports. You can pair Port 1 with Port 2, Port 3 with Port 4, but you cannot pair Port 1 with Port 4 for example.


Note


When the appliance switches from normal operation to hardware bypass or from hardware bypass back to normal operation, traffic may be interrupted for several seconds. A number of factors can affect the length of the interruption; for example, behavior of the link partner such as how it handles link faults and debounce timing; spanning tree protocol convergence; dynamic routing protocol convergence; and so on. During this time, you may experience dropped connections.



Note


If you have an inline interface set with a mix of hardware bypass and nonhardware bypass interfaces, you cannot enable hardware bypass on this inline interface set. You can only enable hardware bypass on an inline interface set if all the pairs in the inline set are valid hardware bypass pairs.



Note


The hardware and the system support hot swapping if you are replacing a network module with the same type of network module. If you replace the 6-port 1/10/25-Gb network module with another supported network module, you must reboot the chassis so that the new network module is recognized. See the configuration guide for your operating system for the detailed procedures for managing network modules.



Note


Make sure you have the correct firmware package and software version installed to support this network module. See the configuration guide for your software for the procedure to verify your firmware package and software version. See the Cisco Secure Firewall Threat Defense Compatibility Guide and the Cisco Secure Firewall ASA Compatibility guide, which provide Cisco software and hardware compatibility, including operating system and hosting environment requirements, for each supported version


The following figure shows the front panel of the 6-port 1/10/25-Gb network module.
Figure 13. 6-Port 1/10/25-Gb Network Module (FPR-X-NM-6X10SRF, FPR-X-NM-6X10LRF, FPR-X-NM-6X25SRF, and FPR-X-NM-6X25LRF)

1

Port 1

Ethernet 2/1 or 3/1

Ports 1 and 2 are paired together to form a hardware bypass pair.

2

Port 2

Ethernet 2/2 or 3/2 (top port)

Ports 1 and 2 are paired together to form a hardware bypass pair.

3

Port 3

Ethernet 2/3 or 3/3

Ports 3 and 4 are paired together to form a hardware bypass pair.

4

Port 4

Ethernet 2/4or 3/4

Ports 3 and 4 are paired together to form a hardware bypass pair.

5

Port 5

Ethernet 2/5 or 3/5

Ports 5 and 6 are paired together to form a hardware bypass pair.

6

Port 6

Ethernet 2/6 or 3/6

Ports 5 and 6 are paired together to form a hardware bypass pair.

7

Captive screw

8

Power LED

9

Handle ejector

10

Bypass LEDs B1 through B3:

  • Off—Bypass mode is disabled.

  • Green—Port is in standby mode.

  • Amber, flashing—Port is in hardware bypass mode, failure event.

11

Six network activity LEDs:

  • Amber—No connection, or port is not in use, or no link or network failure.

  • Green—Link up, no network activity.

  • Green, flashing—Network activity.

—

For More Information

Power Supply Module

The Secure Firewall 4200 supports two AC power supply modules so that dual power supply redundancy protection is available. Facing the back of the chassis, the power supply modules are numbered left to right—PSU-1 and PSU-2.

The power supply module is hot-swappable.


Note


After removing power from the chassis by unplugging the power cord, wait at least 10 seconds before turning power back ON. You want to keep the system power off, including the standby power, for 10 seconds.



Attention


Make sure that one power supply module is always active.


AC Power Supply

The dual power supplies can supply up to 1900-W power across the input voltage range. The load is shared when both power supply modules are plugged in and running at the same time.


Note


The system does not consume more than the capacity of one power supply module, so it always operates in full redundancy mode when two power supply modules are installed.


Figure 14. Power Supply Module

1

Release tab

2

Cord retention mechanism

3

Handle

4

Power cord connector

Table 2. AC Power Supply Module Hardware Specifications

Specification

4215

4225

4245

Dimensions

1.575 x 2.657 x 9.92 inches (40.0 x 67.5 x 252 mm)

Hot-swappable

Yes

Redundancy

1+1 maximum in parallel

Input voltage

100 to 120 VAC (low line)

200 to 240 VAC (high line)

Only 200 to 240 VAC (high line)

Input current (maximum)

14 A at 100 VAC or 13 A at 200 VAC

Input voltage frequency

50 to 60 Hz (nominal)

Output main voltage at current

12 V +/- 5% at 100 A (low line)

12 V +/- 5% at 158 A (high line)

Output standby voltage at current

12 V at 2.5 A

Output power

1200 W (low line)

1900 W (high line)

Energy efficiency

> 90% (platinum)

Temperature (operating)

100% load at 6000 ft (1828.8 m): 23 to 113 °F (-5 to 45°C)

100% load at 10000 ft (3000 m): 23 to 95°F (-5 to 35°C)

Temperature (nonoperating)

-40 to 158°F (-40 to 70°C)

Altitude (nonoperating)

-1000 to 40000 ft (-305 to 12200 m)

Humidity (operating and nonoperating)

5 to 90% (noncondensing)

Power Supply Module LED

The following figure shows the bicolor power supply LED on the AC power supply module.

Figure 15. Power Supply Module LED

1

Power supply LED

  • Active mode—Green

  • Standby mode—Green, flashing

  • Boot loading process—Green, flashing

  • No AC power, but the other power supply module in the system is operating—Amber

  • Fan fault—Amber

  • No input power—Off

Dual Fan Modules

The Secure Firewall 4200 has three dual fan modules. There are two fans per module and each fan has dual rotors. When one fan fails, the other dual fan modules spin at maximum speed so that the system continues to function. The dual fan modules are hot-swappable and installed in the rear of the chassis.

The following figure shows the location of the fan LED on the fan module.

Figure 16. Fan LED

1

Two-color LED

The fan module has one two-color LED, which is located on the upper left corner of the fan.

  • Off—No power or the system is powering up.

  • Green—Fans are running normally. It may take up to one minute for the LED status to turn green after power is on.

  • Amber, flashing—One or more fan rotor RPMs is not normal. Immediate attention is required.

  • Amber—One or more fan rotors have failed. The system can continue to operate normally, but fan service is required.

For More Information

SSDs

The Secure Firewall 4200 has two SSD slots that each hold one NVMe 1.8-TB SSD. By default the Secure Firewall 4200 ships with two 1.8-TB SSDs installed in slot 1 and slot 2. Software RAID1 is shipped already configured.

Hot swapping is supported. You can swap SSDs without powering off the chassis. However, before hot swapping SSDs you must issue the raid remove-secure local-disk 1|2 command to prepare the SSD for removal. This command preserves the data on the SSD. After you remove and replace the SSD, you must add it again to the RAID1 configuration using the raid add local-disk 1|2 command. See Hot Swap an SSD on the Secure Firewall 3100/4200 for the procedures for safely removing an SSD.


Caution


The raid remove-secure local disk command securely erases the specified SSD data.



Caution


You cannot swap SSDs between different platforms. For example, you cannot use a 3100 series SSD in a 4200 series model.


The SSD drive identifiers are disk0: and disk1:.

Figure 17. SSD

1

SSD release tab

Captive screw

Supported SFP/SFP+/QSFP+ Transceivers

The SFP/SFP+/QSFP+ transceiver is a bidirectional device with a transmitter and receiver in the same physical package. It is a hot-swappable optical or electrical (copper) interface that plugs into the SFP/SFP+/QSFP+ ports on the fixed ports and the network module ports, and provides Ethernet connectivity.

Figure 18. SFP Transceiver

1

Dust plug

2

Bail clasp

3

Receive optical bore

4

Transmit optical bore

Safety Warnings

Take note of the following warnings:


Warning


Statement 1055—Class 1/1M Laser

Invisible laser radiation is present. Do not expose to users of telescopic optics. This applies to Class 1/1M laser products.



Warning


Statement 1056—Unterminated Fiber Cable

Invisible laser radiation may be emitted from the end of the unterminated fiber cable or connector. Do not view directly with optical instruments. Viewing the laser output with certain optical instruments, for example, eye loupes, magnifiers, and microscopes, within a distance of 100 mm, may pose an eye hazard.



Warning


Statement 1057—Hazardous Radiation Exposure

Use of controls, adjustments, or performance of procedures other than those specified may result in hazardous radiation exposure.



Warning


Use appropriate ESD procedures when inserting the transceiver. Avoid touching the contacts at the rear, and keep the contacts and ports free of dust and dirt. Keep unused transceivers in the ESD packing that they were shipped in.



Caution


Although non-Cisco SFPs are allowed, we do not recommend using them because they have not been tested and validated by Cisco. Cisco TAC may refuse support for any interoperability problems that result from using an untested third-party SFP transceiver.


The following table lists the supported transceivers for the fixed ports on all 4200 models, and the FPR4K-XNM-8X10G and FPR4K-XNM-8X25G network modules.

Table 3. Supported 1-Gb SFP Transceivers

Optics Type

PID

Comments

1G, 1000Base-T

GLC-TE

1 Gb-copper SFP version

1G multimode

GLC-SX-MMD

850 nm

1G single mode

GLC-LH-SMD

1310 nm

1G SM extended r.

GLC-EX-SMD

40 km

1G SM

GLC-ZX-SMD

80 km

The following table lists the supported transceivers for the fixed ports on all 4200 models, and the FPR4K-XNM-8X10G and FPR4K-XNM-8X25G network modules.

Table 4. Supported 10-Gb SFP Transceivers

Optics Type

PID

Comments

10G-SR

SFP-10G-SR

—

10G-SR

SFP-10G-SR-S

Ethernet only

10G-LR

SFP-10G-LR

—

10G-LR

SFP-10G-LR-S

Ethernet only

10G-ER

SFP-10G-ER

—

10G-ER

SFP-10G-ER-S

—

10G-ER

SFP-10G-ER-S

Ethernet only

10G-T-X

SFP-10G-T-X

—

10G-ZR

SFP-10G-ZR

—

10G-ZR

SFP-10G-ZR-S —

10G DAC copper

SFP-H10GB-CUxM

Length 1, 1.5, 2, 2.5, 3, 4, 5 m

10G DAC CU active

QSFP-4X10G-ACUxM

Length 7 and 10 m

Note

 

You can install the SFP end of the cable in the network modules and chassis ports specified in the introduction sentence of this table. See the 40-Gb and 100-Gb tables for compatibility with the QSFP end of the cable.

10G AOC

SFP-10G-AOCxM

Length 1, 2, 3, 5, 7, 10 m

The following table lists the supported transceivers for the fixed ports on all 4200 models and the FPR4K-X-NM-8X25G network module.

Table 5. Supported 25-Gb SFP Transceivers

Optics Type

PID

Comments

25G-SR

SFP-25G-SR-S

—

25G-CSR

SFP-10/25G-CSR-S

Dual rate, longer reach

25G-LR

SFP-10/25G-LR-S

Dual rate

25G DAC copper

QSFP-4SFP25G-CUxM

Length 1, 2, 3, 5 m

Note

 

You can install the SFP end of the cable in the network modules and chassis ports specified in the introduction sentence of this table. See the 40-Gb and 100-Gb tables for compatibility with the QSFP end of the cable.

25G AOC

SFP-25G-AOCxM

Length 1, 2, 3, 4, 5, 7, 10 m

The following table lists the supported transceivers for the FPR4K-X-NM-4X40G, FPR4K-X-NM-2X100G, and FPR4K-X-NM-4X200G network modules.

Table 6. Supported 40-Gb SFP Transceivers for FPR4K-X-NM-4X40G, FPR4K-X-NM-2X100G, and FPR4K-X-NM-4X200G

Optics Type

PID

Comments

40G-SR4

QSFP-40G-SR4

—

40G-SR4-S

QSFP-40G-SR4-S

Ethernet only

40G-CSR4

QSFP-40G-CSR4

300 m with OM3

40G-SR-BD

QSFP-40G-SR-BD

LC connector

40G-LR4-S

QSFP-40G-LR4-S

Ethernet only

40G-LR4

QSFP-40G-LR4

Ethernet and OTU3

40G-LR4L

WSP-Q40GLR4L

LR4 Lite, up to 2 km

40G-CU

Cisco QSFP-H40G-CUxM

QSFP to QSFP copper direct-attach cables (passive); length 1, 3, 5 m

40G-CU-breakout

QSFP-4SFP10G-CUxM

QSFP to 4xSFP copper direct-attach cables; length 1, 2, 3, 4, 5 m

40G-CU-A

Cisco QSFP-H40G-ACUxM

QSFP to QSFP copper direct-attach cables (active); length 7, 10 m

40G-CU-A-breakout

Cisco QSFP-4X10G-ACUxM

QSFP to QSFP copper direct-attach cables (active); length 7, 10 m

40G-AOC

QSFP-H40G-AOCxM

QSFP to QSFP active optical cables; length 1, 2, 3, 5, 7, 10, 15, 30 m

40G-AOC-breakout

QSFP-4X10G-AOCxM

QSFP to 4xSFP active optical cables; length 1, 2, 3, 5, 7, 10 m

The following table lists the supported transceivers for the FPR4K-X-NM-2X100G and FPR4K-X-NM-4X200G network modules.

Table 7. Supported 100-Gb QSFP Transceivers for FPR4K-X-NM-2X100G, FPR4K-X-NM-4X200G, and FPR4K-X-NM-2X400G.

Optics Type

PID

Comments

100G-SR4

QSFP-100G-SR4-S

100GBASE SR4 QSFP, MPO, 100 m over OM4 MMF

100G-LR4

QSFP-100G-LR4-S

100GBASE LR4 QSFP, LC, 10 km over SMF

40/100G

QSFP-40/100G-SRBD

100 m OM4, LC connector

100G-AOC

QSFP-100G-AOCxM

Multimode up to 30 m (direct attach); length 1, 2, 3, 5, 7, 10,15, 20, 25, 30 m

100G-CR4

QSFP-100G-CUxM

100G copper up to 5 m (direct attach); length 1, 2, 3, 5 m

100G-CR4 breakout

QSFP-4SFP25G-CUxM

100G copper breakout; length 1, 2, 3, 5 m)

100G-FR

QSFP-100G-FR-S

100GBASE FR QSFP transceiver, 2 km over SMF, LC connector

100G-LR

QSFP-100G-LR-S

Single Mode, 10K m, LC

100G-DR

QSFP-100G-DR-S

100GBASE DR QSFP transceiver, 500 m over SMF, LC connector

100G-SM-SR

QSFP-100G-SM-SR

Single mode, 2m to 500 m, LC

100G-SR1.2

QSFP-100G-SR1.2

Multimode, SR BiDi, 100 m with OM4, LC

The following table lists the supported transceivers for the FPR4K-X-NM-2X200/400G network module.

Table 8. Supported 400G QSFP-DD Transceivers for FPR4K-X-NM-2X200/400G

Optics Type

PID

Comments

MPO connector

QDD-400G-DR4-S

500 m

MPO connector

QDD-4x100G-FR-S

2 km

MPO connector

QDD-4x100G-LR-S

10 km

MPO connector

QDD-400G-SR4.2-BD

—

Duplex/LC connector

QDD-400G-FR4-S

2 km

Duplex/LC connector

QDD-400G-LR4-S

10 km

Cables

QDD-400-CUxM

1, 2, 2.5, 3 m

Cables

QDD-400-AOCxM

1, 2, 3, 5, 7, 10, 15, 20, 25, and 30 m

QDD breakout

QDD-2X100-LR4-S

10 km, CS

Hardware Specifications

The following table contains hardware specifications for the Secure Firewall 4200.

Table 9. Secure Firewall 4200 Hardware Specifications

Specification

4215

4225

4245

Chassis dimensions (H x W x D)

1.73 x 16.89 x 32.0 inches (4.39 x 42.9 x 81.28 cm)

Network module dimensions (H x W x D)

1.41 x 3.66 x 9.94 inches (3.58 x 9.3 x 25.25 cm)

Chassis weight

(2 power supplies, 2 network modules, 3 fan modules)

43 lb (19.5 kg)

43 lb (19.5 kg)

46 lb (20.8 kg)

Chassis weight

(no powers supplies, no network modules, no fan modules)

33 lb (15 kg)

33 lb (15 kg)

36 lb (16.3 kg)

System input power

770 W

870 W

1380 W

Temperature

Operating: 32 to 104°F (-0 to 40°C)

Derate the maximum operating temperature 33.8°F (1°C) per 1000 ft (305 m) above 6000 ft (1829 m) altitude.

Nonoperating: -13 to 149°F (-25 to 65°C) maximum altitude is 40,000 ft (12,192 m)

Operating: 32 to 104°F (0 to 35°C) at sea level

Derate the maximum operating temperature 33.8°F (1°C) per 1000 ft (305 m) above sea level

Nonoperating: -13 to 149°F (-25 to 65°C) maximum altitude is 40,000 ft (12,192 m)

Humidity

Operating: 5 to 90% noncondensing

Nonoperating: 5 to 90% noncondensing

Altitude

Operating: 0 to 10,000 ft (0 to 3048 m)

Nonoperating: 40,000 ft (12,192 m) maximum

Sound pressure

<=78 dBA (typical)

<= 84 dBA (maximum)

Sound power

<=87 dB (typical)

<=92 dB (maximum)

Product ID Numbers

The following table lists the product IDs (PIDs) associated with the Secure Firewall 4200. All of the PIDs in the table are field-replaceable. If you need to get a return material authorization (RMA) for any component, see Cisco Returns Portal for more information.


Note


See the show inventory command in the Cisco Secure Firewall Threat Defense Command Reference or the Cisco ASA Series Command Reference to display a list of the PIDs for your Secure Firewall 4200.
Table 10. Secure Firewall 4200 PIDs

PID

Description

Chassis

FPR4215-ASA-K9

Cisco Secure Firewall 4215 ASA chassis 1 RU

FPR4225-ASA-K9

Cisco Secure Firewall 4225 ASA chassis 1 RU

FPR4245-ASA-K9

Cisco Secure Firewall 4245 ASA chassis 1 RU

FPR4215-NGFW-K9

Cisco Secure Firewall 4215 next generation firewall chassis 1 RU

FPR4225-NGFW-K9

Cisco Secure Firewall 4225 next generation firewall chassis 1 RU

FPR4245-NGFW-K9

Cisco Secure Firewall 4245 next generation firewall chassis 1 RU

FPR4215-NGIPS-K9

Cisco Secure Firewall 4215 next generation firewall chassis 1 RU

FPR4225-NGIPS-K9

Cisco Secure Firewall 4225 next generation firewall chassis 1 RU

FPR4245-NGIPS-K9

Cisco Secure Firewall 4245 next generation firewall chassis 1 RU

Accessories

FPR4200-ACY-KIT=

Accessory kit (spare)

FPR4200-PWR-AC

400-W AC power supply

FPR4200-PWR-AC=

400-W AC power supply (spare)

FPR4200-PSU-BLANK

Power supply blank slot cover

FPR4200-PSU-BLANK=

Power supply blank slot cover (spare)

FPR4200-SSD1800

1800 GB SSD

FPR4200-SSD1800=

1800 GB SSD (spare)

FPR4200-FAN

Dual fan module

FPR4200-FAN=

Dual fan module (spare)

FPR4200-SLD-RAILS

Slide rail kit

FPR4200-SLD-RAILS=

Slide rail kit (spare)

FPR4200-CBL-MGMT

Cable management brackets

FPR4200-CBL-MGMT=

Cable management brackets (spare)

FPR4200-FIPS-KIT

FIPS opacity shield; covers the serial number on the chassis

FPR4200-FIPS-KIT=

FIPS opacity shield; covers the serial number on the chassis (spare)

Network Modules

FPR4K-XNM-6X1SXF

6-port 1-Gb SFP hardware bypass network module, SX multimode

FPR4K-XNM-6X1SXF=

6-port 1-Gb SFP hardware bypass network module, SX multimode (spare)

FPR4K-XNM-6X10SRF

6-port 10-Gb SFP hardware bypass network module, SR multimode

FPR4K-XNM-6X10SRF=

6-port 10-Gb SFP hardware bypass network module, SR multimode (spare)

FPR4K-XNM-6X10LRF

6-port 10-Gb SFP hardware bypass network module, LR single mode

FPR4K-XNM-6X10LRF=

6-port 10-Gb SFP hardware bypass network module, LR single mode (spare))

FPR4K-XNM-6X25SRF

6-port 25-Gb SFP hardware bypass network module, SR multimode

FPR4K-XNM-6X25SRF=

6-port 25-Gb SFP hardware bypass network module, SR multimode (spare)

FPR4K-XNM-6X25LRF

6-port 25-Gb SFP hardware bypass network module, LR single mode

FPR4K-XNM-6X25LRF=

6-port 25-Gb SFP hardware bypass network module, LR single mode (spare)

FPR4K-XNM-8X1GF

8-port 10/100/1000Base-10 hardware bypass network module

FPR4K-XNM-8X1GF=

8-port 10/100/1000Base-10 hardware bypass network module (spare)

FPR4K-XNM-8X10G

8-port 1/10-Gb SFP+ network module

FPR4K-XNM-8X10G=

8-port 1/10-Gb SFP+ network module (spare)

FPR4K-XNM-8X25G

8-port 1/10/25-Gb ZSFP network module

FPR4K-XNM-8X25G=

8-port 1/10/25-Gb ZSFP network module (spare)

FPR4K-XNM-4X40G

4-port 40-Gb QSFP+ network module

FPR4K-XNM-4X40G=

4-port 40-Gb QSFP+ network module

FPR4K-XNM-2X100G

2-port 100-Gb QSFP+

FPR4K-XNM-2X100G=

2-port 100-Gb QSFP+ (spare)

FPR4K-XNM-4X200G

4-port 40/100/200-Gb QSFP+

FPR4K-XNM-4X200G=

4-port 40/100/200-Gb QSFP+ (spare)

FPR-X-NM-2X400G

2-port 200/400-Gb QSFP-DD

FPR-X-NM-2X400G=

2-port 200/400-Gb QSFP-DD (spare)

FPR4200-NM-BLANK

Network module blank slot cover

FPR4200-NM-BLANK=

Network module blank slot cover (spare)

Power Cord Specifications

Each power supply has a separate power cord. Standard power cords or jumper power cords are available for connection to the secure firewall. The jumper power cords for use in racks are available as an optional alternative to the standard power cords.

If you do not order the optional power cord with the system, you are responsible for selecting the appropriate power cord for the product. Using a incompatible power cord with this product may result in electrical safety hazard. Orders delivered to Argentina, Brazil, and Japan must have the appropriate power cord ordered with the system.


Note


Only the approved power cords or jumper power cords provided with the Secure 4200 are supported.


The following power cords are supported.

Figure 19. Argentina
PID: PWR-CAB-AC-ARG Part number: 37-1711-01

1

Plug: IRAM 2073

2

Cord set rating: 20 A, 250 V

3

Connector: IEC 60320/C21

Cord length: 14 ft (4.25 m)

Figure 20. Australia
PID: PWR-CAB-AC-AUS Part number: 72-5201-01

1

Plug: A.S./NZS 3112

2

Cord set rating: 15 A, 250 V

3

Connector: IEC 60320/C21

Cord length: 14 ft (4.3 m)

Figure 21. Brazil
PID: PWR-CAB-AC-BRA Part number: 72-5208-01

1

Plug: NBR 14136

2

Cord set rating: 16 A, 250 V

3

Connector: IEC 60320/C21

Cord length: 14 ft (4.3 m)

Figure 22. China
PID: PWR-CAB-AC-CHN Part number: 72-5207-01

1

Plug: GB16C

2

Cord set rating: 16 A, 250 V

3

Connector: IEC 60320/C21

Cord length: 14 ft (4.3 m)

Figure 23. Europe
PID: PWR-CAB-AC-EU Part number: 37-1808-01

1

Plug: CEE 7/7

2

Cord set rating: 16 A, 250 V

3

Connector: IEC 60320/C21

Cord length: 14 ft (4.3 m)

Figure 24. India
PID: PWR-CAB-AC-IND Part number: 37-1857-01

1

Plug: IS 1293

2

Cord set rating: 16 A, 250 V

3

Connector: IEC 60320/C21

Cord length: 14 ft (4.3 m)

Figure 25. International
PID: PWR-CAB-AC-BLK Part number: 72-5595-01

1

Plug: IEC 60320/20

2

Cord set rating: 20 A, 250 V

3

Connector: IEC 60320/C21

Cord length: 14 ft (4.3 m)

Figure 26. Israel
PID: PWR-CAB-AC-ISRL Part number: 72-5206-01

1

Plug: SI-32

2

Cord set rating: 16 A, 250 V

3

Connector: IEC 60320/C21

Cord length: 14 ft (4.3 m)

Figure 27. Italy
PID: PWR-CAB-AC-ITA Part number: 72-5203-01

1

Plug: CEI 23-50

2

Cord set rating: 16 A, 250 V

3

Connector: IEC 60320/C21

Cord length: 14 ft (4.3 m)

Figure 28. Japan
PID: PWR-CAB-AC-JPN Part number: 72-5210-01

1

Plug: NEMA L6-20

2

Cord set rating: 20 A, 250 V

3

Connector: IEC 60320/C21

Cord length: 14 ft (4.3 m)

Figure 29. Korea
PID: PWR-CAB-AC-KOR Part number: 37-1808-01

1

Plug: CEE 7/7

2

Cord set rating: 16 A, 250 V

3

Connector: IEC 60320/C21

Cord length: 14 ft (4.3 m)

Figure 30. North America
PID: PWR-CAB-AC-USA520 Part number: 37-1849-01

1

Plug: NEMA 5-20P

2

Cord set rating: 20 A, 125 V

3

Connector: IEC 60320/C21

Cord length: 14 ft (4.3 m)

Figure 31. North America
PID: PWR-CAB-AC-USA Part number: 72-5200-01

1

Plug: NEMA L6-20P

2

Cord set rating: 20 A, 250 V

3

Connector: IEC 60320/C21

Cord length: 14 ft (4.3 m)

Figure 32. South Africa
PID: PWR-CAB-AC-SA Part number: 72-5204-01

1

Plug: SABS 164

2

Cord set rating: 16 A, 250 V

3

Connector: IEC 60320/C21

Cord length: 14 ft (4.3 m)

Figure 33. Switzerland
PID: PWR-CAB-AC-SUI Part number: 72-5209-01

1

Plug: SEV 1011

2

Cord set rating: 16 A, 250 V

3

Connector: IEC 60320/C21

Core length: 14 ft (4.3 m)

Figure 34. United Kingdom
PID: PWR-AC-UK Part number: 72-5205-01

1

Plug: IEC309

2

Cord set rating: 16 A, 250 V

3

Connector: IEC 60320/C21

Length: 14 ft (4.3 m)