Cisco Firepower 9300: Ultra-high-performance NGFW, expandable as your needs grow
ComparePerformance Highlights
Table 1 summarizes the performance highlights of the Cisco Firepower NGFW 4100 Series and 9300 appliances and select ASA-FTD-5500-X appliances.
Table 1. Performance Highlights
|
Cisco Firepower Model |
Cisco ASA 5500-FTD-X Model |
||||||||||||||
|
Features |
4110 |
4120 |
4140 |
41501 |
9300 with 1 SM-24 Module |
9300 with 1 SM-36 Module |
9300 with 3 SM-36 Modules |
5506-FTD-X |
5506W-FTD-X |
5506H-FTD-X |
5508-FTD-X |
5516-FTD-X |
5525-FTD-X |
5545-FTD-X |
5555-FTD-X |
|
Firewall throughput (ASA) |
20 Gbps |
40 Gbps |
60 Gbps |
– |
75 Gbps |
80 Gbps |
225 Gbps |
750 Mbps |
750 Mbps |
750 Mbps |
1 Gbps |
1.8 Gbps |
2 Gbps |
3 Gbps |
4 Gbps |
|
Throughput FW + AVC (Firepower Threat Defense)2 |
12 Gbps |
20 Gbps |
25 Gbps |
– |
25 Gbps |
35 Gbps |
100 Gbps |
250 Mbps |
250 Mbps |
250 Mbps |
450 Mbps |
850 Mbps |
1,100 Mbps |
1,500 Mbps |
1,750 Mbps |
|
Throughput: FW + AVC + NGIPS (Firepower Threat Defense)2 |
10 Gbps |
15 Gbps |
20 Gbps |
– |
20 Gbps |
30 Gbps |
90 Gbps |
125 Mbps |
125 Mbps |
125 Mbps |
250 Mbps |
450 Mbps |
650 Mbps |
1,000 Mbps |
1,250 Mbps
|
Platform Support
Cisco Firepower 4100 Series and Firepower 9300 NGFW appliances use the Cisco Firepower Threat Defense software image. Alternatively, these appliances can support the Cisco Adaptive Security Appliance (ASA) software image. The Cisco Firepower Management Center (formerly FireSIGHT) provides unified management of the Cisco Firepower NGFW, as well as Cisco Firepower NGIPS and Cisco AMP. Also available, on select Cisco Firepower appliances, and direct from Cisco, is the Radware DefensePro distributed denial of service (DDoS) mitigation capability.
Cisco Firepower 4100 Series Appliances
The Cisco Firepower 4100 Series is a family of four threat-focused NGFW security platforms. Their maximum throughput ranges from 20 to more than 60 Gbps, addressing use cases from the Internet edge to the data center. They deliver superior threat defense, at faster speeds, with a smaller footprint.
Cisco Firepower 9300 Appliance
The Cisco Firepower 9300 is a scalable (beyond 1Tbps), carrier-grade, modular platform designed for service providers, high-performance computing centers, data centers, campuses, high-frequency trading environments, and more that require low (less than 5-microsecond offload) latency and exceptional throughput. Cisco Firepower 9300 supports flow-offloading, programmatic orchestration, and management of security services with RESTful APIs. It is also available in NEBS-compliant configurations.
Cisco ASA 5500-FTD-X Series Appliances
The Cisco ASA 5500-FTD-X Series is a family of eight threat-focused NGFW security platforms. Their maximum throughput ranges from 750 Mbps to 4 Gbps, addressing use cases from the small or branch office to the Internet edge. They deliver superior threat defense in a cost-effective footprint.
Performance Specifications and Feature Highlights
Table 2 summarizes the capabilities of the Cisco Firepower NGFW 4100 Series and 9300 appliances and the Cisco ASA 5500-FTD-X appliances when running the Cisco Firepower Threat Defense image.
Table 2. Performance Specifications and Feature Highlights with the Firepower Threat Defense Image
|
Cisco Firepower Model |
Cisco ASA 5500-FTD-X Model |
||||||||||||||
|
Features |
4110 |
4120 |
4140 |
41501 |
9300 with 1 SM‑24 Module |
9300 with 1 SM‑36 Module |
9300 with 3 Clustered SM‑36 Modules |
5506-FTD-X |
5506W-FTD-X |
5506H-FTD-X |
5508-FTD-X |
5516-FTD-X |
5525-FTD-X |
5545-FTD-X |
5555-FTD-X |
|
Throughput: FW + AVC2 |
12 Gbps |
20 Gbps |
25 Gbps |
– |
25 Gbps |
35 Gbps |
100 Gbps |
250 Mbps |
250 Mbps |
250 Mbps |
450 Mbps |
850 Mbps |
1,100 Mbps |
1,500 Mbps |
1,750 Mbps |
|
Throughput: AVC + IPS2 |
10 Gbps |
15 Gbps |
20 Gbps |
– |
20 Gbps |
30 Gbps |
90 Gbps |
125 Mbps |
125 Mbps |
125 Mbps |
250 Mbps |
450 Mbps |
650 Mbps |
1,000 Mbps |
1,250 Mbps |
|
Sizing throughput (450-byte HTTP)3: |
4 Gbps |
8 Gbps |
10 Gbps |
– |
9 Gbps |
12.5 Gbps |
30 Gbps |
||||||||
|
Sizing throughput (440-byte HTTP)3: |
90 Mbps |
90 Mbps |
90 Mbps |
180 Mbps |
300 Mbps |
375 Mbps |
575 Mbps |
725 Mbps |
|||||||
|
Maximum concurrent sessions, with AVC |
4.5 million |
11 million |
14 million |
– |
28 million |
29 million |
57 million |
50000 |
50000 |
50000 |
100,000 |
250,000 |
500,000 |
750,000 |
1,000,000 |
|
Maximum new connections per second, with AVC |
68,000 |
120,000 |
160,000 |
– |
120,000 |
160,000 |
500,000 |
5,000 |
5,000 |
5,000 |
10,000 |
20,000 |
20,000 |
30,000 |
50,000 |
|
Application Visibility and Control (AVC) |
Standard, supporting more than 4000 applications, as well as geo-locations, users, and websites |
||||||||||||||
|
AVC: OpenAppID support for custom, open source, application detectors |
Standard |
||||||||||||||
|
Cisco Security Intelligence |
Standard, with IP, URL, and DNS threat intelligence |
||||||||||||||
|
Cisco Firepower NGIPS |
Available; can passively detect endpoints and infrastructure for threat correlation and indicators of compromise (IoC) intelligence |
||||||||||||||
|
Cisco AMP for Networks |
Available; enables detection, blocking, tracking, analysis, and containment of targeted and persistent malware, addressing the attack continuum both during and after attacks. Integrated threat correlation with Cisco AMP for Endpoints is also optionally available |
||||||||||||||
|
Cisco AMP Threat Grid sandboxing |
Available |
||||||||||||||
|
URL Filtering: categories |
More than 80+ |
||||||||||||||
|
URL Filtering: URLs categorized |
More than 280 million |
||||||||||||||
|
Automated threat feed and IPS signature updates |
Yes: class-leading Collective Security Intelligence (CSI) from Cisco Talos (http://www.cisco.com/c/en/us/products/security/talos.html) |
||||||||||||||
|
Third-party and open-source ecosystem |
Open API for integrations with third-party products; Snort® and OpenAppID community resources for new and specific threats |
||||||||||||||
|
Centralized management |
Centralized configuration, logging, monitoring, and reporting is performed by the Firepower Management Center |
||||||||||||||
|
High availability and clustering |
Active/standby; with Cisco Firepower 9300 intra-chassis clustering is also supported |
||||||||||||||
|
VLANs – Maximum |
1024 |
||||||||||||||
Table 3 summarizes the performance and capabilities of the Cisco Firepower 4100 Series and 9300 appliances when running the ASA image. For Cisco ASA 5500-X series ASA performance specifications please visit the
Cisco ASA with FirePOWER Services data sheet.
Table 3. ASA Performance and Capabilities
|
Cisco Firepower Model |
|||||||
|
Features |
4110 |
4120 |
4140 |
41501 |
9300 with 1 SM‑24 Module |
9300 with 1 SM‑36 Module |
9300 with 3 SM‑36 Modules |
|
Stateful inspection firewall throughput2 |
20 Gbps |
40 Gbps |
60 Gbps |
– |
75 Gbps |
80 Gbps |
225 Gbps |
|
Stateful inspection firewall throughput (multiprotocol)3 |
10 Gbps |
20 Gbps |
30 Gbps |
– |
50 Gbps |
60 Gbps |
130 Gbps |
|
Concurrent firewall connections |
10 million |
15 million |
25 million |
– |
55 million |
60 million |
70 million |
|
Firewall latency (UDP 64b, microseconds) |
3.5 |
3.5 |
3.5 |
– |
3.5 |
3.5 |
3.5 |
|
New connections per second |
150,000 |
250,000 |
350,000 |
– |
600,000 |
900,000 |
2.5 million |
|
Security contexts4 |
250 |
250 |
250 |
– |
250 |
250 |
250 |
|
Virtual interfaces |
1024 |
1024 |
1024 |
– |
1024 |
1024 |
1024 |
|
IPSEC VPN throughput |
8 Gbps |
10 Gbps |
14 Gbps |
– |
15 Gbps |
18 Gbps |
54 Gbps5 |
|
IPsec/Cisco AnyConnect/Apex site-to-site VPN peers |
10,000 |
15,000 |
20,000 |
– |
20,000 |
20,000 |
60,0005 |
|
Maximum number of VLANs |
1024 |
1024 |
1024 |
– |
1024 |
1024 |
1024 |
|
Security contexts (included; maximum) |
10; 250 |
10; 250 |
10; 250 |
– |
10; 250 |
10; 250 |
10; 250 |
|
High availability |
Active/active and active/standby |
Active/active and active/standby |
Active/active and active/standby |
– |
Active/active and active/standby |
Active/active and active/standby |
Active/active and active/standby |
|
Clustering |
Up to 15 appliances |
Up to 15 appliances |
Up to 15 appliances |
– |
Up to 5 appliances with 3 security modules each |
Up to 5 appliances with three security modules each |
Up to 5 appliances with 3 security modules each |
|
Scalability |
VPN clustering and load balancing, interchassis clustering |
VPN clustering and load balancing, interchassis clustering |
VPN clustering and load balancing, interchassis clustering |
– |
VPN clustering and load balancing, intrachassis clustering, interchassis clustering |
VPN clustering and load balancing, intrachassis clustering, interchassis clustering |
VPN clustering and load balancing, intrachassis clustering, interchassis clustering |
Related Products
- desktop-columns-3 tablet-columns-2 mobile-columns-2
-
ASA 5555-X with FirePOWER Services: Up to 2 Gbps Multiservice capable 8 x 10/100/1000 1 RU
Availability: In stockOut of stock
-
Catalyst 3850 Series
Availability: In stockOut of stock
The Cisco Catalyst 3850 Series Switches are the next generation of enterprise-class, stackable, access layer switches. They provide full convergence between wired and wireless networks on a single platform. This convergence is built on the resilience of the new, 480 Gbps Cisco StackWise and Cisco StackPower technologies.
The following table provides high-level comparisons of the different models available in the Cisco Catalyst 3850 Series Switch family. You may view all models with:
-
AT-x510-28GPX: 24-port 10/100/1000T PoE+ stackable switch with 4 SFP+ ports and 2 fixed power supplies. Required Net.Cover for software maintenance for firmware v5.4.4 or later
Availability: In stockOut of stock
Allied Telesis x510 GPX Series stackable Gigabit switches power the edge in the network more efficiently than any others.
The AT-x510-28GPX features 24 x 10/100/1000T PoE+ ports and 4 x 10G/1G SFP+ uplink ports. It includes two internal power supplies for high reliability, as well as VCStack™, allowing devices to be stacked to create highly resilient solutions that can be distributed over long distances. The AT-x510-28GPX delivers up to 30 Watts per port (PoE+), perfect for supporting standard as well as Pan/Tilt/Zoom video surveillance and security cameras, wireless access points, IP phones, RFID readers, automatic doors and other PoE-powered devices. This PoE option eliminates the need for power rewiring and minimizes the clutter of power supplies and adapters in awkward places. The AT-x510-28GPX is designed for the edge of enterprises, retail, government, universities and medical campuses.
-
AT-x510DP-52GTX: 48-port 10/100/1000T stackable switch with 4 SFP+ ports and 2 hot-swappable power supplies– PSU’s not included
Availability: In stockOut of stock
The Allied Telesis AT-x510DP-52GTX is the ideal Data Center Top-of-Rack (ToR) switch, featuring 48 x 10/100/1000T ports and 4 x 10G SFP+ uplink ports for high speed server and storage connectivity.
Dual hot-swappable load-sharing AC or DC power supplies with reverse airflow guarantee maximum uptime. Allied Telesis VCStack allows multiple units to be connected as a single virtual chassis, creating a highly resilient solution with no single point of failure that can even be distributed over long distances. The AT-x510DP-52GTX is the perfect choice for critical Data Center applications requiring uninterrupted service.
-
Cisco Firepower 4100 Series:
Availability: In stockOut of stock
The Cisco Firepower™ Next-Generation Firewall (NGFW) is the industry’s first fully integrated, threat-focused next-gen firewall with unified management. It includes Application Visibility and Control (AVC), optional Firepower next-gen IPS (NGIPS), Cisco® Advanced Malware Protection (AMP), and URL Filtering. Cisco Firepower NGFW provides advanced threat protection before, during, and after attacks.
-
AT-x510-52GTX: 48-port 10/100/1000T stackable switch with 4 SFP+ ports and 2 fixed power supplies.
Availability: In stockOut of stock
The Allied Telesis AT-x510-52GTX stackable Gigabit edge switch features 48 x 10/100/1000T ports and 4 x 10G/1G SFP+ uplink ports with two internal load-sharing AC power supplies for high reliability.
Combined with VCStack™ — which allows devices to be stacked to create highly resilient solutions that can be distributed over long-distances — the AT-x510-52GTX is the perfect choice for critical applications requiring uninterrupted service. The x510 Series also offers a comprehensive security feature set that enables secure Edge solutions for enterprise, healthcare, education and government applications.
-
AT-x510DP-28GTX: 24-port 10/100/1000T stackable switch with 4 SFP+ ports and 2 hot-swappable power supplies– PSU’s not included
Availability: In stockOut of stock
The Allied Telesis AT-x510DP-28GTX stackable Gigabit edge switch is the ideal Data Center Top-of-Rack (ToR) switch, featuring 24 x 10/100/1000T ports and 4 x 10G SFP+ uplink ports for high speed server and storage connectivity.
Dual hot-swappable load-sharing AC or DC power supplies with reverse airflow guarantee maximum uptime. Allied Telesis VCStack allows multiple units to be connected as a single virtual chassis, creating a highly resilient solution with no single point of failure that can even be distributed over long distances. The AT-x510DP-28GTX is the perfect choice for critical Data Center applications requiring uninterrupted service.
-
Catalyst 2960-L Series Switches
Availability: In stockOut of stock
Product Overview:
Cisco Catalyst® 2960-L Series Switches are fixed-configuration, Gigabit Ethernet switches that provide entry-level enterprise-class Layer 2 access for branch offices, conventional workspaces, and out-of-wiring closet applications. Designed for operational simplicity to lower total cost of ownership, they enable secure, and energy-efficient business operations with a range of Cisco IOS® Software features.
Product Highlights:
Cisco Catalyst 2960-L switches feature:
● 8, 16, 24, or 48 Gigabit Ethernet ports with line-rate forwarding
● 2 or 4 Gigabit Small Form-Factor Pluggable (SFP) uplinks
● Power over Ethernet Plus (PoE+) support with up to 370W of power budget
● Fanless operation and operational temperature up to 55°C for deployment outside the wiring closet
● Higher mean time between failure (MTBF) because they have no moving mechanical parts
● Less than 11.5-inch depth fit in use cases with space limitation
● Reduced power consumption and advanced energy management features
● RJ45 and USB console access for simplified operations
● Intuitive web UI for easy deployment and management
● Cisco IOS® Software features
● Enhanced limited lifetime warranty (E-LLW) offering next-business-day hardware replacement
-
Cisco 3900 Series :CISCO3945E/K9, CISCO3925E/K9, CISCO3945/K9, CISCO3925/K9
Availability: In stockOut of stock
Cisco® 3900 Series Integrated Services Routers build on 25 years of Cisco innovation and product leadership. The new Cisco Integrated Services Routers Generation 2 (ISR G2) platforms are architected to enable the next phase of branch-office evolution, providing rich-media collaboration and virtualization to the branch office while maximizing operational cost savings. The new routers support new high-capacity digital signal processors (DSPs) for future enhanced video capabilities, high-powered service modules with improved availability, multicore CPUs, Gigabit Ethernet switching with Cisco Enhanced Power over Ethernet (ePoE), and new energy visibility and control capabilities while enhancing overall system performance. Additionally, a new Cisco IOS®Software Universal image and Cisco Services Ready Engine (SRE) module enable you to decouple the deployment of hardware and software, providing a flexible technology foundation that can quickly adapt to evolving network requirements. Overall, the Cisco 3900 Series offers exceptional total cost of ownership (TCO) savings and network agility through the intelligent integration of market-leading security, unified communications, wireless, and application services.
Đánh giá
Chưa có đánh giá nào.