Cisco Firepower 4110 Manual

Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide

First Published: 2016-03-31

Last Modified: 2021-09-13

Americas Headquarters

Cisco Systems, Inc.

170 West Tasman Drive

San Jose, CA 95134-1706

USA

http://www.cisco.com

Tel: 408 526-4000

800 553-NETS (6387)

Fax: 408 527-0883

CONTENTS

Full Cisco Trademarks with Software License ?

Overview 1

CHAPTER 1

Features 1

Deployment Options 4

Package Contents 4

Serial Number Location 6

Front Panel 7

Front Panel LEDs 9

Rear Panel 10

Network Modules 11

10-Gb Network Module 11

40-Gb Network Module 12

Hardware Bypass Network Modules 14

1-Gb Network Module with Hardware Bypass 15

40-Gb Network Module with Hardware Bypass 16

1-Gb SX/10-Gb SR/10-Gb LR Network Module with Hardware Bypass 18

Power Supply Modules 21

Fan Modules 23

Supported SFP/SFP+ and QSFP Transceivers 24

Hardware Specifications 27

Product ID Numbers 29

Power Cord Specifications 32

Installation Preparation 39

CHAPTER 2

Installation Warnings 39

Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide

iii

Network Equipment-Building System (NEBS) Statements 42

Safety Recommendations 43

Maintain Safety with Electricity 44

Prevent ESD Damage 44

Site Environment 45

Power Supply Considerations 45

Rack Configuration Considerations 45

Rack-Mount and Ground the Chassis 47

CHAPTER 3

Unpack and Inspect the Chassis 47

Rack-Mount the Chassis 48

Ground the Chassis 52

Installation, Maintenance, and Upgrade 55

CHAPTER 4

Install, Remove, and Replace the Network Module 55

Remove and Replace the Fan Module 58

Remove and Replace the SSD 60

Remove and Replace the Power Supply Module 62

Connect the DC Power Supply Module 66

Secure the Power Cord on the AC Power Supply Module 72

Install the FIPS Opacity Shield 75

Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide

Contents

CHAPTER 1

Overview

•Features, on page 1

•Deployment Options, on page 4

•Package Contents, on page 4

•Serial Number Location, on page 6

•Front Panel, on page 7

•Front Panel LEDs, on page 9

•Rear Panel, on page 10

•Network Modules, on page 11

•Hardware Bypass Network Modules, on page 14

•Power Supply Modules, on page 21

•Fan Modules, on page 23

•Supported SFP/SFP+ and QSFP Transceivers, on page 24

•Hardware Specifications, on page 27

•Product ID Numbers, on page 29

•Power Cord Specifications, on page 32

Features

The Cisco Firepower 4100 series security appliance is a standalone modular security services platform. It is

capable of running multiple security services simultaneously and so is targeted at the data center as a

multiservice platform. The series includes the Firepower 4110, 4120, 4140, and 4150. See Product ID Numbers,

on page 29 for a list of the product IDs (PIDs) associated with the 4100 series.

The Firepower 4100 series supports Cisco Firepower Threat Defense, Cisco Firepower eXtensible Operating

System (FXOS), and Cisco ASA software. See Cisco Firepower 4100/9300 FXOS Compatibility, which lists

software and hardware compatibility information for the Firepower 4100 series.

The following figure shows the Firepower 4100 series security appliance.

Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide

Figure 1: Firepower 4100 Series

The following table lists the features for the Firepower 4100 series.

Table 1: Firepower 4100 Series Features

4150414041204110Feature

•Common Criteria (CC) and Commercial Solutions for Classified (CSFC) for ASA

9.8.xand FTD 6.2.x

• CC for the Network Device Collaborative Protection Profile (NDcPPv2.1) for

ASA 9.12.xand FX-OS 2.6.x

• Federal Information Processing Standards (FIPS) 140-2 on ASA 9.12.x, FTD

6.4.x, and FX-OS 2.6.x

• Department of Defense Information Network Approved Product List (DoDIN

APL) for ASA 9.12.xand FTD 6.4.x.

• US Government Compliance for IPv6 (USGv6) for ASA 9.8.xand FTD 6.2.x

See the "Security Certifications Compliance" chapter in the Cisco FXOS

CLI Configuration Guide or Cisco FXOS Firepower Chassis Manager

Configuration Guide for the procedure to enable security modes.

Note

Security standards

certifications

1 RU

Fits a standard 19-in. (48.3cm) square-hole rack

Form factor

Slide rails, mount ears, and screws included

4-post Electronic Industries Association (EIA)-310-D rack

Rack mount

Front to rear

Cold aisle to hot aisle

Airflow

Single 22-coreSingle 18-core

Single 12-coreProcessor

256-GB DDR4

DRAM

256-GB DDR4

DRAM

128-GB DDR4

DRAM

64-GB DDR4

DRAM

Memory

Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide

Overview

Features

4150414041204110Feature

With two 8-port network modules installed

Maximum number

of interfaces

One Gigabit Ethernet

Supports 1-Gb fiber or copper small form-factor pluggable (SFP)

Management port

One RJ-45 consoleSerial port

One USB 2.0 Type AUSB port

Eight fixed 1-Gb and 10-Gb SFP ports (named Ethernet 1/1 through 1/8)Network ports

Eight fixed 1-Gb and 10-Gb SFP ports

See Supported SFP/SFP+ and QSFP Transceivers, on page 24 for a list of supported

transceivers.

Small form-factor

pluggable (SFP)

ports

Displays the serial number; on the front panelPullout asset card

On rear panelGrounding lug

On front panelLocator beacon

On rear panelPower switch

Two network module slots (named network module 2 and network module 3)Network modules

• 8-port 10-Gigabit Ethernet SFP+

• 4-port 40-Gigabit Ethernet QSFP+

• 8-port 1-Gigabit Ethernet copper with hardware bypass

• 2-port 40-Gigabit Ethernet QSFP+ (built-in) with hardware bypass

• 6-port 1-Gigabit Ethernet SX fiber SFP+ (built-in) with hardware bypass

• 6-port 10-Gigabit Ethernet SR fiber SFP+ (built-in) with hardware bypass

• 6-port 10-Gigabit Ethernet LR fiber SFP+ (built-in) with hardware bypass

Supported network

modules

Two (1+1) power supply module slots

Ships with two 400-W AC power supply

modules

Hot-swappable

Two (1+1) power supply module slots

Ships with one 400-W AC power supply

modules

Hot-swappable

AC power supply

OptionalDC power supply

1+1Redundant power

Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide

Overview

Features

4150414041204110Feature

Six fan module slots

3+1 redundancy

Hot-swappable

Fan

Two SSD slots

Ships with one 400-GB SSD installed in

slot 1. Slot 1 is the primary SSD and

should always be present.

RAID is not supported.

Note

The SSD must be installed in slot 1. Slot

2 is optional and is reserved only for the

MSP.

Two SSD slots

Ships with one 200-GB SSD installed in

slot 1. Slot 1 is the primary SSD and

should always be present.

RAID is not supported.

Note

The SSD must be installed in slot 1. Slot

2 is optional and is reserved only for the

Malware Storage Pack (MSP).

Storage

Installed in the second SSD slot onlyMSP

Deployment Options

Here are some examples of how you can deploy the Firepower 4100:

• In a data center using NGFW and ASA

• At the core/aggregation layer of a 3-tier data center in a high availability configuration

• As a dedicated multifunctional security service within converged infrastructure stacks, for example,

vBlock, FlexPod, and so forth, at the access layer

• As a high-performance data center security appliance between the WAN edge and the data center core

in a high availability configuration

• Inter-DC clustering deployments

• In newer spine/leaf data center designs, deployment as a leaf that exclusively offers security functions

Package Contents

The following figure shows the package contents for the Firepower 4100. Note that the contents are subject

to change and your exact contents might contain additional or fewer items.

Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide

Overview

Deployment Options

Figure 2: Firepower 4100 Package Contents

Blue console cable PC terminal adapter2Firepower 4100 chassis1

10/100/1000BASE-T SFP transceiver4Two power cords (country-specific)

See Power Cord Specifications, on page 32 for

a list of supported power cords.

Tie wrap clamp6Two slide rails5

Flextronics tie wrap8Artesyn tie wrap7

Ten 8-32 x 0.375 inch Phillips screws used to

secure the mounting bracket to chassis (six

screws), and the cable management brackets to

the mounting brackets (four screws)

10Two M3 x 6 mm screws used to secure the inner

slide rail to the chassis

Two 10-32 x 0.375 inch screws used to secure

the ground lug

12Two slide rail locking brackets11

Two cable management brackets14One ground lug #6 AWG, 90 degree, #10 post13

Cisco Firepower 4100

This document has a URL pointing to the

hardware installation guide, a URL pointing the

regulatory and safety guide, and a QR code and

URL pointing to the Getting Started Guide.

Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide

Overview

Package Contents

Serial Number Location

The serial number for the Firepower 4100 series chassis is located on the pullout asset card on the front panel.

Figure 3: Serial Number on the 4100 Chassis

You can also view additional model information on the compliance label located on the bottom of the chassis.

Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide

Overview

Serial Number Location

Figure 4: Compliance Label on the 4100 Chassis

Front Panel

The following figure shows the front panel of the Firepower 4100.

Figure 5: Firepower 4100 Front Panel

Gigabit Ethernet management port2RJ-45 console port1

Eight fixed SFP+ (1-Gb/10-Gb) ports (in network

module slot 1)

Ethernet 1/1 through 1/8 labeled top to bottom,

left to right

4USB 2.0 Type A port3

SSD 2

Reserved for the optional MSP.

6SSD 1

Reserved for the primary SSD; slot 1 must always

be populated.

Locator LED8Power LED7

Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide

Overview

Front Panel

Network module 2

The 10-Gb network module is shown.

Note

10Pullout asset card9

Network module 3

The 10-Gb network module is shown.

Note

RJ-45 Console Port

The Firepower 4100 has a standard RJ-45 console port. You can use the CLI to configure your Firepower

4100 through the RJ-45 serial console port by using a terminal server or a terminal emulation program

on a computer.

The RJ-45 (8P8C) port supports RS-232 signaling to an internal UART controller. The console port does

not have any hardware flow control, and does not support a remote dial-in modem. The baud rate is 9600.

You can use the standard cable found in your accessory kit to convert the RJ-45 to DB-9 if necessary.

Type A USB Port

You can use the external USB Type A port to attach a data storage device. The external USB drive

identifier is disk1:. The USB Type A port supports the following:

• Hot swapping

• USB drive formatted with FAT32

• Boot kick-start image from the Supervisor ROMMON for discovery recovery purposes

• Copy files to and from workspace:/ and volatile:/ within local-mgmt. The most relevant files are:

• Core files

• Ethanalyzer packet captures

• Tech-support files

• Security module log files

• Platform bundle image upload using download image usbA:

The USB Type A port does not support Cisco Secure Package (CSP) image upload.

Network Ports

The Firepower 4100 chassis has eight fixed ports that require 1-Gb/10-Gb SFP/SFP+ transceivers (fiber

or copper). They are numbered from left to right starting with 1 and are named Ethernet 1/1 through

Ethernet 1/8. The 4100 also has two network module slots that support different numbers of ports

depending on the network module. See Network Modules, on page 11 for the supported network modules.

See for Supported SFP/SFP+ and QSFP Transceivers, on page 24 the list of supported transceivers.

Each port has LEDs that represent link/activity status.

Management Port

The Firepower 4100 chassis has a management port that requires a 1-Gb fiber or copper SFP.

Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide

Overview

Front Panel

Front Panel LEDs

The following figure and table describe the Firepower 4100 front panel LEDs.

Figure 6: Front Panel LEDs

Health (SYS)

• Off—System is not booting yet.

• Green, flashing—Power-up diagnostics are

complete and system is booting up.

• Green—The system has passed power-up

diagnostics.

• Amber—Power-up diagnostics has failed.

• Amber, flashing—Alarm; power-up

diagnostics are running.

2Management

• Off—No connection or port is not in use.

• Amber—No link or network failure.

• Green—Link up.

• Green, flashing—Network activity.

Power

• Off—Input power not detected.

• Green, flashing—Appears only when you

move the power switch from ON to OFF.

System is shutting down and powers off once

shutdown is completed.

• Amber—System is powering up.

• Green—System fully powered up.

• Amber, flashing—Reserved.

4SSD

• Off— SSD not present.

• Green—SSD is present; no activity.

• Green, flashing—SSD is active.

• Amber—SSD failure.

• Amber, flashing—Rebuilding, flashes at 1

Hz.

•Amber, flashing—Predictive failure analysis

(PFA) and hot spare; two fast flashes at 4

Hz, pause for 0.5 seconds.

Locator LED

• Off—Locate is off.

• Blue—Locate is on.

6Active (ACT)

This LED is not supported; reserved for future

use.

Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide

Overview

Front Panel LEDs

Network activity

• Off—No connection or port is not in use.

• Amber—No link or network failure.

• Green—Link up.

• Green, flashing—Network activity.

Rear Panel

The following figure shows the rear panel of the Firepower 4100.

Figure 7: Firepower 4100 Rear Panel

Power supply module 12Power on/off switch1

Fan module 14Power supply module 23

Fan module 36Fan module 25

Fan module 58Fan module 47

Location for the two-post grounding lug

The two-post grounding lug is

included in the accessory kit.

Note

10Fan module 69

The power switch is located to the left of power supply module 1 on the rear of the chassis. It is a toggle

switch that controls power to the system. If the power switch is in standby position, only the 3.3-V standby

power is enabled from the power supply module and the 12-V main power is OFF. When the switch is in the

ON position, the 12-V main power is turned on and the system boots.

You can shut down the chassis in one of two ways:

• Perform a graceful shutdown using the shutdown commands (see the FXOS CLI Configuration Guide

for the procedure). This may take several minutes to complete. Then toggle the power switch to the OFF

position. The power LED changes from solid green to off immediately.

If you move the power switch to the OFF position before the shutdown command

sequence is complete or if you remove the system power cords before the graceful

shutdown is complete, disk corruption can occur.

Caution

Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide

Overview

Rear Panel

• Toggle the power switch to the OFF position. The power LED changes from solid green to off.

After removing power from the chassis either by moving the power switch to OFF or unplugging the power

cord, wait at least 10 seconds before turning power back ON.

Note

Network Modules

The Firepower 4100 contains two network module slots that provide optical or electrical network interfaces.

Network modules are optional, removable I/O modules that provide either additional ports or different interface

types (1/10/40 Gb). The Firepower network modules plug into the chassis on the front panel.

For More Information

• See 10-Gb Network Module, on page 11 for a description of the 10-GB network module.

• See 40-Gb Network Module, on page 12 for a description of the 40-GB network module.

• See Hardware Bypass Network Modules, on page 14 for the location and description of the LEDs,

and the port configurations for the hardware bypass network modules.

• See Install, Remove, and Replace the Network Module, on page 55 for the procedure for removing

and replacing network modules.

10-Gb Network Module

The following figure shows the front panel of the 10-Gb network module (FPR4K-NM-8X10G). The

FPR4K-NM-8X10G is a single-wide module that supports hot swapping. The eight ports are numbered from

top to bottom, left to right.

Make sure you have the correct firmware package and software version installed to support this network

module. For instructions on how to verify your firmware package version and to upgrade the firmware if

necessary, see the Cisco Firepower 4100/9300 FXOS Firmware Upgrade Guide. See Cisco Firepower 4100/9300

FXOS Compatibility for the software compatibility matrix.

Note

The FPR4K-NM-8X10G is NEBS-compliant.

Note

You can fit four copper SFPs in either the top row of ports or the bottom row of ports. Both rows cannot be

populated at the same time, because of the port row spacing.

Note

Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide

Overview

Network Modules

Figure 8: FPR4K-NM-8X10G

Ethernet X/12Captive screw/handle1

Ethernet X/54Ethernet X/33

Ethernet X/26Ethernet X/75

Ethernet X/68Ethernet X/47

Network activity LEDs

• Off—No connection or port is not in use.

• Amber—No link or network failure.

• Green—Link up.

• Green, flashing—Network activity.

10Ethernet X/89

For More Information

• For a list of copper SFPs, see Supported SFP/SFP+ and QSFP Transceivers, on page 24.

40-Gb Network Module

The following figure shows the front panel of the 40-Gb network module (FPR4K-NM-4X40G.) The

FPR4K-NM-4X40G is a single-wide module that supports hot swapping. The four ports are numbered left to

right.

Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide

Overview

40-Gb Network Module

Make sure you have the correct firmware package and software version installed to support this network

module. For instructions on how to verify your firmware package version and to upgrade the firmware if

necessary, see the Cisco Firepower 4100/9300 FXOS Firmware Upgrade Guide. See Cisco Firepower 4100/9300

FXOS Compatibility for the software compatibility matrix.

Note

The FPR4K-NM-4X40G is NEBS-compliant.

Note

Figure 9: FPR4K-NM-4X40G

Network activity LEDs

• Off—No connection or port is not in use.

• Amber—No link or network failure.

• Green—Link up.

• Green, flashing—Network activity.

• 40Gb—Only the leftmost LED indicates the

port status.

• 4x10Gb—Each of the port LEDS indicates

the status of respective 10-Gb channel.

2Captive screw/handle1

Ethernet X/24Ethernet X/13

Ethernet X/46Ethernet X/35

Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide

Overview

40-Gb Network Module

Hardware Bypass Network Modules

Hardware bypass (also known as fail-to-wire) is a physical layer (Layer 1) bypass that allows paired interfaces

to go into bypass mode so that the hardware forwards packets between these port pairs without software

intervention. Hardware bypass provides network connectivity when there are software or hardware failures.

Hardware bypass is useful on ports where the Firepower security appliance is only monitoring or logging

traffic. The hardware bypass network modules have an optical switch that is capable of connecting the two

ports when needed. The hardware bypass network modules have built-in SFPs.

Hardware bypass is supported only on a fixed set of ports. You can pair Port 1 with Port 2, Port 3 with Port

4, but you cannot pair Port 1 with Port 4 for example.

• FTW Ports can be used as normal ports in routed mode (not only inline NGIPS functionality).

• FTW Ports can be used to form port-channels across different network modules on the same firewall.

Note

Hardware bypass is only supported in inline mode. Also, hardware bypass support depends on your software

application.

Note

When the appliance switches from normal operation to hardware bypass or from hardware bypass back to

normal operation, traffic may be interrupted for several seconds. A number of factors can affect the length of

the interruption; for example, behavior of the optical link partner such as how it handles link faults and

debounce timing; spanning tree protocol convergence; dynamic routing protocol convergence; and so on.

During this time, you may experience dropped connections.

Note

There are three configuration options for hardware bypass network modules:

• Passive interfaces—Connection to a single port.

For each network segment you want to monitor passively, connect the cables to one interface. This is

how the nonhardware bypass network modules operate.

•Inline interfaces—Connection to any two like ports (10 Gb to 10 Gb for example) on one network module,

across network modules, or fixed ports.

For each network segment you want to monitor inline, connect the cables to pairs of interfaces.

• Inline with hardware bypass interfaces—Connection of a hardware bypass paired set.

For each network segment that you want to configure inline with fail-open, connect the cables to the

paired interface set.

For the 40-Gb network module, you connect the two ports to form a paired set. For the 1/10-Gb network

modules, you connect the top port to the bottom port to form a hardware bypass paired set. This allows

traffic to flow even if the security appliance fails or loses power.

Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide

Overview

Hardware Bypass Network Modules

If you have an inline interface set with a mix of hardware bypass and nonhardware bypass interfaces, you

cannot enable hardware bypass on this inline interface set. You can only enable hardware bypass on an inline

interface set if all the pairs in the inline set are valid hardware bypass pairs.

Note

For More Information

• See 1-Gb Network Module with Hardware Bypass, on page 15 for a description of the 1-Gb network

module.

• See 40-Gb Network Module with Hardware Bypass, on page 16 for a description of the 40-Gb

network module.

• See 1-Gb SX/10-Gb SR/10-Gb LR Network Module with Hardware Bypass, on page 18 for a

description of the 1-Gb SX, 10-Gb SR and LR network modules.

• See Install, Remove, and Replace the Network Module, on page 55 for the procedure for removing

and replacing single-wide network modules.

1-Gb Network Module with Hardware Bypass

The following figure shows the front panel view of the 1-Gb network module with hardware bypass

(FPR-NM-8X1G-F). Pair ports 1 and 2, 3 and 4, 5 and 6, and 7 and 8 to form hardware bypass paired sets.

Make sure you have the correct firmware package and software version installed to support this network

module. For instructions on how to verify your firmware package version and to upgrade the firmware if

necessary, see the Cisco Firepower 4100/9300 FXOS Firmware Upgrade Guide. See Cisco Firepower 4100/9300

FXOS Compatibility for the software compatibility matrix.

Note

Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide

Overview

1-Gb Network Module with Hardware Bypass

Figure 10: FPR-NM-8X1G-F

Ethernet X/1

Ports 1 and 2 are paired together to form a

hardware bypass pair. LED B1 applies to this

paired port.

2Bypass LEDs B1 through B4

• Green—In standby mode.

•Amber, flashing—Port is in hardware bypass

mode, failure event.

Ethernet X/2

Ports 5 and 6 are paired together to form a

hardware bypass pair. LED B3 applies to this

paired port.

4Ethernet X/2

Ports 3 and 4 are paired together to form a

hardware bypass pair. LED B2 applies to this

paired port.

Captive screw/handle6Ethernet X/2

Ports 7 and 8 are paired together to form a

hardware bypass pair. LED B4 applies to this

paired port.

—Network activity LEDs

•Left LED—Green indicates network activity

when a 10M/100M/1G connection is made.

• Right LED—Not in use at this time.

40-Gb Network Module with Hardware Bypass

The following figure shows the front panel of the 40-Gb hardware bypass network module

(FPR4K-NM-2X40G-F). The FPR4K-NM-2X40G-F is a single-wide module that does not support hot

swapping. The two ports are numbered left to right. Pair the two ports to create a hardware bypass paired set.

Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide

Overview

40-Gb Network Module with Hardware Bypass

Other manuals for Firepower 4110

This manual suits for next models

Table of contents

Popular Solar Panel manuals by other brands

PHOTOWATT

PHOTOWATT PW72HT-CB-XF manual

Panasonic

Panasonic VBHN240SE10 General installation manual

Schweizer

Schweizer Solrif Short installation manual

WilTec

WilTec 62391 Operation manual

DeDietrich

DeDietrich POWER SUN 3000 Instructions for Roof-Surface / Flat Roof Installation

Baintech

Baintech 120W quick start guide

Kyocera

Kyocera RR 24-7 datasheet

BMS

BMS BMS-FK2000 manual

Kyocera

Kyocera KC-TYPE installation manual

Znshine Solar

Znshine Solar ZXM6-LD60-280/M installation manual

STI

STI FINO Assembly instructions

JBE CCTV

JBE CCTV SPS-80W quick start guide

Teleco

Teleco TSP 100W Assembly instructions

LG LG N2T-J5 Series installation manual

Enersol

Enersol Solar Pool Heating Installation guide and owner's manual

XtremepowerUS

XtremepowerUS 90100 Owner's manual and safety instructions

YOSHINO

YOSHINO SP200 user manual

ensol

ensol ES2H/2.65 Installation instruction