Firepower Datasheet

2021-01-16 595 words 3 minutes

Contents

Firepower Datasheet

The purpose of this document is to provide an overview of platform limits and limitations for the Cisco Firepower platform. I created this overview to document information that is available from different CiscoLive presentations, administration guides and Cisco datasheets.

Hardware End-of-Life

ASA

Model	Replacement	ASA	FPS	FTD
ASA 5505	FPR1010	9.2	N/A	N/A
ASA 5506-X	FPR1010	TBD	6.2.3	6.2.3
ASA 5512-X	FPR1120	9.9.2	6.2.3	6.2.3
ASA 5515-X	FPR1140	9.12	6.4	6.4
ASA 5525-X	FPR1100	9.14	6.6	6.6
ASA 5545-X	FPR1100	9.14	6.6	6.6
ASA 5555-X	FPR1100	9.14	6.6	6.6
ASA 5585-X	FPR1100	9.12	6.4	N/A

Firepower

Model	Replacement	ASA	FTD
Firepower 7000	Firepower 1140/1150/2000	N/A	6.4
Firepower 8000	Firepower 9300 (SM40/48/56)	N/A	6.4
Firepower 4120	Firepower 4125	9.16	6.8
Firepower 4140	Firepower 4145	9.16	6.8
Firepower 4150	Firepower 4155	9.16	6.8
Firepower 9300 (SM24)	Firepower 9300 (SM40)	9.16	6.8
Firepower 9300 (SM36)	Firepower 9300 (SM48)	9.16	6.8
Firepower 9300 (SM44)	Firepower 9300 (SM56)	9.16	6.8

Management Center

Model	Replacement	FPS	FTD
FMC 1000	FMC 1600	6.8	6.8
FMC 2500	FMC 2600	6.8	6.8
FMC 4500	FMC 4600	6.8	6.8

Multi Instance Mode

Hardware Support

Multi-Instance Mode is only supported on Firepower 4100 & 9300 platforms. Firepower 1000 & 2100 do not support multi-instance mode

Model	Max. Container Instances	Available CPU Cores	Available RAM	Available Disk Space
Firepower 4110	3	22	53 GB	125.6 GB
Firepower 4112	3	22	78 GB	308 GB
Firepower 4115	7	46	162 GB	308 GB
Firepower 4120	3	46	101 GB	125.6 GB
Firepower 4125	10	62	162 GB	644 GB
Firepower 4140	7	70	222 GB	311.8 GB
Firepower 4145	14	86	344 GB	608 GB
Firepower 4150	7	86	222 GB	311.8 GB
Firepower 9300 SM-24 security module	7	46	226 GB	656.4 GB
Firepower 9300 SM-36 security module	11	70	222 GB	640.4 GB
Firepower 9300 SM-40 security module	13	78	334 GB	1359 GB
Firepower 9300 SM-44 security module	14	86	218 GB	628.4 GB
Firepower 9300 SM-48 security module	15	94	334 GB	1341 GB
Firepower 9300 SM-56 security module	18	110	334 GB	1314 GB

Software limitations

ASA Software is not supported
Multi-Instance is not supported on Firepower Device Manager
Data sharing interfaces are not supported in a cluster
Intra-Chassis high availability (active/standby) is not supported on Firepower 9300
Inter-Chassis high availability is only supported between same hardware models
Container instances within a high availability pair must use the same resource profile attributes
Radware DefensePro link decorator is not supported (no service chaining)
FMC UCAPL/CC mode is not supported
Flow offload to Smart NICs is not supported
If Subinterfaces are used for failover link other subinterfaces on the same parent interface cannot be used for data interfaces

Software limits

TLS crypto acceleration on up to 16 instances
Max 14 instances per shared interface (e.g. Po1 shared between instance 1 through 14)
Mac 10 shared interfaces per instance (e.g. Po1.1 through Po1.10)
Up to 500 VLAN IDs can be created per physical interface

Access Control Rules

Max recommended access control elements (LINA POV)

Platform	Recommended Limit
ASA 5506-X	12.500
ASA 5508-X	50.000
ASA 5516-X	125.000
ASA 5525-X	150.000
ASA 5545-X	250.000
ASA 5555-X	250.000
Firepower 1010	15.000
Firepower 1120	125.000
Firepower 1140	150.000
Firepower 1150	250.000
Firepower 2110	50.000
Firepower 2120	75.000
Firepower 2130	300.000
Firepower 2140	375.000
Firepower 4110	2.250.000
Firepower 4115	2.500.000
Firepower 4120	2.250.000
Firepower 4125	2.750.000
Firepower 4140	2.250.000
Firepower 4145	3.000.000
Firepower 4150	3.000.000
Firepower 9300 SM-24	2.250.000
Firepower 9300 SM-36	2.250.000
Firepower 9300 SM-40	6.000.000
Firepower 9300 SM-44	3.000.000
Firepower 9300 SM-48	6.000.000
Firepower 9300 SM-56	6.000.000