Cisco Firepower 4100 / 4112 / 4115 / 4125 / 4145 Manual

Features

The Cisco Firepower 4100 is a standalone modular security services platform. It is capable of running multiple security services simultaneously and so is targeted at the data center as a multiservice platform. The series includes the Firepower 4112, 4115, 4125, and 4145. See Product ID Numbers for a list of the product IDs (PIDs) associated with the 4100 series.
The Firepower 4100 supports Cisco Secure Firewall Threat Defense, Cisco Secure Firewall eXtensible Operating System (FXOS), and Cisco Secure Firewall ASA software. See Cisco Firepower 4100/9300 FXOS Compatibility, which lists software and hardware compatibility information for the Firepower 4100 series.

The following figure 1 shows the Firepower 4100.

The following table lists the features for the Firepower 4100.

Feature	4112	4115	4125	4145
Form factor	1 RU Fits a standard 19-inch (48.3cm) square-hole rack
Rack mount	Slide rails, mount ears, and screws included (4-post EIA-310-D rack)
Airflow	Front to rear Cold aisle to hot aisle
Processor	One 12-core 2.1-GHz Intel Xeon 4116	Two 12-core 2.1-GHz Intel Xeon 4116	Two 16-core 2.1-GHz Intel Xeon 6130T	Two 22-core 2.1-GHz Intel Xeon 6152
Memory	96-GB DRAM 6 x 16-GB DDR4-2400	192-GB DRAM 12 x 16-GB DDR4-2400	192-GB DRAM 12 x 16-GB DDR4-2666	384-GB DRAM 12 x 32-GB DDR4-2666
Maximum number of interfaces	24 With two 8-port network modules installed
Management port	One Gigabit Ethernet Supports 1-Gb fiber or copper SFPs
Serial port	One RJ-45 console
USB port	One USB 2.0 Type A
Network ports	Eight fixed 1-Gb and 10-Gb SFP+ ports (named Ethernet 1/1 through 1/8)
Small form-factor pluggable (SFP) ports	Eight fixed 1-Gb and 10-Gb SFP+ ports
Pullout asset card	Displays the serial number; on the front panel
Grounding lug	On rear panel
Locator beacon	On front panel
Power switch	On rear panel
Network modules	Two network module slots (network module 2 and network module 3)
Supported network modules	8-port 10-Gigabit Ethernet SFP+ 4-port 40-Gigabit Ethernet QSFP+ 2-port 100-Gigabit Ethernet QSFP28 Note First supported in threat defense 7.3.1 and ASA 9.18.1. 8-port 1-Gigabit Ethernet copper with hardware bypass 2-port 40-Gigabit Ethernet QSFP+ (built-in) with hardware bypass 6-port 1-Gigabit Ethernet SX fiber SFP (built-in) with hardware bypass 6-port 10-Gigabit Ethernet SR fiber SFP+ (built-in) with hardware bypass 6-port 10-Gigabit Ethernet LR fiber SFP+ (built-in) with hardware bypass
AC power supply	Two (1+1) power supply module slots Ships with one 1100-W AC power supply module Hot-swappable		Two (1+1) power supply module slots Ships with two 1100-W AC power supply modules Hot-swappable
DC power supply (optional)	Two (1+1) power supply module slots 950-W DC power supply module Hot-swappable
Redundant power	1+1
Fan	Six fan module slots 5+1 redundancy Hot-swappable
Storage	Two SSD slots Ships with one 400-GB SSD installed in slot 1. Slot 1 is the primary SSD and should always be present. Slot 1 is reserved for the logical device application instance (threat defense or ASA). Note RAID is not supported. The SSD must be installed in slot 1. Slot 2 is reserved only for the optional Malware Storage Pack (MSP).		Two SSD slots Ships with one 800-GB SSD installed in slot 1. Slot 1 is the primary SSD and should always be present. Slot 1 is reserved for the logical device application instance (threat defense or ASA). Note RAID is not supported. The SSD must be installed in slot 1. Slot 2 is reserved only for the optional MSP.
MSP (optional)	Installed in the second SSD slot only
Network Equipment Building Systems (NEBS) certification	—	—	Certified	—
Security standards certifications	—	Common Criteria (CC) certification for the Network Device Collaborative Protection Profile (NDcPPv2.2E), VPN Gateway Module (VPNGW_MOD_v1.1), and Firewall Module (FW_MOD_v1.4e) for ASA 9.16.x. Common Criteria (CC) and Commercial Solutions for Classified (CSFC) for FTD 6.2.x. CC for the Network Device Collaborative Protection Profile (NDcPPv2.1) for ASA 9.12.x and FX-OS 2.6.x. Federal Information Processing Standards (FIPS) 140-2 on ASA 9.12.x, FTD 6.4.x, and FX-OS 2.6.x. Department of Defense Information Network Approved Product List (DoDIN APL) for ASA 9.12.x and FTD 6.4.x. US Government Compliance for IPv6 (USGv6) for ASA 9.8.x and FTD 6.2.x. Note Firepower 4112 has not yet completed the above certifications. Note See the "Security Certifications Compliance" chapter in the Cisco FXOS CLI Configuration Guide or Cisco FXOS Firepower Chassis Manager Configuration Guide for the procedure to enable security modes

Deployment Options

Here are some examples of how you can deploy the Firepower 4100:

• In a data center using NGFW and ASA
• At the core/aggregation layer of a 3-tier data center in a high availability configuration
• As a dedicated multifunctional security service within converged infrastructure stacks, for example, vBlock, FlexPod, and so forth, at the access layer
• As a high-performance data center security appliance between the WAN edge and the data center core in a high availability configuration
• Inter-DC clustering deployments
• In newer spine/leaf data center designs, deployment as a leaf that exclusively offers security functions

Package Contents

The following figure 2 shows the package contents for the Firepower 4100. Note that the contents are subject to change and your exact contents might contain additional or fewer items.

1	Firepower 4100 chassis	2	Blue console cable PC terminal adapter (part number 72-3383-01)
3	Two power cords (country-specific) See Power Cord Specifications for a list of supported power cords.	4	10/100/1000BASE-T SFP transceiver
5	Ground lug kit (part number 69-1000359-01): One ground lug #6 AWG, 90 degree, #10 post (part number 32-0608-01) Two 10-32 x 39-8-inch Phillips Head screws (part number 48-0700-01)	6	Cable management bracket kit (part number 69-100376-01) Two cable management brackets (part number 700-106377-01) Four 8-32 x 0.375-inch Phillips screws (part number 48-2696-01)
7	Two slide rails with two M3 x 0.5 x 6-mm screws (48-101144-01)	8	Two slide rail locking brackets (part number 700-105350-02) Six 8-32 x 0.375-inch Phillips screws (part number 48-2696-01)
9	Artesyn tie wrap and tie wrap clamp (part number 52-100204-01)	10	Flextronics tie wrap and tie wrap clamp (part number 52-100202-01)
11	Cisco Secure Firepower 4100 This document has a URL and QR code that point to the Digital Documentation Portal. The portal contains links to the Product Information page, the Hardware Installation Guide, the Regulatory and Safety Information Guide, the Getting Started Guide, and the Easy Deployment Guide.		—

Serial Number Location

The serial number for the Firepower 4100 series chassis is located on the pullout asset card on the front panel. (See Figure 3)

You can also view additional model information on the compliance label located on the bottom of the chassis. (Figure 4)

Front Panel

The following figure 5 shows the front panel of the Firepower 4100.

1	RJ-45 console port	2	Gigabit Ethernet management port
3	USB 2.0 Type A port	4	Eight fixed SFP+ (1-Gb/10-Gb) ports (in network module slot 1) Ethernet 1/1 through 1/8 labeled top to bottom, left to right
5	SSD 1 Reserved for the primary SSD; slot 1 must always be populated.	6	SSD 2 Reserved for the optional MSP.
7	Power LED	8	Locator LED
9	Pullout asset card	10	Network module 2 Note The 10-Gb network module is shown.
11	Network module 3 Note The 10-Gb network module is shown.

RJ-45 Console Port
The Firepower 4100 has a standard RJ-45 console port. You can use the CLI to configure your Firepower 4100 through the RJ-45 serial console port by using a terminal server or a terminal emulation program on a computer.
The RJ-45 (8P8C) port supports RS-232 signaling to an internal UART controller. The console port does not have any hardware flow control, and does not support a remote dial-in modem. The baud rate is 9600. You can use the standard cable found in your accessory kit to convert the RJ-45 to DB-9 if necessary.

Type A USB Port
You can use the external USB Type A port to attach a data storage device. The external USB drive identifier is :. The USB Type A port supports the following:

• Hot swapping
• USB drive formatted with FAT32
• Boot kick-start image from the Supervisor ROMMON for discovery recovery purposes
• Copy files to and from workspace:/ and volatile:/ within local-mgmt. The most relevant files are:
  • Core files
  • Ethanalyzer packet captures
  • Tech-support files
  • Security module log files
• Platform bundle image upload using download image usbA:

The USB Type A port does not support Cisco Secure Package (CSP) image upload.

Network Ports
The Firepower 4100 chassis has eight fixed ports that require 1-Gb/10-Gb SFP/SFP+ transceivers (fiber or copper). They are numbered from left to right starting with 1 and are named Ethernet 1/1 through Ethernet 1/8. The 4100 also has two network module slots that support different numbers of ports depending on the network module. See Network Modules for the supported network modules. See for Supported SFP/SFP+ and QSFP Transceivers the list of supported transceivers.
Each port has LEDs that represent link/activity status.

Management Port
The Firepower 4100 chassis has a management port that requires a 1-Gb fiber or copper SFP.

Front Panel LEDs

The following figure 6 and table describe the Firepower 4100 front panel LEDs.

1	Management Off—No connection or port is not in use. Amber—No link or network failure. Green—Link up. Green, flashing—Network activity.	2	Health (SYS) Off—System is not booting yet. Green, flashing—Power-up diagnostics are complete and system is booting up. Green—The system has passed power-up diagnostics. Amber—Power-up diagnostics has failed. Amber, flashing—Alarm; power-up diagnostics are running.
3	SSD Off— SSD not present. Green—SSD is present; no activity. Green, flashing—SSD is active. Amber—SSD failure. Amber, flashing—Rebuilding, flashes at 1 Hz. Amber, flashing—Predictive failure analysis (PFA) and hot spare; two fast flashes at 4 Hz, pause for 0.5 seconds.	4	Power Off—Input power not detected. Green, flashing—Appears only when you move the power switch from ON to OFF. System is shutting down and powers off once shutdown is completed. Amber—System is powering up. Green—System fully powered up. Amber, flashing—Reserved.
5	Active (ACT) This LED is not supported; reserved for future use.	6	Locator LED Off—Locate is off. Blue—Locate is on.
7	Network activity Off—No connection or port is not in use. Amber—No link or network failure. Green—Link up. Green, flashing—Network activity.

Rear Panel

The following figure 7 shows the rear panel of the Firepower 4100.

1	Power on/off switch	2	Power supply module 1
3	Power supply module 2	4	Fan module 1
5	Fan module 2	6	Fan module 3
7	Fan module 4	8	Fan module 5
9	Fan module 6	10	Location for the two-post grounding lug Note The two-post grounding lug is included in the accessory kit.

The power switch is located to the left of power supply module 1 on the rear of the chassis. It is a toggle switch that controls power to the system. If the power switch is in standby position, only the 3.3-V standby power is enabled from the power supply module and the 12-V main power is OFF. When the switch is in the ON position, the 12-V main power is turned on and the system boots.
You can shut down the chassis in one of two ways:

• Perform a graceful shutdown using the shutdown commands (see the FXOS CLI Configuration Guide for the procedure). This may take several minutes to complete. Then toggle the power switch to the OFF position. The power LED changes from solid green to off immediately.

If you move the power switch to the OFF position before the shutdown command sequence is complete or if you remove the system power cords before the graceful shutdown is complete, disk corruption can occur.

• Toggle the power switch to the OFF position. The power LED changes from solid green to off.

Note
After removing power from the chassis either by moving the power switch to OFF or unplugging the power cord, wait at least 10 seconds before turning power back ON.

Network Modules

The Firepower 4100 contains two network module slots that provide optical or electrical network interfaces. Network modules are optional, removable I/O modules that provide either additional ports or different interface types (1/10/40 Gb). The Firepower network modules plug into the chassis on the front panel.

For More Information

• See 10-Gb Network Module for a description of the 10-GB network module.
• See 40-Gb Network Module for a description of the 40-GB network module.
• See 100-Gb Network Module for a description of the two-port 100-Gb network module.
• See Hardware Bypass Network Modules for the location and description of the LEDs, and the port configurations for the hardware bypass network modules.
• See Install, Remove, and Replace the Network Module for the procedure for removing and replacing network modules.

10-Gb Network Module

The following figure 8 shows the front panel of the 10-Gb network module (FPR4K-NM-8X10G). The FPR4K-NM-8X10G is a single-wide module that supports hot swapping. The eight ports are numbered from top to bottom, left to right.

1	Captive screw/handle	2	Ethernet X/1
3	Ethernet X/3	4	Ethernet X/5
5	Ethernet X/7	6	Ethernet X/2
7	Ethernet X/4	8	Ethernet X/6
9	Ethernet X/8	10	Network activity LEDs Off—No connection or port is not in use. Amber—No link or network failure. Green—Link up. Green, flashing—Network activity.

Note
Make sure you have the correct firmware package and software version installed to support this network module. For instructions on how to verify your firmware package version and to upgrade the firmware if necessary, see the Cisco Firepower 4100/9300 FXOS Firmware Upgrade Guide. See Cisco Firepower 4100/9300 FXOS Compatibility for the software compatibility matrix.

Note
The FPR4K-NM-8X10G is NEBS-compliant.

Note
You can fit four copper SFPs in either the top row of ports or the bottom row of ports. Both rows cannot be populated at the same time, because of the port row spacing.

For More Information

• For a list of copper SFPs, see Supported SFP/SFP+ and QSFP Transceivers

40-Gb Network Module

The following figure 9 shows the front panel of the 40-Gb network module (FPR4K-NM-4X40G.) The FPR4K-NM-4X40G is a single-wide module that supports hot swapping. The four ports are numbered left to right.

1	Captive screw/handle	2	Network activity LEDs Off—No connection or port is not in use. Amber—No link or network failure. Green—Link up. Green, flashing—Network activity. 40Gb—Only the leftmost LED indicates the port status. 4x10Gb—Each of the port LEDS indicates the status of respective 10-Gb channel.
3	Ethernet X/1	4	Ethernet X/2
5	Ethernet X/3	6	Ethernet X/4

Note
Make sure you have the correct firmware package and software version installed to support this network module. For instructions on how to verify your firmware package version and to upgrade the firmware if necessary, see the Cisco Firepower 4100/9300 FXOS Firmware Upgrade Guide. See Cisco Firepower 4100/9300 FXOS Compatibility for the software compatibility matrix.

Note
The FPR4K-NM-4X40G is NEBS-compliant.

100-Gb Network Module

The following figure 10 shows the front panel of the 100-Gb network module (FPR4K-NM-2X100G). The FPR4K-NM-2X100G is a two-port single-widemodule that supports hot swapping. The two ports are numbered left to right. The FPR4K-NM-2X100G is first supported in FTD 7.2 and ASA 9.18.

1	Power LED	2	Network activity LEDs Off—No connection or port is not in use. Amber—No link or network failure. Green—Link up. Green, flashing—Network activity.
3	Network activity LEDs Off—No connection or port is not in use. Amber—No link or network failure. Green—Link up. Green, flashing—Network activity.	4	Ethernet X/1
5	Ethernet X/2	6	Captive screw/handle

Note
Make sure you have the correct firmware package and software version installed to support this network module. For instructions on how to verify your firmware package version and to upgrade the firmware if necessary, see the Cisco Firepower 4100/9300 FXOS Firmware Upgrade Guide. See Cisco Firepower 4100/9300 FXOS Compatibility for the software compatibility matrix.

Hardware Bypass Network Modules

Hardware bypass (also known as fail-to-wire) is a physical layer (Layer 1) bypass that allows paired interfaces to go into bypass mode so that the hardware forwards packets between these port pairs without software intervention. Hardware bypass provides network connectivity when there are software or hardware failures. Hardware bypass is useful on ports where the Firepower security appliance is only monitoring or logging traffic. The hardware bypass network modules have an optical switch that is capable of connecting the two ports when needed. The hardware bypass network modules have built-in SFPs.
Hardware bypass is supported only on a fixed set of ports. You can pair Port 1 with Port 2, Port 3 with Port 4, but you cannot pair Port 1 with Port 4 for example.

Note
When the appliance switches from normal operation to hardware bypass or from hardware bypass back to normal operation, traffic may be interrupted for several seconds. A number of factors can affect the length of the interruption; for example, behavior of the optical link partner such as how it handles link faults and debounce timing; spanning tree protocol convergence; dynamic routing protocol convergence; and so on. During this time, you may experience dropped connections.

There are three configuration options for hardware bypass network modules:

• Passive interfaces—Connection to a single port.
  For each network segment you want to monitor passively, connect the cables to one interface. This is how the nonhardware bypass network modules operate.
• Inline interfaces—Connection to any two like ports (10 Gb to 10 Gb for example) on one network module, across network modules, or fixed ports.
  For each network segment you want to monitor inline, connect the cables to pairs of interfaces.
• Inline with hardware bypass interfaces—Connection of a hardware bypass paired set.
  For each network segment that you want to configure inline with fail-open, connect the cables to the paired interface set.
  For the 40-Gb network module, you connect the two ports to form a paired set. For the 1/10-Gb network modules, you connect the top port to the bottom port to form a hardware bypass paired set. This allows traffic to flow even if the security appliance fails or loses power.

Note
If you have an inline interface set with a mix of hardware bypass and nonhardware bypass interfaces, you cannot enable hardware bypass on this inline interface set. You can only enable hardware bypass on an inline interface set if all the pairs in the inline set are valid hardware bypass pairs.

For More Information

• See 1-Gb Network Module with Hardware Bypass for a description of the 1-Gb network module.
• See 40-Gb Network Module with Hardware Bypass for a description of the 40-Gb network module.
• See 1-Gb SX/10-Gb SR/10-Gb LR Network Module with Hardware Bypass for a description of the 1-GB SX, 10-GB SR, and LR network modules.
• See Install, Remove, and Replace the Network Module for the procedure for removing and replacing single-wide network modules.

1-Gb Network Module with Hardware Bypass

The following figure 11 shows the front panel view of the 1-Gb network module with hardware bypass (FPR-NM-8X1G-F). Pair ports 1 and 2, 3 and 4, 5 and 6, and 7 and 8 to form hardware bypass paired sets.

1	Captive screw/handle	2	Bypass LEDs B1 through B4 Green—In standby mode. Amber, flashing—Port is in hardware bypass mode, failure event.
3	Ethernet X/1 Ports 1 and 2 are paired together to form a hardware bypass pair. LED B1 applies to this paired port.	4	Ethernet X/2 Ports 3 and 4 are paired together to form a hardware bypass pair. LED B2 applies to this paired port.
5	Ethernet X/2 Ports 5 and 6 are paired together to form a hardware bypass pair. LED B3 applies to this paired port.	6	Ethernet X/2 Ports 7 and 8 are paired together to form a hardware bypass pair. LED B4 applies to this paired port.
7	Network activity LEDs Left LED—Green indicates network activity when a 10M/100M/1G connection is made. Right LED—Not in use at this time.		—

Note
Make sure you have the correct firmware package and software version installed to support this network module. For instructions on how to verify your firmware package version and to upgrade the firmware if necessary, see the Cisco Firepower 4100/9300 FXOS Firmware Upgrade Guide. See Cisco Firepower 4100/9300 FXOS Compatibility for the software compatibility matrix.

40-Gb Network Module with Hardware Bypass

The following figure 12 shows the front panel of the 40-Gb hardware bypass network module (FPR4K-NM-2X40G-F). The FPR4K-NM-2X40G-F is a single-wide module that does not support hot swapping. The two ports are numbered left to right. Pair the two ports to create a hardware bypass paired set.

1	Captive screw/handle	2	Port 1 Ethernet X/1 Ports 1 and 2 are paired together to form a hardware bypass pair.
3	Port 2 Ethernet X/2 Ports 1 and 2 are paired together to form a hardware bypass pair.	4	Port 1 network activity LEDs: Amber—No connection, or port is not in use, or no link or network failure. Green—Link up, no network activity. Green, flashing—Network activity.
5	BP (bypass LED): Green—In standby mode. Amber, flashing—Port is in hardware bypass mode, failure event.	6	Port 2 network activity LEDs: Amber—No connection, or port is not in use, or no link or network failure. Green—Link up, no network activity. Green, flashing—Network activity.

Note
Make sure you have the correct firmware package and software version installed to support this network module. For instructions on how to verify your firmware package version and to upgrade the firmware if necessary, see the Cisco Firepower 4100/9300 FXOS Firmware Upgrade Guide. See Cisco Firepower 4100/9300 FXOS Compatibility for the software compatibility matrix.

The following table describes the cable specifications needed to keep the insertion loss as low as possible.

Table 2: 40-Gb BASE-SR Cable Specifications
Interface	Supported Cable
Ethernet 40-G BASE-SR4	50 microns core diameter
850 nm wavelength	2000/4700 (OM3/4) modal bandwidth (MHz*km)
MPO-12 port adapter	50 m cable distance

Note
See the Cisco 40GBASE QSFP Modules Data Sheet for specifications of the QSFP for the 40-Gb BASE-SR-4.

We recommend the following Cisco OM3 MTP/MPO cables.

Table 3: Cisco Cables
Cisco Part Number	Cable Length
CAB-ETH-40G-5M	5 m
CAB-ETH-40G-10M	10 m
CAB-ETH-40G-20M	20 m

1-Gb SX/10-Gb SR/10-Gb LR Network Module with Hardware Bypass

The following figure 13 shows the front panel of the 1-Gb SX, 10-Gb SR and 10-Gb LR hardware bypass network modules (FPR4K-NM-6X1SX-F, FPR4K-NM-6X10SR-F, FPR4K-NM-6X10LR-F). This is a single-wide module that does not support hot swapping. The six ports are numbered from top to bottom, left to right. Pair ports 1 and 2, 3 and 4, and 5 and 6 to form hardware bypass paired sets.

1	Captive screw/handle	2	Six network activity LEDs: Amber—No connection, or port is not in use, or no link or network failure. Green—Link up, no network activity. Green, flashing—Network activity.
3	Ethernet X/1 (top port) Ethernet X/2 (bottom port) Ports 1 and 2 are paired together to form a hardware bypass pair.	4	Ethernet X/3 (top port) Ethernet X/4 (bottom port) Ports 3 and 4 are paired together to form a hardware bypass pair.
5	Ethernet X/5 (top port) Ethernet X/6 (bottom port) Ports 5 and 6 are paired together to form a hardware bypass pair.	6	Bypass LEDs B1 through B3: Green—In standby mode. Amber, flashing—Port is in hardware bypass mode, failure event.

Note
Make sure you have the correct firmware package and software version installed to support this network module. For instructions on how to verify your firmware package version and to upgrade the firmware if necessary, see the Cisco Firepower 4100/9300 FXOS Firmware Upgrade Guide. See Cisco Firepower 4100/9300 FXOS Compatibility for the software compatibility matrix.

The 1-Gb SX /10-Gb SR/10-Gb LR network modules have the following insertion loss measurements. Insertion loss measurements help you to troubleshoot the network by verifying cable installation and performance.

Table 4: 1-Gb SX Network Module (FPR4K-NM-6X1SX-F)
	Operating Mode	Typical	Maximum
Insertion loss	Normal	0.9 dB	1.4 dB
	Hardware bypass	1.2 dB	1.7 dB
	Core diameter (microns)	Modal bandwidth (MHz/km)	Cable distance Note Half the distance specified by the IEEE standard.
Cable and operating distance	62.5	160 (FDDI)	110 m
	62.5	200 (OM1)	137 m
	50	400	250 m
	50	500 (OM2)	275 m
	50	2000 (OM3)	500 m
Table 5: 10-Gb SR Network Module (FPR4K-NM-6X10SR-F)
	Operating Mode	Typical	Maximum
Insertion loss	Normal	0.9 dB	1.4 dB
	Hardware bypass	1.2 dB	1.7 dB
	Core diameter (microns)	Modal bandwidth (MHz/km)	Cable distance Note Half the distance specified by the IEEE standard.
Cable and operating distance	62.5	160 (FDDI)	13 m
	62.5	200 (OM1)	16.5 m
	50	400	33 m
	50	500 (OM2)	41 m
	50	2000 (OM3)	150 m
	50	4700 (OM4)	200 m
Table 6: 10-Gb LR Network Module (FPR4K-NM-6X10LR-F)
	Operating Mode	Typical	Maximum
Insertion loss	Normal	1.2 dB	1.6 dB
	Hardware bypass	1.5 dB	1.9 dB
	Core diameter (microns)	Modal bandwidth (MHz/km)	Cable distance Note Half the distance specified by the IEEE standard.
Cable and operating distance	G.652	Single mode	5 km

Power Supply Modules

The Firepower 4100 supports two AC or DC power supply modules so that dual power supply redundancy protection is available. Facing the back of the chassis, the power supply modules are numbered left to right, for example, PSU1 and PSU2.

Note
The system power requirements are lower than the power supply module capabilities. See Hardware Specifications for the system power requirements.

Note
After removing power from the chassis either by moving the power switch to OFF or unplugging the power cord, wait at least 10 seconds before turning power back ON.

Attention
Make sure that one power supply module is always active.

See Remove and Replace the Power Supply Module for the procedure for removing and replacing the power supply module.

AC Power Supply
The power supplies can supply up to 1100-W power across the input voltage range. The load is shared when both power supply modules are plugged in and running at the same time. The power supply modules are hot-swappable.

Table 7: AC Power Supply Module Hardware Specifications
Description	Specification
Input voltage	100 to 240 V AC
Maximum current	13 A (at 100 V AC) Note The system power requirements are lower than the power supply module capabilities. See Hardware Specifications for the system power requirements.
Maximum output power	1100 W
Frequency	50 to 60 Hz
Redundancy	1+1 redundant
Efficiency at 50% load	92%

DC Power Supply
The power supplies can supply up to 950 W of power across the input voltage range. The load is shared when both power supply modules are plugged in and running at the same time. The power supply modules are hot-swappable.

Table 8: DC Power Supply Module Hardware Specifications
Description	Specification
Input voltage	-40 to -60 V DC
Maximum current	26 A (at 40 V DC)
Maximum output power	950 W
Redundancy	1+1 redundant
Efficiency at 50% load	92%

Power Supply Module LEDs
The following figure 14 shows the two-color power supply LEDs. The LEDs are located on the upper right side.

1

Amber FAIL LED

2

Green OK LED

The following table describes the power module supply LEDs and their states.

Table 9: Power Supply Module LEDs
	Amber LED (Fail Status)	Green LED (OK Status)
No power to all power supplies	Off	Off
Power supply module failure Includes overvoltage, overcurrent, overtemperature, and fan failure	On	Off
Power supply module warning events Power supply continues to operate. With high temperature, high power, and slow fan	1 Hz flashing	Off
Power is present. 3.3 VSB on (power supply module off)	Off	1 Hz flashing
Power supply module is OK and on.	Off	On

Fan Modules

The Firepower 4100 requires six fan modules, which are hot-swappable. They are installed in the rear of the chassis. The system supports operation with a single fan failure (N+1 fan redundancy), but do not run the system for an extended amount of time without all fan modules installed. Keep removal and replacement time at three minutes. Remove and replace one fan module at a time.
If you remove a fan or a fan fails, the other fans operate at full speed, which can be noisy.
The fan modules are numbered left to right, for example, FAN1, FAN2, FAN3, FAN4, FAN5, and FAN6. See Remove and Replace the Fan Module for the procedure for removing and replacing the fan module.

The following figure 15 shows the location of the fan LED.

1	Two-color LED

The fan module has one two-color LED, which is located on the upper left corner of the fan.

• Amber—Fan failure.
• Green—Fan running normally. It may take up to one minute for the LED status to turn green after power is on.

Supported SFP/SFP+ and QSFP Transceivers

The SFP/SFP+ transceivers are bidirectional devices with a transmitter and receiver in the same physical package. It is a hot-swappable optical or electrical (copper) interface that plugs into the SFP/SFP+ ports on the fixed ports and the network module ports, and provides Ethernet connectivity.

Use appropriate ESD procedures when inserting the transceiver. Avoid touching the contacts at the rear, and keep the contacts and ports free of dust and dirt. Keep unused transceivers in the ESD packing that they were shipped in. The following figure 16 shows a sample SFP transceiver.

1	Dust plug	2	Bail clasp
3	Receive optical bore	4	Transmit optical bore

Safety Warnings
Take note of the following optical connection warnings:

Statement 1051—Laser Radiation
Invisible laser radiation may be emitted from disconnected fibers or connectors. Do not stare into beams or view directly with optical instruments.

Statement 1055—Class 1/1M Laser
Invisible laser radiation is present. Do not expose to users of telescopic optics. This applies to Class 1/1M laser products.

The following table lists the Cisco supported transceivers.

Optics Type	PID
1 Gb
1G-SX	GLC-SX-MMD
1G-LH/LX	GLC-LH-SMD
1G-EX	GLC-EX-SMD
1G-ZX	GLC-ZX-SMD
1G 1000Base-T	GLC-T
1G 1000Base-T	GLC-TE
10 Gb
10G-SR	SFP-10G-SR
10G-SR-S	SFP-10G-SR-S
10G-LR	SFP-10G-LR
10G-LR-S	SFP-10G-LR-S
10G-LRM	SFP-10G-LRM
10G-ER	SFP-10G-ER
10G-ER-S	SFP-10G-ER-S
10G-ZR-S	SFP-10G-ZR-S
10G Cu, 1m	SFP-H10GB-CU1M
10G Cu, 1.5m	SFP-H10GB-CU1-5M
10G Cu, 2m	SFP-H10GB-CU2M
10G Cu, 2.5m	SFP-H10GB-CU2-5M
10G Cu, 3m	SFP-H10GB-CU3M
10G Cu, 5m	SFP-H10GB-CU5M
10G Cu, 7m	SFP-H10GB-ACU7M
10G Cu, 10m	SFP-H10GB-ACU10M
10G AOC, 1m	SFP-10G-AOC1M
10G AOC, 2m	SFP-10G-AOC2M
10G AOC, 3m	SFP-10G-AOC3M
10G AOC, 5m	SFP-10G-AOC5M
10G AOC, 7m	SFP-10G-AOC7M
10G AOC, 10m	SFP-10GAOC10M
40 Gb
40G-SR4	QSFP-40G-SR4
40G-SR4-S	QSFP-40G-SR4-S
40G-CSR4	QSFP-40G-CSR4
40G-SR-BD	QSFP-40G-SR-BD
40GE-LR4	QSFP-40GE-LR4
40GE-LR4-S	QSFP-40GE-LR4-S
40G-LR4L	WSP-Q40GLR4L
40G-CU, 1M, 3M, 5M	QSFP-H40G-CU
40G-4X10G-CU, 1M, 3M, 5M	QSFP-4SFP10G-CU
40G-CU-A, 7M, 10M	QSFP-H40G-ACU
40G-4X10G-CU-A, 7M, 10M	QSFP-4X10G-AC
40G-AOC, 1M, 2M, 3M, 5M, 7M, 10M, 15M	QSFP-H40G-AOC

Hardware Specifications

The following table contains hardware specifications for the Firepower 4100.

Specification	4112	4115	4125	4145
Dimensions (H x W x D)	1.75 x 16.89 x 29.7 inches (4.44 x 42.90 x 75.43 cm) 1.75 x 16.89 x 31.52 inches (4.44 x 42.90 x 80.06 cm) with fans
Weight	39.4 lb (17.87 kg) two power supply modules, two network modules, six fans 31.4 lb (14.24 kg) no power supply modules, no network modules, no fans
System power	AC: 100/240 V AC 10 A (at 100 V), 50 to 60 Hz DC: -40 V DC to -60 V DC, 26 A (at -40 V)
Temperature	Operating: 32 to 104°F (0 to 40°C) at sea level 1°C reduction of maximum for every 1000 ft (305 m) above sea level Nonoperating: -40 to 149°F (-40 to 65°C)
NEBS operating temperature Firepower 4125 only	—	—	Long term: 32 to 113°F (0 to 45°C) up to 6000 ft (1829m) Long term: 32 to 95°F (0 to 35°C) up to 6000-13,000 ft (1829-3964 m) Short term: 23 to 131°F (-5 to 55°C) up to 6000 ft (1829m)	—
Humidity	Operating and nonoperating: 5 to 95% noncondensing
Altitude	Operating: 10,000 ft maximum (3048 m) Nonoperating: 15,000 ft maximum (4570 m)
NEBS operating altitude Firepower 4125 only	—	—	0 to 13,000 ft (3962m)	—
Sound pressure	63 dBa (typical) 74 dBa (maximum)
Declared sound power	76 dB (typical) 87 dB (maximum)

Product ID Numbers

The following table lists the PIDs associated with the Firepower 4100. All of the PIDs in the table are field-replaceable. If you need to get a return material authorization (RMA) for any component, see Cisco Returns Portal for more information.

Note
See the show inventory command in the Cisco Firepower 4100/9300 FXOS Command Reference, in the Cisco Firepower Threat Defense Command Reference, or in the Cisco ASA Series Command Reference for the procedure to display a list of the PIDs for your Firepower 4100.

Table 12: Firepower 4100 PIDs
PID	Description
FPR4112-ASA-K9	Cisco Firepower 4112 ASA appliance, 1 RU, two network module bays
FPR4112-NGFW-K9	Cisco Firepower 4112 NGFW appliance, 1 RU, two network module bays
FPR4112-NGFW-K9	Cisco Firepower 4112 NGIPS appliance, 1 RU, two network module bays
FPR4115-ASA-K9	Cisco Firepower 4115 ASA appliance, 1 RU, two network module bays
FPR4115-NGFW-K9	Cisco Firepower 4115 NGFW appliance, 1 RU, two network module bays
FPR4115-NGIPS-K9	Cisco Firepower 4115 NGIPS appliance, 1 RU, two network module bays
FPR4125-ASA-K9	Cisco Firepower 4125 ASA appliance, 1 RU, two network module bays
FPR4125-NGFW-K9	Cisco Firepower 4125 NGFW appliance, 1 RU, two network module bays
FPR4125-NGIPS-K9	Cisco Firepower 4125 NGIPS appliance, 1 RU, two network module bays
FPR4145-ASA-K9	Cisco Firepower 4145 ASA appliance, 1 RU, two network module bays
FPR4145-NGFW-K9	Cisco Firepower 4145 NGFW appliance, 1 RU, two network module bays
FPR4145-NGIPS-K9	Cisco Firepower 4145 NGIPS appliance, 1 RU, two network module bays
FPR4K-ACC-KIT2	Firepower hardware accessory kit containing rack mounts and cables
FPR4K-ACC-KIT2=	Firepower hardware accessory kit containing rack mounts and cables (spare)
FPR4K-S-FAN	Fan
FPR4K-S-FAN=	Fan (spare)
FPR4K-NM-2X40G-F	2-port 40-Gb SR hardware bypass network module
FPR4K-NM-2X40G-F=	2-port 40-Gb SR hardware bypass network module (spare)
FPR4K-NM-4X40G	4-port 40-Gb QSFP+ network module
FPR4K-NM-4X40G=	4-port 40-Gb QSFP+ network module (spare)
FPR4K-NM-6X10LR-F	6-port 10-Gb LR hardware bypass network module
FPR4K-NM-6X10LR-F=	6-port 10-Gb LR hardware bypass network module (spare)
FPR4K-NM-6X10SR-F	6-port 10-Gb SR hardware bypass network module
FPR4K-NM-6X10SR-F=	6-port 10-Gb SR hardware bypass network module (spare)
FPR4K-NM-6X1SX-F	6-port 1-Gb SX fiber hardware bypass network module
FPR4K-NM-6X1SX-F=	6-port 1-Gb SX fiber hardware bypass network module (spare)
FPR4K-NM-8X10G	8-port 10-Gb SFP+ network module
FPR4K-NM-8X10G=	8-port 10-Gb SFP+ network module (spare)
FPR4K-NM-8X1G-F	8-port 1-Gb copper hardware bypass network module
FPR4K-NM-8X1G-F=	8-port 1-Gb copper hardware bypass network module (spare)
FPR4K-NM-2X100G	2-port 100-Gb single-wide network module
FPR4K-NM-2X100G=	2-port 100-Gb single-wide network module (spare)
FPR4K-NM-BLANK	Network module blank slot cover
FPR4K-NM-BLANK=	Network module blank slot cover (spare)
FPR4K-PSU-BLANK	Chassis power supply module blank slot cover
FPR4K-PSU-BLANK=	Chassis power supply module blank slot cover (spare)
FPR4K-PWR-AC-1100	1100-W AC power supply module
FPR4K-PWR-AC-1100-	1100-W AC power supply module (spare)
FPR4K-PWR-DC-950	950-W DC power supply module
FPR4K-PWR-DC-950=	950-W DC power supply module (spare)
FPR4K-RACK-MNT	Rack-mount kit
FPR4K-RACK-MNT=	Rack-mount kit (spare)
FPR4K-CBL-MGMT	Cable management brackets
FPR4K-CBL-MGMT=	Cable management brackets (spare)
FPR4K-SSD-BBLKD	SSD slot carrier
FPR4K-SSD-BBLKD=	SSD slot carrier (spare)
FPR4K-SSD400	400-GB SSD for Firepower 4112 and 4115
FPR4K-SSD400=	400-GB SSD for Firepower 4112 and 4115 (spare)
FPR4K-SSD800	800-GB SSD for Firepower 4125 and 4145
FPR4K-SSD800=	800-GB SSD for Firepower 4125 and 4145 (spare)

Power Cord Specifications

Each power supply has a separate power cord. Standard power cords are available for connection to the security appliance.
If you do not order the optional power cord with the system, you are responsible for selecting the appropriate power cord for the product. Using a incompatible power cord with this product may result in electrical safety hazard. Orders delivered to Argentina, Brazil, and Japan must have the appropriate power cord ordered with the system.

Note
Only the approved power cords or jumper power cords provided with the security appliance are supported.

The following power cords are supported. See Figures 17-35

1	Plug: IRAM 2073	2	Cord set rating: 10 A, 250 V
3	Connector: IEC 60320-C15		—

1	Plug: A.S. 3112-2000	2	Cord set rating: 10 A, 250 V
3	Connector: IEC 60320-C15		—

1	Plug: EL223 (NBR 14136)	2	Cord set rating: 10 A, 250 V
3	Connector: EL 701B (EN 60320/C13)		—

1	Plug: NBR 14136	2	Cord set rating: 10 A, 250 V
3	Connector: IEC 60320-C13		—

1	Plug: CCC GB2099.1, GB1002	2	Cord set rating: 10 A, 250 V
3	Connector: IEC 60320-C15		—

1	Plug: DK3	2	Cord set rating: 10 A, 250 V
3	Connector: IEC 60320-C13		—

1	Plug: CEE 7/7	2	Cord set rating: 10 A, 250 V
3	Connector: IEC 60320-C15		—

1	Plug: IS 6538-1971	2	Cord set rating: 10 A, 250 V
3	Connector: IEC 60320-C13		—

1	Plug: SI-32	2	Cord set rating: 10 A, 250 V
3	Connector: IEC 60320-C13		—

1	Plug: CEI 23-16/VII	2	Cord set rating: 10 A, 250 V
3	Connector: IEC 60320-C15		—

1	Plug: CEE 7/7	2	Cord set rating: 10 A, 250 V
3	Connector: IEC 60320-C19		—

1	Plug: NEMA L6-20P	2	Cord set rating: 15 A, 250 V
3	Connector: IEC 60320-C13		—

1	Plug: NEMA5-15P/JIS 8303	2	Cord set rating: 12 A, 125 V
3	Connector: IEC 60320-C15		—

1	Plug: NEMA5-15P	2	Cord set rating: 12 A, 125 V
3	Connector: IEC 60320-C15		—

1	Plug: BS1363A/SS145	2	Cord set rating: 10 A, 250 V
3	Connector: IEC 60320-C13		—

1	Plug: SABS 164	2	Cord set rating: 10 A, 250 V
3	Connector: IEC 60320-C15		—

1	Plug: SEV 1011	2	Cord set rating: 10 A, 250 V
3	Connector: IEC 60320-C15		—

1	Plug: CNS10917-2	2	Cord set rating: 10 A, 125 V
3	Connector: IEC 60320-C15		—

1	Plug: BS1363A/SS145	2	Cord set rating: 10 A, 250 V
3	Connector: IEC 60320-C13		—

Documents / Resources