Cisco Firepower 1140 Service Manual
Cisco Firepower 1100 Series Hardware Installation Guide
First Published: 2019-06-13
Last Modified: 2019-09-02
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of
the UNIX operating system. All rights reserved. Copyright©1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network
topology diagrams, and other figures included in the document are shown forillustrative purposes only. Any use of actual IP addresses or phone numbers inillustrative content is unintentional
and coincidental.
All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version.
Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. Toview a list of Cisco trademarks, go to this URL: www.cisco.com
go trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any
other company. (1721R)
©
2019 Cisco Systems, Inc. All rights reserved.
CONTENTS
CHAPTER 1
CHAPTER 2
Overview 1
Features 1
Package Contents 4
Serial Number Location 5
Front Panel 6
Rear Panel 6
Rear Panel LEDs 6
Hardware Specifications 8
Product ID Numbers 8
Power Cord Specifications 9
Installation Preparation 15
Installation Warnings 15
Safety Recommendations 17
Maintain Safety with Electricity 18
Prevent ESD Damage 18
CHAPTER 3
CHAPTER 4
Site Environment 19
Site Considerations 19
Power Supply Considerations 19
Rack Configuration Considerations 20
Mount the Chassis 21
Unpack and Inspect the Chassis 21
Rack-Mount the Chassis 21
Connect to the Console Port 25
Cisco Firepower 1100 Series Hardware Installation Guide
iii
Contents
Connect to the Console Port with Microsoft Windows 25
Connect to the Console Port with Mac OS X 26
Connect to the Console Port with Linux 27
CHAPTER 5
Maintenance and Upgrade 29
Replace the SSD 29
Cisco Firepower 1100 Series Hardware Installation Guide
iv
Features
CHAPTER 1
Overview
• Features, on page 1
• Package Contents, on page 4
• Serial Number Location, on page 5
• Front Panel, on page 6
• Rear Panel, on page 6
• Rear Panel LEDs, on page 6
• Hardware Specifications, on page 8
• Product ID Numbers, on page 8
• Power Cord Specifications, on page 9
The Cisco Firepower 1100 series security appliances are a standalone modular security services platform.
They are capable of running multiple security services simultaneously and so are targeted at the data center
as a multiservice platform. See Product ID Numbers, on page 8 for a list of the product IDs (PIDs) associated
with the Firepower 1100 series.
The Firepower 1100 series support Cisco Firepower software version 6.4 and later. See the Cisco Firepower
Compatibility Guide, which provides Cisco Firepower software and hardware compatibility, including operating
system and hosting environment requirements, for each supported Firepower version.
The following figure shows the Cisco Firepower 1100 Series.
Figure 1: Cisco Firepower 1100 Series
The following table lists the features for the Firepower 1100 series.
Cisco Firepower 1100 Series Hardware Installation Guide
1
Features
Overview
Table 1: Firepower 1120, 1140, and 1150 Features
11401120Feature
1 RUForm factor
Mounting
L2 switch
Management port
Console ports
USB port
Network ports
Rack mount
Mount rails included (4-post EIA-310-D rack)
Front to back (cold aisle to hot aisle)Airflow
One 12-core Intel CPUProcessor
One 16-core Intel CPU
16-GB DDR4 DRAMMemory
Marvel 98DX3236
Supported in a future software release
One Gigabit Ethernet RJ-45 10/100/1000 BaseT
Restricted to network management access only
One RJ-45 or one USB Mini B
Provides management access through an external system
One USB 3.0 Type A
Allows attachment of an external device such as mass storage
Eight Gigabit Ethernet RJ-45 10/100/1000 BaseT
Each RJ-45 (8P8C) copper port supports auto MDI/X as well as
auto-negotiation for interface speed, duplex, and other negotiated
parameters, and are MDI/MDIX-compliant.
Port numbering is left to right, top to bottom; ports are named Gigabit
Ethernet 1/1 through 1/8. Each port includes a pair of LEDs, one each
for connection status and link status.
Four fixed 1-Gb SFP portsSFP ports
Supported SFPs
GLC-SX-MMD
GLC-LH-SMD
GLC-EX-SMD
GLC-ZX-SMD
GLC-T/TE
The SPFs are hot-swappable.
Cisco Firepower 1100 Series Hardware Installation Guide
2
Overview
Features
11401120Feature
Power switch
AC power supply
Fan
Storage
Yes
On rear panel; standard rocker-type power on/off switch
Note
To shut down the Firepower 1100 series gracefully, see the
"Power Off the Device" section for FDM and FMC in the
Cisco Firepower 1100 Series Getting Started Guide.
One fixed AC power supply
The power supply is internal; there is no user access.
The power supply is not field-replaceable; you must return the chassis
to Cisco for power supply replacement.
NoRedundant power
One fixed fan
The fan is internal; there is no user access.
The fan is not field-replaceable; you must return the chassis to Cisco
for fan replacement.
One SSD slot
200-GB 2.5-in. SATA SSD drive
The drive is field-replaceable. See Replace the SSD , on page 29 for
more information.
Console Ports
The Firepower 1100 series has two external console ports, a standard RJ-45 port and a USB Mini B serial
port. Only one console port can be active at a time. When a cable is plugged into the USB console port,
the RJ-45 port becomes inactive. Conversely, when the USB cable is removed from the USB port, the
RJ-45 port becomes active. The console ports do not have any hardware flow control. You can use the
CLI to configure the chassis through either serial console port by using a terminal server or a terminal
emulation program on a computer.
• RJ-45 (8P8C) port—Supports RS-232 signaling to an internal UART controller. The RJ-45 console
port does not support a remote dial-in modem. You can use a standard management cable (Cisco
part number 72-3383-01) to convert the RJ45-to-DB9 connection if necessary.
• USB Mini B port—Lets you connect to a USB port on an external computer. For Linux and Macintosh
systems, no special driver is required. For Windows systems, you must download and install a USB
driver (available on software.cisco.com). You can plug and unplug the USB cable from the console
port without affecting Windows HyperTerminal operations. We recommend shielded USB cables
with properly terminated shields. Baud rates for the USB console port are 1200, 2400, 4800, 9600,
19200, 38400, 57600, and 115200 bps.
Cisco Firepower 1100 Series Hardware Installation Guide
3
Package Contents
Note
For Windows operating systems, you must install a Cisco Windows USB Console Driver on any PC
connected to the console port before using the USB console port. See Connect to the Console Port with
Microsoft Windows for information on installing the driver.
External Flash Storage
The chassis contains a standard USB Type A port that you can use to attach an external device. The USB
port can provide output power of 5 volts, up to a maximum of 1 A (5 USB power units).
• External USB drive (optional)—You can use the external USB Type A port to attach a data-storage
device. The external USB drive identifier is disk1. When the chassis is powered on, a connected
USB drive is mounted as disk1 and is available for you to use. Additionally, the file-system
commands that are available to disk0 are also available to disk1, including copy, format, delete,
mkdir, pwd, cd, and so on.
• FAT-32 File System—The Firepower 1100 series only supports FAT-32-formatted file systems for
the external USB drive. If you insert an external USB drive that is not in FAT-32 format, the system
mounting process fails, and you receive an error message. You can enter the command format
disk1: to format the partition to FAT-32 and mount the partition to disk1 again; however, data might
be lost.
Overview
Package Contents
The following figure shows the package contents for the Firepower 1100 series. Note that the contents are
subject to change, and your exact contents might contain additional or fewer items.
Figure 2: Firepower 1100 Series Package Contents
Cisco Firepower 1100 Series Hardware Installation Guide
4
Overview
Serial Number Location
USB console cable (Type A to Type B)2Chassis1
5
mounting
Serial Number Location
You can view the serial number and additional model information on the compliance label located on the
bottom of the chassis. The following figure shows a sample compliance label.
Figure 3: Compliance Label on the Firepower Chassis
4Power cord3
8Four M4 Phillips screws for rack mounting7
Four 10-32-in. Phillips screws for rack
mounting
Four M6 Phillip screws for rack mounting6Four 12-14 Phillips screws for rack
Useful Links Cisco Firepower 1120 and
1140
The steps in the Useful Links document
send you to the documentation you need
to install, set up, and configure your 1120
and 1140.
Start Here Cisco Firepower 1120 and 1140
for Firepower Threat Defense
This document tells how to cable and set
up the FTD using Firepower Device
Manager (FDM) (a simplified, single
device manager included on the device).
Cisco Firepower 1100 Series Hardware Installation Guide
5
Front Panel
Front Panel
Rear Panel
Overview
The following figure shows the front panel of the Firepower 1100 series. Note that there are no connectors
or LEDs on the front panel.
Figure 4: Firepower 1100 Series Front Panel
The following figure shows the rear panel of the Firepower 1100 series. See Rear Panel LEDs, on page 6
for a description of the LEDs. See Features, on page 1 for a description of each feature.
Figure 5: Firepower 1100 Series Rear Panel
Rear Panel LEDs
The following figure shows the LEDs on the rear panel of the Firepower 1100 series and describes their states.
Power cord socket2Power switch1
SFP ports (numbered 9 through 12)4Management port3
USB Mini B console port6USB Type A port5
Network data ports8RJ-45 (8P8C) console port7
Reset button10Status LEDs9
SSD bay12SSD LED11
Cisco Firepower 1100 Series Hardware Installation Guide
6
Overview
Rear Panel LEDs
Figure 6: Firepower 1100 Series Rear Panel LEDs
1
2Network
Status of the network ports.
Link status (L):
• Off—No link, or port is not in use.
• Green—Link established.
• Green, flashing—Link activity.
Network
Status of the network ports.
Connection-speed status (S):
• Green, flashing—One flash every three
seconds = 10 Mbps.
• Green, flashing—Two rapid flashes =
100 Mbps.
• Green, flashing—Three rapid flashes =
1000 Mbps.
3
4SFP
Status of the SFP transceiver.
Link status (L):
• Off—No SFP.
Power
Power supply status:
• Off —Power supply off.
• Green—Power supply on.
• Amber—SFP present, but no link.
• Green, flashing—Link established and
transmitting.
5
6Status
Active
System operating status:
• Green—Normal system function.
• Amber—Critical alarm indicating one
or more of the following:
• Major failure of a hardware or
software component.
• Over-temperature condition.
• Power voltage outside the tolerance
range.
Status of the failover pair:
• Off— Failover is not operational.
• Green—Failover pair operating
normally. The LED is green always
unless the chassis in a high availability
pair.
• Amber—When the chassis is in a high
availability pair, the LED is amber for
the standby unit.
Cisco Firepower 1100 Series Hardware Installation Guide
7
Loading...