Cisco Firepower 2120, Firepower 2110, Firepower 2140, Firepower 2130 Hardware Installation Manual
Cisco Firepower 2100 Series Hardware Installation Guide
First Published: 2017-05-25
Last Modified: 2017-06-20
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version
of the UNIX operating system. All rights reserved. Copyright©1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network
topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional
and coincidental.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://
www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
©
2017 Cisco Systems, Inc. All rights reserved.
CONTENTS
CHAPTER 1
CHAPTER 2
Overview 1
Cisco Firepower 2100 Series Features 1
Deployment Options 3
Package Contents 4
Serial Number Location 6
Front Panel 6
Front Panel LEDs 9
Rear Panel 14
Network Modules 15
Power Supply Modules 17
Fans 20
SSDs 20
Supported SFP/SFP+ Transceivers 20
Hardware Specifications 23
Installation Preparation 27
CHAPTER 3
Installation Notes and Warnings 27
Safety Recommendations 30
Maintain Safety with Electricity 30
Prevent Electrostatic Discharge Damage 31
Site Environment 31
Site Considerations 31
Power Supply Considerations 31
Equipment Rack Configuration Considerations 32
Mount and Connect 33
Rack-Mount the Chassis 33
Ground the Chassis 38
Cisco Firepower 2100 Series Hardware Installation Guide
iii
Contents
Connect Cables, Turn on Power, and Verify Connectivity 39
CHAPTER 4
Maintenance and Upgrades 43
Remove and Replace the Network Module 43
Remove and Replace the SSD 45
Remove and Replace the Power Supply Module 46
Connect the DC Power Supply Module 48
Secure the Power Cord on the Power Supply Module 51
Remove and Replace the Fan Tray 54
Install the Optional Cable Management Brackets 55
Cisco Firepower 2100 Series Hardware Installation Guide
iv
CHAPTER 1
Overview
This chapter describes the hardware features of the Cisco Firepower 2100 security appliance, and contains
the following sections:
Cisco Firepower 2100 Series Features, page 1
•
Deployment Options, page 3
•
Package Contents, page 4
•
Serial Number Location, page 6
•
Front Panel, page 6
•
Front Panel LEDs, page 9
•
Rear Panel, page 14
•
Network Modules, page 15
•
Power Supply Modules, page 17
•
Fans, page 20
•
SSDs, page 20
•
Supported SFP/SFP+ Transceivers, page 20
•
Hardware Specifications, page 23
•
Cisco Firepower 2100 Series Features
The Cisco Firepower 2100 series security appliance is a standalone modular security services platform. The
series includes the Firepower 2110, 2120, 2130, and 2140.
Figure 1: Firepower 2110/2120 and Firepower 2130/2140
Cisco Firepower 2100 Series Hardware Installation Guide
1
Cisco Firepower 2100 Series Features
The following table lists the features for the Firepower 2100 series.
Table 1: Cisco Firepower 2100 Series Features
Overview
2140213021202110Feature
Form factor
Rack mountable
Intel x86 processor
Cavium Network
Processor Unit
(NPU)
of interfaces
1 RU
Fits standard 19-in (48.3-cm) square-hole rack.
Yes
2 two-post mount brackets
(Optional) 4-post EIA-310-D rack
Yes
4-post EIA-310-D rack
(Optional) 2-two-post mount brackets
Front to rear (cold aisle to hot aisle)Airflow
Single 4-core at
1.8G
Single 6-core at
1.2G
Single 6-core at
1.9G
Single 8-core at
1.2G
Single 8-core at
2.0G
Single 12-core at
1.2G
16G8GCavium NPU RAM
8G (nominal)Flash
2416Maximum number
Single 16-core at
1.3G
64 GB32 GB16 GBIntel x86 memory
Single 16-core at
1.8G
1 Gigabit Ethernet (10M/100M/1G Base-T)Management port
RJ-45 serial portConsole port
Type A 2.0 (500mA)USB port
Network ports
12 fixed RJ-45 1G/100M/10M ports
Named Ethernet 1/1 through 1/12
4 fixed 1G/10G SFP+ ports4 fixed 1G SFP portsSmall Form-Factor
Pluggable (SFP)
ports
Pull-out label card
Yes
Displays serial number.
YesGrounding lug
Cisco Firepower 2100 Series Hardware Installation Guide
2
Overview
Deployment Options
2140213021202110Feature
YesLocator beacon
YesPower switch
Storage
Malware Storage
Pack (MSP)
NoNetwork modules
1 fixed AC power supply moduleAC power supply
Two SSD slots (100GB )
Ships with one 100GB SSD installed in
slot 1.
Yes
You can install the MSP in the SSD slot 2.
1 network module slot
NOT hot swappable
2 power supply slots
Ships with one
400W AC power
supply
Hot swappable
Yes (optional)NoDC power supply
YesNoRedundant power
1 hot-swappable fan tray with 4 fans4 fixed fansFan
Two SSD slots (200GB )
Ships with one 200GB SSD installed in
slot 1.
2 power supply slots
Ships with two
400W AC power
supplies
Hot swappable
Deployment Options
You can deploy the Firepower 2100 in the following ways:
As a firewall:
•
At the enterprise Internet edge deployed in a high availability configuration
◦
At branch offices in either an HA pair or standalone
◦
As a device that provides additional application control, URL filtering, or IPS/threat-centric capabilities:
•
Behind an enterprise Internet edge firewall in an inline in a transparent bump-in-the-wire
◦
configuration or as a standalone (requires hardware fail open network module support)
Deployed passively off a SPAN port on a switch or a tap on a network, or standalone
◦
As a VPN device:
•
For remote access VPN
◦
Cisco Firepower 2100 Series Hardware Installation Guide
3
Package Contents
For site-to-site VPN
◦
Package Contents
The following illustration shows the package contents for the Firepower 2110 and 2120. The contents are
subject to change and your exact contents will contain additional or fewer items depending on whether you
order the optional parts.
Figure 2: Firepower 2110 and 2120 Package Contents
Overview
2Firepower 2110 or 2120 chassis1
3
(country-specific)
5
screws:
Six 8-32, 0.281#
•
Four 12-24, 0.75#
•
Four 10-32, 0.75#
•
Four M6, 19mm
•
7
(Optional; in package if ordered)
4One power cord
62 rack-mount brackets and
8Two cable management brackets
Blue console cable PC terminal
adapter
SFP transceiver
(Optional; in package if ordered)
One ground lug kit
#6 AWG lug, two 10-32 x .38"
screws
Useful Links Cisco Firepower 2100
Series
Cisco Firepower 2100 Series Hardware Installation Guide
4
Overview
Package Contents
The following illustration shows the package contents for the Firepower 2130 and 2140. The contents are
subject to change and your exact contents will contain additional or fewer items depending on whether you
order the optional parts.
Figure 3: Firepower 2130 and 2140 Package Contents
3
5
9
11
(country-specific)
Left and right slide rails, two
M3X6mm wafer head screws
Two cable management brackets
and four 8-32 x 0.375" screws
(Optional; in package if ordered)
Power supply module tie wrap
and clamp
2Firepower 2130 or 2140 chassis1
Blue console cable PC terminal
adapter
4One or two power cords
SFP transceiver
(Optional; in package if ordered)
6Slide rail kit
Six 8-32 x .25" slide rail locking
bracket screws
8Two slide rail locking brackets7
One ground lug kit
#6 AWG lug, two 10-32 x .38"
screws
10Cable management bracket kit
Useful Links Cisco Firepower 2100
Series
Cisco Firepower 2100 Series Hardware Installation Guide
5
Serial Number Location
Serial Number Location
The serial number for the Firepower 2100 series chassis is located on the pull-out label card on the front panel.
Figure 4: Serial Number on 2100 Chassis
Overview
Front Panel
The following figure shows the front panel of the Firepower 2110 and 2120 security appliances. See Front
Panel LEDs, on page 9 for a description of the LEDs.
Figure 5: Firepower 2110 and 2120 Front Panel
2Power LED1
Gigabit Ethernet management port
Management 0 (also referred to as
Management 1/1 and Diagnostic 1/1)
Cisco Firepower 2100 Series Hardware Installation Guide
6
Overview
Front Panel
3
SSD (slot 1)4Twelve RJ-45 1G/100M/10M auto
duplex/auto MDI-X Base-T ports
Ethernet 1/1 through 1/12 labeled top to
bottom, left to right
System LEDs6Locator beacon5
RJ-45 console port8Type A USB 2.0 port7
10Pull-out label card9
4 fixed SFP (1G) ports
Fiber ports 1/13 through 1/16 labeled
left to right
SSD (slot 2)11
The following figure shows the front panel of the Firepower 2130 and 2140 security appliance. See Front
Panel LEDs, on page 9 for a description of the LEDs.
Figure 6: Firepower 2130 and 2140 Front Panel
3
11
Management 0 (also referred to as
Management 1/1 and Diagnostic 1/1)
Fiber ports 13 through 16 labeled left to
right
Cisco Firepower 2100 Series Hardware Installation Guide
Locator beacon2Power LED1
4Gigabit Ethernet management port
Twelve RJ-45 1G/100M/10M auto
duplex/auto MDI-X Base-T ports
Ethernet 1/1 through 1/12 labeled top
to bottom, left to right
SSD 26SSD 15
Type A USB 2.0 port8System LEDs7
Pull-out label card10RJ-45 console port9
124 fixed SFP+ (1G/10G) ports
Network Module (network module slot
1)
7
Front Panel
Overview
Management Port
The Firepower 2100 chassis has an RJ-45 copper management port.
RJ-45 Console Port
The Firepower 2100 chassis has a standard RJ-45 console port. You can use the command-line interface
(CLI) to configure your 2100 through the RJ-45 serial console port by using a terminal server or a
terminal emulation program on a computer.
The RJ-45 (8P8C) port supports RS-232 signaling to an internal UART controller. The console port
does not have any hardware flow control, and does not support a remote dial-in modem. The baud rate
is 9600. You can use the standard cable found in your accessory kit to convert the RJ45 to DB9 if
necessary.
Type A USB Port
You can use the external Type A USB port to attach a data-storage device. The external USB drive
identifier is disk1:. The Type A USB port supports the following:
OIR
•
USB drive formatted with FAT32
•
Boot kickstart image from ROMMON for discovery recovery purposes
•
Copy files to and from workspace:/ and volatile:/ within local-mgmt. The most relevant files are:
•
Core files
◦
Ethanalyzer packet captures
◦
Tech-support files
◦
Security module log files
◦
Platform bundle image upload using download image usbA:
•
The Type A USB port does NOT support Cisco Secure Package (CSP) image upload support.
Network Ports
The Firepower 2100 chassis has 12 fixed RJ-45 1G/100M/10M) ports. They are numbered from top to
bottom, left to right starting with 1 and are named Ethernet 1/1 through Ethernet 1/12.
The 2110 and 2120 also have four fixed SFP (1G) ports, and the 2130 and 2140 have four fixed SFP+
(1G/10G) ports. They are fiber ports numbered left to right (1/13 through 1/16).
Each port has LEDs that represent Link/Activity status.
Cisco Firepower 2100 Series Hardware Installation Guide
8
Overview
Front Panel LEDs
The following figure shows the Firepower 2110 and 2120 front panel LEDs.
Figure 7: Firepower 2110 and 2120 Front Panel LEDs
Front Panel LEDs
1
• Unlit – Input power is not
detected. Standby power is off.
• Blinking green – The system has
detected a power switch toggle
event, and initiated the shutdown
sequence. If the power switch is
in the OFF position, the system
powers off after shutdown is
completed. Do not remove the AC
or DC power source while this
LED is blinking so that the system
has time to perform a graceful
shutdown.
• Solid amber – The system is
powering up (before the BIOS
boots). This takes one to five
seconds at most.
• Solid green – The system is fully
powered up.
2PWR
Locator Beacon
• Unlit – Locate is off.
• Solid blue – Locate is on.
Note
The Locator beacon helps
you locate a unit that needs
physical service attention.
This feature is activated in
the software.
Cisco Firepower 2100 Series Hardware Installation Guide
9
Front Panel LEDs
Overview
3
4SYS (Health)
• Unlit – The system has not booted
up yet.
• Blinking green – The system is
booting up or in bootloader stage.
• Solid green – The system has fully
booted.
ACT (Active)
• Unlit – The system in standby
mode.
• Green – The system is active.
The status is updated every 10
seconds.
• Amber – Not in use at this time.
• Solid amber – The system boot up
has failed.
• Blinking amber – Alarm
condition, system needs service or
attention and may not boot
properly.
5
6SSD1 ACT
• Unlit – SSD is not present.
• Solid green – SSD is present; no
activity.
• Blinking green – SSD is active.
SSD2 ACT
• Unlit – SSD is not present.
• Solid green – SSD is present; no
activity.
• Blinking green – SSD is active.
7
8FAN
• Unlit – The environmental
subsystem is not active yet.
SSD1 Alert Status
• Unlit – SSD has normal activity.
• Solid amber – SSD failure.
• Solid green—The fans are running
normally. It may take up to one
minute for the LED status to turn
green after power is on.
• Solid amber—One fan has failed.
The system can continue to
operate normally, but fan service
is required.
• Blinking amber—Two or more
fans have failed, or the fan tray has
been removed from the system.
Immediate attention is required.
9
10SSD2 Alert Status
• Unlit – SSD has normal activity.
• Solid amber – SSD failure.
Ethernet Link
• Solid green – The link partner is
detected; no activity.
• Blinking green – Network
activity is detected.
Cisco Firepower 2100 Series Hardware Installation Guide
10
Overview
Front Panel LEDs
11
12Ethernet Speed
• Blinking green – The number of
blinks determines link speed; 1
blink=10Mbit, 2=100Mbit,
3=1Gbit.
Fiber Port
• Solid green – Port is enabled, the
link partner is detected.
• Solid amber – Port is enabled,
but the link partner is not
detected.
• Blinking green – Port is enabled;
network activity is detected.
The following figure describes the Firepower 2130 and 2140 front panel LEDs.
Figure 8: Firepower 2130 and 2140 Front Panel LEDs
Cisco Firepower 2100 Series Hardware Installation Guide
11
Front Panel LEDs
Overview
1
2Power
• Unlit – Input power is not
detected. Standby power is off.
Locator LED
• Unlit – Locate is off.
• Solid blue – Locate is on.
• Blinking green – The system has
detected a power switch toggle
event, and initiated the shutdown
sequence. If the power switch is
in the OFF position, the system
powers off after shutdown is
Note
The Locator beacon helps
you locate a unit that needs
physical service attention.
This feature is activated in
the software.
completed. Do not remove the AC
or DC power source while this
LED is blinking so that the system
has time to perform a graceful
shutdown.
• Solid amber – The system is
powering up (before the BIOS
boots). This takes one to five
seconds at most.
• Solid green – The system is fully
powered up.
3
4SYS (Health)
ACT (Active)
• Unlit – The system has not booted
up yet.
• Blinking green – The system is
booting up or in bootloader stage.
• Solid green – The system has fully
booted.
• Unlit – The system in standby
mode.
• Green – The system is active.
The status is updated every 10
seconds.
• Amber – Not in use at this time.
• Solid amber – The system boot up
has failed.
• Blinking amber – Alarm
condition, system needs service or
attention and may not boot
properly.
5
6SSD1 ACT
• Unlit – The SSD is not present.
• Solid green – The SSD is present;
no activity.
• Blinking green – The SSD is
active.
SSD2 ACT
• Unlit – The SSD is not present.
• Solid green – The SSD is
present; no activity.
• Blinking green – The SSD is
active.
Cisco Firepower 2100 Series Hardware Installation Guide
12
Overview
Front Panel LEDs
7
8PSU-1
• Unlit – The power supply module
is not present or not detected.
• Solid green – The power supply
module is present and working
properly.
• Solid amber – The power supply
module is present but a fault or
problem has been detected.
PSU-2
• Unlit – The power supply
module is not present or not
detected.
• Solid green – The power supply
module is present and working
properly.
• Solid amber – The power supply
module is present but a fault or
problem has been detected.
9
10FAN
• Unlit – The environmental
subsystem is not active yet.
SSD1 Alert Status
• Unlit – SSD has normal activity.
• Solid amber – SSD failure.
• Solid green—The fans are running
normally. It may take up to one
minute for the LED status to turn
green after power is on.
• Solid amber—One fan has failed.
The system can continue to
operate normally, but fan service
is required.
11
13
• Blinking amber—Two or more
fans have failed, or the fan tray has
been removed from the system.
Immediate attention is required.
• Unlit – SSD has normal activity.
• Solid amber – SSD failure.
• Blinking green – The number of
blinks determines link speed; 1
blink=10Mbit, 2=100Mbit,
3=1Gbit.
12SSD2 Alert Status
Ethernet Link
• Solid green – The link partner is
detected; no activity.
• Blinking green – Network
activity is detected.
14Ethernet Speed
Fiber Port
• Solid green – Port is enabled, the
link partner is detected.
• Solid amber – Port is enabled,
but the link partner is not
detected.
• Blinking green – Port is enabled;
network activity is detected.
Cisco Firepower 2100 Series Hardware Installation Guide
13
Rear Panel
Rear Panel
Overview
The following figure shows the rear panel of the Firepower 2110 and 2120.
Figure 9: Firepower 2110 and 2120 Rear Panel
Fixed power supply module2Power on/off switch1
4Fixed fans3
The following figure shows the rear panel of the Firepower 2130 and 2140.
Figure 10: Firepower 2130 and 2140 Rear Panel
Two-post grounding lug
Note
Power supply module 1 FAIL LED2Power on/off switch1
Power supply module 14Power supply module 2 FAIL LED3
The two-post grounding lug is
included in the accessory kit.
Fan tray6Power supply module 1 OK LED5
Power supply module 2 OK LED8Power supply module 27
Cisco Firepower 2100 Series Hardware Installation Guide
14
Overview
Network Modules
9
Power Switch
For More Information
Two-post grounding lug
Note
The power switch is located to the left of power supply module 1 on the rear of the chassis. It is a toggle
switch that controls power to the system. If the power switch is in standby position, only the 3.3V
standby power is enabled from the power supply module and the 12V main power is OFF. When the
switch is in the ON position, the 12V main power is turned on and the system boots.
Before you move the power switch to the OFF position, use the shutdown commands so that the system
can perform a graceful shutdown. This may take several minutes to complete. After the graceful shutdown
is completed, the front panel power LED is unlit and the console displays Power Down. See the FXOS
Configuration Guide for more information on using these commands.
Caution
The two-post grounding lug is
included in the accessory kit.
If you move the power switch to the OFF position before the shutdown
command sequence has completed or if you remove the system power cords
before the graceful shutdown is complete, disk corruption can occur.
See Remove and Replace the Power Supply Module, on page 46 for the procedure for removing and
•
replacing the power supply module in the Firepower 2130 and 2140.
See Remove and Replace the Fan Tray, on page 54 for the procedure for removing and replacing the
•
fan tray in the Firepower 2130 and 2140.
See Ground the Chassis, on page 38 for the procedure for using the grounding lug to ground the chassis.
•
See Power Supply Modules, on page 17 for a description of the power supply module LEDs.
•
See Front Panel LEDs, on page 9 for a description of the fan LEDs.
•
Network Modules
The Firepower 2130 and 2140 contain one network module slot that provides optical or electrical network
interfaces. Network modules are optional, removable I/O modules that provide either additional ports or
different interface types. The Firepower network module plugs into the chassis on the front panel.
The network module is NOT hot swappable.Note
The Firepower 2130 and 2140 support the Firepower 8-port 10G Network Module single-wide
(FPR-NM-8X10G SFP+). The 10 Gigabit Ethernet network module ports are numbered from top to bottom,
left to right.
Cisco Firepower 2100 Series Hardware Installation Guide
15
Network Modules
Overview
The following figure shows the front panel view of the 10G network module.
Figure 11: Firepower Network Module 10G
Ethernet 2/12Captive screw/handle1
Ethernet 2/54Ethernet 2/33
Ethernet 2/26Ethernet 2/75
Ethernet 2/68Ethernet 2/47
10Ethernet 2/89
Network activity LEDs
• Unlit – No connection or port is not
in use.
• Solid amber – No link or network
failure.
• Solid green – Link up.
• Blinking green – Network activity.
For More Information
See Supported SFP/SFP+ Transceivers, on page 20 for a list of supported SFPS.
•
See Remove and Replace the Network Module, on page 43 for the procedure for removing and replacing
•
network modules.
Cisco Firepower 2100 Series Hardware Installation Guide
16
Overview
Power Supply Modules
The Firepower 2110 and 2120 have one fixed AC power supply. If the power supply fails, you must send
your Firepower 2110 or 2120 for RMA.
The Firepower 2130 and 2140 support two AC power supply modules so that dual power supply redundancy
protection is available. The Firepower 2130 ships with one AC power supply and the Firepower 2140 ships
with two AC power supplies. You can also install DC power supply modules rather than AC power on the
2130 and 2140. Facing the back of the chassis, the power supply modules are numbered left to right, for
example, PSU1 and PSU2.
You CANNOT mix AC and DC power supply modules in the chassis.Note
The power supply module is hot swappable.Note
Power Supply Modules
Note
Note
The system power requirements are lower than the power supply module capabilities. See the following
table.
Make sure that one power supply module is always active.Attention
AC Power Supply
The dual power supplies can supply up to 800W power across the input voltage range. The load is shared
when both power supply modules are plugged in and running at the same time.
The system does not consume more than the capacity of one power supply module, so it will always
operate in full redundancy mode (2130 and 2140 only) when two power supply modules are installed.
Table 2: AC Power Supply Module Hardware Specifications
2140213021202110
100 to 240V ACInput voltage
6.3A (at 100V AC)4A (at 100V AC)Maximum current
power
400W250WMaximum output
Cisco Firepower 2100 Series Hardware Installation Guide
17
Power Supply Modules
Overview
2140213021202110
Maximum
—
800W
redundancy output
power
Redundancy
—
1+1 redundancy
50 to 60HzFrequency
89%Efficiency at 50%
load
DC Power Supply
The power supplies can supply up to 350W power across the input voltage range. The load is shared when
both power supply modules are plugged in and running at the same time.
Table 3: DC Power Supply Module Hardware Specifications
21402130
-48 to -60V DCInput voltage
Maximum current
15A (at -48V DC)
Note
The power supply module is rated at 15A but the system power
is limited to 6.1A. See Hardware Specifications, on page 23
for more system specifications.
350WMaximum output power
1+1 redundancyRedundancy
92%Efficiency at 50% load
Cisco Firepower 2100 Series Hardware Installation Guide
18
Overview
Power Supply Modules
Power Supply Module LEDs
The following figure shows the bicolor power supply LEDs on the power supply module. The figure shows
the AC power supply module. The DC power supply module has the same LEDs.
Figure 12: Power Supply Module LEDs
Green OK LED2Amber FAIL LED1
The following describes the power module supply LEDs.
Green LED (OK Status)
• Unlit – Input power not present.
• Blinking green – Input power present, but system is not powered up (power switch is off).
• Solid green – The power supply module is enabled and running.
Amber LED (Fail Status)
• Unlit – No fault detected.
• Blinking amber – Fault warning, power supply may still work but could fail due to high temperature,
failing fan, or over current.
• Solid amber – Fault detected; power supply not working properly. Includes over voltage, over current,
over temperature, and fan failure.
For More Information
See Remove and Replace the Power Supply Module, on page 46 for the procedure for removing and
•
replacing the power supply module in the Firepower 2130 and 2140.
Cisco Firepower 2100 Series Hardware Installation Guide
19
Fans
Fans
SSDs
Overview
The Firepower 2110 and 2120 have 4 fixed fans.
The Firepower 2130 and 2140 have a removable fan tray with three + one redundant fans that are hot swappable.
The fan tray is installed in the rear of the chassis. Any one fan can fail indefinitely and the system continues
to function. When a fan fails, the remaining fans automatically spin up to full speed.
The fan LED is located on the front of the chassis.
For More Information
See Front Panel LEDs, on page 9 for the location and description of the fan LED.
•
See Remove and Replace the Fan Tray, on page 54 for the procedure for removing and replacing the
•
fan tray.
Caution
Note
The Firepower 2110 and 2120 have two SSD slots. These models ship with one 100-GB SSD installed in slot
1. The Firepower 2130 and 2140 have two SSD slots. These models ship with one 200-GB SSD installed in
slot 1.
You can use the second SSD slot to upgrade to the MSP. The MSP MUST be installed in the second slot. The
MSP stores threat detection results for use in future analysis. It supports the Advanced Malware Protection
(AMP) software feature. It is used as both storage and as the Malware application repository. RAID is not
supported.
You cannot swap SSDs between different Firepower platforms. For example, you cannot use a 4100 series
SSD in a 2100 series security appliance.
The 100-GB SSD is restricted to the 2110 and 2120 models. The 200-GB SSD is restricted to the 2130
and 2140 models. Do not mix them.
Although the hardware supports hot swapping for the SSDs, the software does not, so you must power down
the chassis before removing and replacing them.
For More Information
See Front Panel, on page 6 for the location and description of the SSD LEDs on the front panel.
•
See Remove and Replace the SSD, on page 45 for the procedure for removing and replacing the SSD.
•
Supported SFP/SFP+ Transceivers
Take note of the following warnings:
Cisco Firepower 2100 Series Hardware Installation Guide
20
Overview
Supported SFP/SFP+ Transceivers
Warning
Warning
Warning
Warning
Statement 1053—Class 1M Laser Radiation
Class 1M laser radiation when open. Do not view directly with optical instruments.
Statement 1055—Class I and Class 1M Laser
Class I (CDRH) and Class 1M (IEC) laser products.
Statement 1056—Unterminated Fiber Cable
Invisible laser radiation may be emitted from the end of the unterminated fiber cable or connector. Do not
view directly with optical instruments. Viewing the laser output with certain optical instruments (for
example, eye loupes, magnifiers, and microscopes) within a distance of 100 mm may pose an eye hazard.
Statement 1057—Hazardous Radiation Exposure
Use of controls or adjustments or performance of procedures other than those specified may result in
hazardous radiation exposure.
The SFP/SFP+ transceiver is a bidirectional device with a transmitter and receiver in the same physical
package. It is a hot-swappable optical interface that plugs into the SFP/SFP+ ports on the fixed ports and the
network module ports, and provides Ethernet connectivity.
Figure 13: SFP
Bail clasp2Dust plug1
Transmit optical bore4Receive optical bore3
Cisco Firepower 2100 Series Hardware Installation Guide
21
Supported SFP/SFP+ Transceivers
Overview
Warning
Note
Caution
Use appropriate electrostatic discharge (ESD) procedures when inserting the transceiver. Avoid touching
the contacts at the rear, and keep the contacts and ports free of dust and dirt. Keep unused transceivers in
the ESD packing that they were shipped in.
The 1G transceivers are limited to 1GB operation only (no auto-negotiation support). 100M/10M modes
are not supported.
Although non-Cisco SFPs are allowed, we do not recommend using them because they have not been
tested and validated by Cisco. Cisco TAC may refuse support for any interoperability problems that result
from using an untested third-party SFP transceiver.
The following table lists the supported transceivers.
Table 4: Supported SFPs
Ports SupportedPIDOptics Type
SFP 1G
GLC-SX-MMD1G-SX
GLC-LH-SMD1G-LH
Ports 13 through 16
Ports 1 though 8 of the 8X10G network
module (available only on the 2130 and 2140)
SFP+ 10G
GLC-EX-SMD1G-EX
GLC-ZX-SMD1G-ZX
Cisco Firepower 2100 Series Hardware Installation Guide
22
Overview
Hardware Specifications
H10GB-CU 1M, 1.5M, 2M,
2.5M, 3M, 5M
SFP-10G-SR10G-SR
SFP-10G-LR10G-LR
SFP-10G-LRM10G-LRM
SFP-10G-ER10G-ER
SFP-10G-SR-S10G-SR-S
SFP-10G-LR-S10G-LR-S
SFP-10G-ZR-S10G-ZR-S
SFP-10G-ER-S10G-ER-S
SFP-H10GB-CU1M
SFP-H10GB-CU1-5M
SFP-H10GB-CU2M
SFP-H10GB-CU2-5
SFP-H10GB-CU3M
SFP-H10GB-CU5M
Ports 13 through 16
Ports 1 though 8 of the 8X10G network
module (available only on the 2130 and 2140)
H10GB-ACU 7M, 10M
10G-AOC 1M, 2M, 3M, 5M,
7M, 10M
Hardware Specifications
The following table contains hardware specifications for the Firepower 2100 series security appliance.
Physical
Form factor
1 RU
Fits standard 19-in (48.3-cm) square-hole rack.
SFP-H10GB-ACU7M
SFP-H10GB-ACU10M
SFP-10G-AOC1M
SFP-10G-AOC2M
SFP-10G-AOC3M
SFP-10G-AOC5M
SFP-10G-AOC7M
SFP-10G-AOC10M
2140213021202110Specification
Cisco Firepower 2100 Series Hardware Installation Guide
23
Hardware Specifications
Overview
2140213021202110Specification
Rack mountable
x D)
Storage
SSD
MSP
Memory
Power
Yes
Fixed 2 two-post mount brackets
Optional: 4-post EIA-310-D mount rails
1.73 x 16.90 x 19.76 in (4.4 x 42.9 x 50.2 cm)Dimensions (H x W
100 GB
Note
The storage SSD must be
installed in slot 1.
800 GB
Note
The MSP SSD must be installed in slot
2.
Yes
4-post EIA-31-D mount rails
Optional: 2 two-post mount brackets
21 lb (9.52 kg)19.4 lb (8.79 kg)16.1 lb (7.3 kg)Weight
200 GB
Note
The storage SSD must be
installed in slot 1.
64 GB32 GB16 GBDDR4 DRAM
System power
module
Environmental
Temperature
Humidity
Altitude
100/240VAC 1.9A (at 100VAC), 50 to 60
Hz
Note
The power supply module is rated
at 4A, but the system power is
limited to 1.9A.
100/240VAC 2.9A (at 100VAC), 50 to 60
Hz
Note
The power supply module is rated
at 6.3A, but the system power is
limited to 2.9A.
AC or DCACPower supply
YesNoRedundant power
Operating: 32⁰ to 104⁰F (0⁰ to 40⁰C)
Nonoperating: -40⁰ to 149°F (-40⁰ to 65°C) maximum altitude is 40,000 ft
Operating: 10 to 85 percent noncondensing
Nonoperating: 5 to 95 percent noncondensing
Operating: 10,000 ft maximum
Nonoperating: 40,000 ft maximum
Cisco Firepower 2100 Series Hardware Installation Guide
24
Overview
Hardware Specifications
2140213021202110Specification
Acoustic Noise
Sound pressure
Sound power
47.3 dBA (typical)
73.4 dBA (maximum)
60.2 (typical)
85.1 (maximum)
Front to backAir flow
55.7 dBA (typical)
76.7 dBA (maximum)
66 (typical)
84.5 (maximum)
Cisco Firepower 2100 Series Hardware Installation Guide
25
Hardware Specifications
Overview
Cisco Firepower 2100 Series Hardware Installation Guide
26
CHAPTER 2
Installation Preparation
This chapter prepares you to install the Firepower 2100 security appliance, and contains the following
sections:
Installation Notes and Warnings, page 27
•
Safety Recommendations, page 30
•
Maintain Safety with Electricity , page 30
•
Prevent Electrostatic Discharge Damage , page 31
•
Site Environment , page 31
•
Site Considerations, page 31
•
Power Supply Considerations, page 31
•
Equipment Rack Configuration Considerations, page 32
•
Installation Notes and Warnings
Be sure to read the Regulatory Compliance and Safety Information document before installing the security
appliance.
Take note of the following warnings:
Warning
Statement 1071—Warning Definition
IMPORTANT SAFETY INSTRUCTIONS
This warning symbol means danger. You are in a situation that could cause bodily injury. Before you
work on any equipment, be aware of the hazards involved with electrical circuitry and be familiar with
standard practices for preventing accidents. Use the statement number provided at the end of each warning
to locate its translation in the translated safety warnings that accompanied this device.
SAVE THESE INSTRUCTIONS
Cisco Firepower 2100 Series Hardware Installation Guide
27
Installation Notes and Warnings
Installation Preparation
Warning
Warning
Warning
Warning
Statement 1015—Battery Handling
There is the danger of explosion if the battery is replaced incorrectly. Replace the battery only with the
same or equivalent type recommended by the manufacturer. Dispose of used batteries according to the
manufacturer's instructions.
Statement 12—Power Supply Disconnection Warning
Before working on a chassis or working near power supplies, unplug the power cord on AC units; disconnect
the power at the circuit breaker on DC units.
Statement 43—Jewelry Removal Warning
Before working on equipment that is connected to power lines, remove jewelry (including rings, necklaces,
and watches). Metal objects will heat up when connected to power and ground and can cause serious burns
or weld the metal object to the terminals.
Statement 94—Wrist Strap Warning
During this procedure, wear grounding wrist straps to avoid ESD damage to the card. Do not directly
touch the backplane with your hand or any metal tool, or you could shock yourself.
Warning
Warning
Warning
Warning
Statement 1004—Installation Instructions
Read the installation instructions before connecting the system to the power source.
Statement 1007—TN and IT Power Systems
This equipment has been designed for connection to TN and IT power systems.
Statement 1017—Restricted Area
This unit is intended for installation in restricted access areas. A restricted access area can be accessed
only through the use of a special tool, lock and key, or other means of security.
Statement 1021—SELV Circuit
To avoid electric shock, do not connect safety extra-low voltage (SELV) circuits to telephone-network
voltage (TNV) circuits. LAN ports contain SELV circuits, and WAN ports contain TNV circuits. Some
LAN and WAN ports both use RJ-45 connectors. Use caution when connecting cables.
Cisco Firepower 2100 Series Hardware Installation Guide
28
Installation Preparation
Installation Notes and Warnings
Warning
Warning
Warning
Warning
Statement 1024—Ground Conductor
This equipment must be grounded. Never defeat the ground conductor or operate the equipment in the
absence of a suitably installed ground conductor. Contact the appropriate electrical inspection authority
or an electrician if you are uncertain that suitable grounding is available.
Statement 1028—More Than One Power Supply
This unit might have more than one power supply connection. All connections must be removed to
de-energize the unit.
Statement 1029—Blank Faceplates and Cover Panels
Blank faceplates and cover panels serve three important functions: they prevent exposure to hazardous
voltages and currents inside the chassis; they contain electromagnetic interference (EMI) that might disrupt
other equipment; and they direct the flow of cooling air through the chassis. Do not operate the system
unless all cards, faceplates, front covers, and rear covers are in place.
Statement 1030—Equipment Installation
Only trained and qualified personnel should be allowed to install, replace, or service this equipment.
Warning
Warning
Warning
Warning
Statement 1040—Product Disposal
Ultimate disposal of this product should be handled according to all national laws and regulations.
Statement 1073—No User-Serviceable Parts
No user-serviceable parts inside. Do not open.
Statement 1045—Short-circuit Protection
This product requires short-circuit (overcurrent) protection to be provided as part of the building installation.
Install only in accordance with national and local wiring regulations.
Statement 1074—Comply with Local and National Electrical Codes
Installation of the equipment must comply with local and national electrical codes.
Cisco Firepower 2100 Series Hardware Installation Guide
29
Safety Recommendations
Safety Recommendations
Use the information in the following sections to help ensure your safety and to protect the chassis. This
information may not address all potentially hazardous situations in your working environment, so be alert and
exercise good judgment at all times.
Observe these safety guidelines:
Keep the area clear and dust-free before, during, and after installation.
•
Keep tools away from walkways, where you and others might trip over them.
•
Do not wear loose clothing or jewelry, such as earrings, bracelets, or chains that could get caught in the
•
chassis.
Wear safety glasses if you are working under any conditions that might be hazardous to your eyes.
•
Do not perform any action that creates a potential hazard to people or makes the equipment unsafe.
•
Never attempt to lift an object that is too heavy for one person.
•
Installation Preparation
Maintain Safety with Electricity
Before working on a chassis, be sure the power cord is unplugged.Warning
Be sure to read the document before installing the security appliance.
Follow these guidelines when working on equipment powered by electricity:
Before beginning procedures that require access to the interior of the chassis, locate the emergency
•
power-off switch for the room in which you are working. Then, if an electrical accident occurs, you can
act quickly to turn off the power.
Do not work alone if potentially hazardous conditions exist anywhere in your work space.
•
Never assume that power is disconnected; always check.
•
Look carefully for possible hazards in your work area, such as moist floors, ungrounded power extension
•
cables, frayed power cords, and missing safety grounds.
If an electrical accident occurs:
•
Use caution; do not become a victim yourself.
◦
Disconnect power from the system.
◦
If possible, send another person to get medical aid. Otherwise, assess the condition of the victim,
◦
and then call for help.
Determine whether the person needs rescue breathing or external cardiac compressions; then take
◦
appropriate action.
Use the chassis within its marked electrical ratings and product usage instructions.
•
Cisco Firepower 2100 Series Hardware Installation Guide
30
Installation Preparation
Prevent Electrostatic Discharge Damage
Electrostatic discharge (ESD) occurs when electronic components are improperly handled, and it can damage
equipment and impair electrical circuitry, resulting in intermittent or complete failure.
Always follow ESD-prevention procedures when removing and replacing components. Ensure that the chassis
is electrically connected to an earth ground. Wear an ESD-preventive wrist strap, ensuring that it makes good
skin contact. Connect the grounding clip to an unpainted surface of the chassis frame to safely ground ESD
voltages. To properly guard against ESD damage and shocks, the wrist strap and cord must operate effectively.
If no wrist strap is available, ground yourself by touching the metal part of the chassis.
For safety, periodically check the resistance value of the antistatic strap, which should be between one and
10 megohms.
Site Environment
See Hardware Specifications, on page 23 for information about physical specifications.
When planning the site layout and equipment locations, consider the information in the next sections to help
avoid equipment failures and reduce the possibility of environmentally caused shutdowns. If you are currently
experiencing shutdowns or unusually high error rates with your existing equipment, these considerations may
help you isolate the cause of failures and prevent future problems.
Prevent Electrostatic Discharge Damage
Site Considerations
Considering the following helps you plan an acceptable operating environment for the chassis, and avoid
environmentally caused equipment failures.
Electrical equipment generates heat. Ambient air temperature might not be adequate to cool equipment
•
to acceptable operating temperatures without adequate circulation. Ensure that the room in which you
operate your system has adequate air circulation.
Ensure that the chassis cover is secure. The chassis is designed to allow cooling air to flow effectively
•
within it. An open chassis allows air leaks, which may interrupt and redirect the flow of cooling air from
the internal components.
Always follow the ESD-prevention procedures described previously to avoid damage to equipment.
•
Damage from static discharge can cause immediate or intermittent equipment failure.
Power Supply Considerations
See Power Supply Modules, on page 17 for more detailed information about the power supply modules for
your model.
When installing the chassis, consider the following:
• Check the power at the site before installing the chassis to ensure that it is “clean” (free of spikes and
noise). Install a power conditioner, if necessary, to ensure proper voltages and power levels in the
appliance input voltage.
Cisco Firepower 2100 Series Hardware Installation Guide
31
Equipment Rack Configuration Considerations
Install proper grounding for the site to avoid damage from lightning and power surges.
•
The chassis does not have a user-selectable operating range. Refer to the label on the chassis for the
•
correct appliance input-power requirement.
Several styles of AC-input power supply cords are available; make sure that you have the correct style
•
for your site.
Install an uninterruptible power source for your site, if possible.
•
If you are using dual redundant (1+1) power supplies, we recommend that you use independent electrical
•
circuits for each power supply.
Equipment Rack Configuration Considerations
Consider the following when planning an equipment-rack configuration:
If you are mounting a chassis in an open rack, make sure that the rack frame does not block the intake
•
or exhaust ports.
Installation Preparation
Be sure enclosed racks have adequate ventilation. Make sure that the rack is not overly congested as
•
each chassis generates heat. An enclosed rack should have louvered sides and a fan to provide cooling
air.
In an enclosed rack with a ventilation fan in the top, heat generated by equipment near the bottom of
•
the rack can be drawn upward and into the intake ports of the equipment above it in the rack. Ensure
that you provide adequate ventilation for equipment at the bottom of the rack.
Baffles can help to isolate exhaust air from intake air, which also helps to draw cooling air through the
•
chassis. The best placement of the baffles depends on the airflow patterns in the rack. Experiment with
different arrangements to position the baffles effectively.
Cisco Firepower 2100 Series Hardware Installation Guide
32
Mount and Connect
This chapter describes how to rack-mount the Cisco Firepower 2100 security appliance, and how to connect
the cords and cables. It contains the following sections:
Rack-Mount the Chassis, page 33
•
Ground the Chassis, page 38
•
Connect Cables, Turn on Power, and Verify Connectivity, page 39
•
Rack-Mount the Chassis
Take note of the following warnings:
CHAPTER 3
Warning
Warning
Statement 1006—Chassis Warning for Rack-Mounting and Servicing
To prevent bodily injury when mounting or servicing this unit in a rack, you must take special precautions
to ensure that the system remains stable. The following guidelines are provided to ensure your safety:
This unit should be mounted at the bottom of the rack if it is the only unit in the rack.
•
When mounting this unit in a partially filled rack, load the rack from the bottom to the top with the
•
heaviest component at the bottom of the rack.
If the rack is provided with stabilizing devices, install the stabilizers before mounting or servicing
•
the unit in the rack.
Statement 1024—Ground Conductor
This equipment must be grounded. Never defeat the ground conductor or operate the equipment in the
absence of a suitably installed ground conductor. Contact the appropriate electrical inspection authority
or an electrician if you are uncertain that suitable grounding is available.
Cisco Firepower 2100 Series Hardware Installation Guide
33
Rack-Mount the Chassis
Mount and Connect
Warning
Statement 1047—Overheating Prevention
To prevent the system from overheating, do not operate it in an area that exceeds the maximum
recommended ambient temperature of: 40°C
This procedure describes how to install the Firepower 2100 series in a rack using the rack kit. It applies to all
models of the 2100 series. For the 2110/2120, you install 3 screws on the chassis to secure the slide rail. For
the 2130/2140, you install use the pegs on the chassis to secure the slide rail.
Before You Begin
You need the following to install the Firepower 2100 in a rack (4-post EIA-310-D rack):
#1 Phillips Head screwdriver
•
Firepower 2100 kit that contains the following:
•
One slide rail set
◦
Two brackets with captive screws
◦
Six 8-32 0.25" screws
◦
Two M3x6mm screws
◦
Six 8-32" shoulder screws
◦
Cisco Firepower 2100 Series Hardware Installation Guide
34
Mount and Connect
Rack-Mount the Chassis
Slide rail assemblies work with four-post racks and cabinets with square slots, round 7.1mm holes, #10-32
threaded holes, and #12-24 threaded holes on the rack post front. The slide rail works with front to back
spacing of rack posts from 24 to 36 inches.
Step 1
Attach a rack mount bracket to each side of the chassis using the six 8-32 x .375" countersink Phillip head screws (three
per side) provided in the kit.
Figure 14: Attaching the Rack Mount Bracket to the Side of the Chassis
Step 2
3
8-32 x 0.25" countersink Phillip head screws
(3 per side)
Attach the inner rails to the sides of the chassis:
a) Remove the inner rails from the slide rail assemblies.
b) Align an inner rail with each side of the chassis:
Rack mount bracket2Chassis1
Cisco Firepower 2100 Series Hardware Installation Guide
35
Rack-Mount the Chassis
For the 2110/2120, install the three 8-32" screws into each side of the chassis, and align the inner rail so that
•
the three slots on the rail line up with the screws on the chassis.
Figure 15: Installing the Screws on the 2110/2120 Chassis and Lining up the Inner Rail
Mount and Connect
Inner rail28-32" screw1
M3X6mm screw (1 per side)3
For the 2130/2140, align the inner rail so that the three slots on the rail line up with the three pegs on the side
•
of the chassis.
Figure 16: Lining up the Inner Rail with the Pegs on the 2130/2140 Chassis
Inner rail2Mounting peg on the chassis for the keyed slot1
M3X6mm screw (1 per side)3
c) Set the keyed slots over the screws/pegs, and then slide the rail toward the front to lock it in place on the screw/pegs.
The rear key slot has a metal clip that locks over the screw/peg.
d) Using one M3X6mm screw, secure the inner rail to the side of the chassis to prevent sliding.
Cisco Firepower 2100 Series Hardware Installation Guide
36
Mount and Connect
e) Install the second inner rail to the opposite side of the chassis and secure with the other M3X6mm screw.
Rack-Mount the Chassis
Step 3
Open the front securing plate on both slide-rail assemblies. The front end of the slide-rail assembly has a spring-loaded
securing plate that must be open before you can insert the mounting pegs into the rack-post holes.
On the outside of the assembly, push the green arrow button toward the rear to open the securing plate.
Figure 17: Front Securing Mechanism Inside the Front End
1
Note
Works with square slots,
2Front mounting pegs
Securing plate shown pulled back to open
position
7.1mm holes, and 10-32
threaded holes.
Step 4
Step 5
Rack post3
Install the slide rails into the rack:
a) Align one slide-rail assembly front end with the front rack-post holes that you want to use.
The slide rail front-end wraps around the outside of the rack post and the mounting pegs enter the rack-post holes
from the outside-front.
Note
The rack post must be between the mounting pegs and the open securing
plate.
b) Push the mounting pegs into the rack-post holes from the outside-front.
c) Press the securing plate release button marked 'PUSH.' The spring-loaded securing plate closes to lock the pegs in
place.
d) Adjust the slide-rail length, and then push the rear mounting pegs into the corresponding rear rack-post holes. The
slide rail must be level front-to-rear.
The rear mounting pegs enter the rear rack-post holes from the inside of the rack post.
e) Attach the second slide-rail assembly to the opposite side of the rack. Make sure that the two slide-rail assemblies
are at the same height with each other and are level front-to-back.
f) Pull the inner slide rails on each assembly out toward the rack front until they hit the internal stops and lock in place.
Insert the chassis into the slide rails.
Cisco Firepower 2100 Series Hardware Installation Guide
37
Mount and Connect
Ground the Chassis
a) Align the rear of the inner rails that are attached to the chassis sides with the front ends of the empty slide rails on
the rack.
b) Push the inner rails into the slide rails on the rack until they stop at the internal stops.
c) Slide the release clip toward the rear on both inner rails, and then continue pushing the chassis into the rack until the
mounting brackets meet the front of the slide rail.
Figure 18: Inner Rail Release Clip
Step 6
Use the captive screws on the front of the mounting brackets to fully secure the chassis to the rack.
What to Do Next
Continue with Ground the Chassis, on page 38 and Connect Cables, Turn on Power, and Verify Connectivity,
on page 39.
Ground the Chassis
Warning
Statement 1024—Ground Conductor
This equipment must be grounded. Never defeat the ground conductor or operate the equipment in the
absence of a suitably installed ground conductor. Contact the appropriate electrical inspection authority
or an electrician if you are uncertain that suitable grounding is available.
Inner rail attached to chassis2Inner rail release clip1
Cisco Firepower 2100 Series Hardware Installation Guide
38
Mount and Connect
Connect Cables, Turn on Power, and Verify Connectivity
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Warning
Statement 1046—Installing or Replacing the Unit
When installing or replacing the unit, the ground connection must always be made first and disconnected
last.
Warning
Statement 1025—Use Copper Conductors Only
Use copper conductors only.
Caution
Grounding the chassis is required, even if the rack is already grounded. A grounding pad with two threaded
M4 holes is provided on the chassis for attaching a grounding lug. The ground lug must be NRTL-listed.
In addition, a copper conductor (wires) must be used and the copper conductor must comply with NEC
code for ampacity.
Use a wire-stripping tool to remove approximately 0.75 inches (19 mm) of the covering from the end of the grounding
cable.
Insert the stripped end of the grounding cable into the open end of the grounding lug.
Use the crimping tool to secure the grounding cable in the grounding lug.
Remove the adhesive label from the grounding pad on the chassis.
Place the grounding lug against the grounding pad so that there is solid metal-to-metal contact, and insert the two M4
screws with washers through the holes in the grounding lug and into the grounding pad.
Make sure that the lug and cable do not interfere with other equipment.
Prepare the other end of the grounding cable and connect it to an appropriate grounding point in your site to ensure
adequate earth ground.
Connect Cables, Turn on Power, and Verify Connectivity
Take note of the following warnings:
Warning
Statement 1005—Circuit Breaker
This product relies on the building's installation for short-circuit (overcurrent) protection. Ensure that the
protective device is rated not greater than:
Rated 120 V, 15 A (US), 250 V, 16A (EU)
Cisco Firepower 2100 Series Hardware Installation Guide
39
Connect Cables, Turn on Power, and Verify Connectivity
Mount and Connect
Warning
Warning
Warning
Warning
Warning
Statement 1007—TN and IT Power Systems
This equipment has been designed for connection to TN and IT power systems.
Statement 1002—DC Power Supply
When stranded wiring is required, use approved wiring terminations, such as closed-loop or spade-type
with upturned lugs. These terminations should be the appropriate size for the wires and should clamp both
the insulation and conductor.
Statement 1003—DC Power Disconnection
Before performing any of the following procedures, ensure that power is removed from the DC circuit.
Statement 1046—Installing or Replacing the Unit
When installing or replacing the unit, the ground connection must always be made first and disconnected
last.
Statement 1022—Disconnect Device
A readily accessible two-poled disconnect device must be incorporated in the fixed wiring.
Step 1
Step 2
Warning
Statement 1025—Use Copper Conductors Only
Use copper conductors only.
After rack mounting the Firepower 2100 series security appliance, follow these steps to connect cables, turn
on power, and verify connectivity.
Connect the console port.
Using a serial console cable, connect a computer or terminal server to the RJ-45 serial console port (baud rate is 9600)
so that you can use the Firepower Device Manager or the CLI (and then continue configuration using the Firepower
Management Center ) to initially set up the Firepower 2100.
Connect the management interface.
Install the management cable that was provided in the Firepower 2100 accessory kit in the Management port,
Cisco Firepower 2100 Series Hardware Installation Guide
40
Mount and Connect
Figure 19: Connecting the Cables to the Firepower 2100 Security Appliance
Connect Cables, Turn on Power, and Verify Connectivity
1
Console port (RJ-45)2Gigabit Ethernet Management interface (RJ-45)
Management 0 (also referred to as Management
1/1 and Diagnostic 1/1)
3
4Twelve fixed-port Gigabit Ethernet data
interfaces for SFP+ transceivers
Four fixed-port Gigabit Ethernet data interfaces
for SFP+ transceivers
Flip the SFP+ over to connect in the upper
ports.
Ethernet 1/1 through Ethernet 1/12
Note
The Ethernet 1/1 (WAN) port is
configured by default for internet
access. Connect your DHCP enabled
cable modem (internet) to this port.
Note
The Ethernet 1/2 (inside) port is
configured by default for inside
access. Firepower 2100 bootstrapping
is only supported on Ethernet 1/2 or
on Management 0.
5
Eight fixed port Gigabit Ethernet data interfaces
for SPF+ transceivers.
Step 3
Install the SFP/SFP+ transceivers.
Install SFP/SFP+/ transceivers in the Ethernet network interfaces in the fixed ports or in the network modules you have
installed taking care not to touch the contacts in the rear.
Flip the SFP+ over to connect in the upper ports. The SFP+ connects in the normal way in the lower ports. The sockets
on the upper row face up and the sockets on the lower row face down.
Warning
Do not force an SFP transceiver into a socket. This can jam the transceiver and can cause permanent damage
to the transceiver, the chassis, or both.
Caution
Although non-Cisco SFPs are allowed, we do not recommend using them because they have not been tested
and validated by Cisco. Cisco TAC may refuse support for any interoperability problems that result from
using an untested third-party SFP transceiver. See Supported SFP/SFP+ Transceivers, on page 20 for a list
of supported Cisco transceivers.
Cisco Firepower 2100 Series Hardware Installation Guide
41
Connect Cables, Turn on Power, and Verify Connectivity
Mount and Connect
Step 4
Step 5
Step 6
Step 7
Step 8
Step 9
Note
Use appropriate electrostatic discharge (ESD) procedures when inserting the transceiver. Avoid touching the
contacts at the rear, and keep the contacts and ports free of dust and dirt. Store unused SPFs in their ESD
packaging.
Connect the Ethernet interfaces.
Use the proper cable to connect the SFP/SFP+ transceivers in the fixed ports or in the network modules you have installed.
Note
The Ethernet 1/1 (WAN) port is configured by default for internet access. Connect your DHCP enabled cable
modem (internet) to this port.
Note
The Ethernet 1/2 (inside) port is configured by default for inside access. Firepower 2100 bootstrapping is only
supported on Ethernet 1/2 or on Management 0.
Attach the power cable to the appliance and connect it to an electrical outlet.
Press the power switch on the rear panel.
Check the PWR LED on the front panel. Solid green indicates that the appliance is powered on.
Check the SYS LED on the front panel. Solid green indicates that the system has passed power-on diagnostics.
Note
When you toggle the power switch from ON to OFF, it takes several seconds for the system to power off. During
this time, the PWR LED on the front panel blinks green. Do not remove the power cable until the PWR LED
is completely off. See Rear Panel, on page 14 for more information on the power switch.
See the quick start guide for your operating software to configure the Firepower 2100 series security appliance.
Cisco Firepower Threat Defense for the Firepower 2100 Series Using Firepower Device Manager Quick Start
•
Guide
Cisco Firepower Threat Defense for the Firepower 2100 Series Using Firepower Management Center Quick Start
•
Guide
Cisco Firepower 2100 Series Hardware Installation Guide
42
CHAPTER 4
Maintenance and Upgrades
This chapter contains procedures for maintaining and upgrading the Firepower 2100 security appliance, and
contains the following sections:
Remove and Replace the Network Module, page 43
•
Remove and Replace the SSD, page 45
•
Remove and Replace the Power Supply Module, page 46
•
Connect the DC Power Supply Module, page 48
•
Secure the Power Cord on the Power Supply Module, page 51
•
Remove and Replace the Fan Tray, page 54
•
Install the Optional Cable Management Brackets, page 55
•
Remove and Replace the Network Module
Take note of the following warnings:
Warning
Warning
Statement 1030—Equipment Installation
Only trained and qualified personnel should be allowed to install, replace, or service this equipment.
Statement 1073—No User-Serviceable Parts
No user-serviceable parts inside. Do not open.
You can remove and replace the network module in the Firepower 2130 and 2140. Although the hardware
supports removing and replacing the network module while the system is running, the software does not
Cisco Firepower 2100 Series Hardware Installation Guide
43
Remove and Replace the Network Module
currently support hot swapping. You must power down the chassis to remove and replace network modules.
See Network Modules, on page 15 for more information about Firepower network modules.
Maintenance and Upgrades
Step 1
Step 2
Step 3
Save your configuration.
Power down the security appliance by moving the power switch to the OFF position. See Rear Panel, on page 14 for
more information about the power switch.
To remove a network module, loosen the captive screw on the lower left side of the network module and pull out the
handle that is connected to the screw. This mechanically ejects the network module from the slot.
Figure 20: Removing the Network Module from the Firepower 2130 and 2140
Step 4
Step 5
Step 6
Step 7
44
If the slot is to remain empty, install a blank faceplate to ensure proper airflow and to keep dust out of the chassis;
otherwise, install another network module.
To replace a network module, hold the network module in front of the network module slot on the right of the chassis
and pull the network module handle out.
Slide the network module into the slot and push it firmly into place until the handle is flush with the front of the network
module.
Tighten the captive screw on the lower left side of the network module.
Power on the chassis so that the new network module is recognized.
What to Do Next
Follow the procedures in the FXOS Configuration Guide to connect to the network module and make sure
that it has been discovered correctly by the security appliance.
Cisco Firepower 2100 Series Hardware Installation Guide
Maintenance and Upgrades
Remove and Replace the SSD
Take note of the following warnings:
Remove and Replace the SSD
Warning
Warning
Note
Statement 1030—Equipment Installation
Only trained and qualified personnel should be allowed to install, replace, or service this equipment.
Statement 1073—No User-Serviceable Parts
No user-serviceable parts inside. Do not open.
Although the hardware supports removing and replacing SSDs while the system is running, the software does
not currently support hot swapping. You must power down the chassis to remove and replace SSDs.
The 100-GB SSD is restricted to the 2110 and 2120 models. The 200-GB SSD is restricted to the 2130
and 2140 models. Do not mix them.
You can install a Malware Storage Pack (MSP) in slot 2. The MSP stores threat detection data for use in future
analysis. It supports the Advanced Malware Protection (AMP) software feature. It is used as both storage and
as the Malware application repository. RAID is not supported.
Cisco Firepower 2100 Series Hardware Installation Guide
45
Remove and Replace the Power Supply Module
Maintenance and Upgrades
Step 1
Step 2
Step 3
Caution
Save your configuration.
Power down the chassis by moving the power switch to the OFF position. See Rear Panel, on page 14 for more information
on the power switch.
To remove the SSD in slot 1, face the front of the chassis, loosen the two captive screws on the SSD, and gently pull it
out of the chassis.
Figure 21: Removing the SSD
Do not switch the two SSDs. You MUST install the MSP in slot 2. If you remove it and install it in slot
1, all stored capture data are lost.
Step 4
Step 5
Step 6
Step 7
Step 8
To replace the SSD in slot 1, make sure the power switch is still in the OFF position, and then hold the SSD in front of
slot 1 and push it in gently until it is seated.
To install the MSP SSD, make sure the power switch is still in the OFF position, and then remove the blank faceplate
in Slot 2 by loosening the captive screws on either side of the faceplate.
Hold the MSP SSD in front of slot 2 and push it in gently until it is seated.
Caution
Tighten the captive screws on either side of the SSD.
Check the SSD LED to make sure the SSD is operative. See Front Panel LEDs, on page 9 for a description of the SSD
LEDs.
Do not switch the two SSDs. The MSP MUST be installed in slot 2. If you remove it and install it in slot 1,
all stored file capture data are lost.
Remove and Replace the Power Supply Module
Take note of the following warnings:
Cisco Firepower 2100 Series Hardware Installation Guide
46
Maintenance and Upgrades
Remove and Replace the Power Supply Module
Warning
Warning
Warning
Warning
Statement 1002—DC Power Supply
When stranded wiring is required, use approved wiring terminations, such as closed-loop or spade-type
with upturned lugs. These terminations should be the appropriate size for the wires and should clamp both
the insulation and conductor.
Statement 1003—DC Power Disconnection
Before performing any of the following procedures, ensure that power is removed from the DC circuit.
Statement 1015—Battery Handling
There is the danger of explosion if the battery is replaced incorrectly. Replace the battery only with the
same or equivalent type recommended by the manufacturer. Dispose of used batteries according to the
manufacturer's instructions.
Statement 1022—Disconnect Device
A readily accessible two-poled disconnect device must be incorporated in the fixed wiring.
Warning
Warning
Warning
Warning
Statement 1025—Use Copper Conductors Only
Use copper conductors only.
Statement 1030—Equipment Installation
Only trained and qualified personnel should be allowed to install, replace, or service this equipment.
Statement 1046—Installing or Replacing the Unit
When installing or replacing the unit, the ground connection must always be made first and disconnected
last.
Statement 1073—No User-Serviceable Parts
No user-serviceable parts inside. Do not open.
Cisco Firepower 2100 Series Hardware Installation Guide
47
Connect the DC Power Supply Module
Power supply modules are hot swappable. You can remove and replace power supply modules while the
system is running.
Maintenance and Upgrades
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Unplug the power supply cable before removing the power supply module. You cannot disengage the power supply
module latch without first removing the cable.
To remove a power supply module, face the back of the chassis and grasp the handle.
Press the latch found on the middle of the power supply to disengage the power supply.
Place your other hand under the power supply module to support it while you slide it out of the chassis.
Figure 22: Removing the Power Supply Module
If the slot is to remain empty, install a blank faceplate to ensure proper airflow and to keep dust out of the chassis;
otherwise, install another power supply module.
To replace a power supply module, hold the power supply module with both hands and slide it into the power supply
module bay.
Push in the power supply module gently until you hear the latch engage and it is seated.
Plug in the power supply cable.
Check the LED on the power supply to make sure the power supply is operative. See Power Supply Modules, on page
17
Connect the DC Power Supply Module
Take note of the following warnings:
Warning
Cisco Firepower 2100 Series Hardware Installation Guide
48
Statement 1030—Equipment Installation
Only trained and qualified personnel should be allowed to install, replace, or service this equipment.
Maintenance and Upgrades
Connect the DC Power Supply Module
Warning
Statement 1073—No User-Serviceable Parts
No user-serviceable parts inside. Do not open.
For the Cisco 2130 and 2140, the input connector and plug must be UL recognized under UL 486 for field
wiring. The connection polarity is from left to right: negative (–), positive (+), and ground.
Use the handle on the power supply installation and removal. You must support the module with one hand
because of its length.
Figure 23: Firepower 2100 DC Power Supply Module
FAIL and OK LEDs2Handle1
Ejector latch4DC power connector3
Before You Begin
The color coding of the DC input power supply leads depends on the color coding of the DC power
•
source at your site. Make sure that the lead color coding you choose for the DC input power supply
matches the lead color coding used at the DC power source and verify that the power source is connected
to the negative (–) terminal and to the positive (+) terminal on the power supply.
Cisco Firepower 2100 Series Hardware Installation Guide
49
Connect the DC Power Supply Module
Make sure that the chassis ground is connected on the chassis before you begin installing the DC power
•
supply. See Ground the Chassis, on page 38 for the procedure.
Maintenance and Upgrades
Step 1
Step 2
Step 3
Step 4
Step 5
Verify that the power is off to the DC circuit on the power supply module that you are installing.
While supporting the power supply module with one hand, insert the power supply module into the power supply bay
and gently push it in. See the illustration above for the location of the handle.
Use a wire-stripping tool to strip each of the 2 wires coming from the DC input power source. Strip the wires to
approximately 0.39 inch (10 mm) + 0.02 inch (0.5 mm). We recommend you use 14 AWG insulated wire.
Note
Do not strip more than the recommended length of wire because doing so could leave the wire exposed from
the terminal block.
Figure 24: Stripped DC Input Source Wire
Insert the exposed wire into the terminal block. Ensure that you cannot see any wire lead outside the plastic cover. Only
wires with insulation should extend from the terminal block.
Use a screwdriver to tighten the terminal block captive screws.
Caution
Do not overtorque the terminal block captive screws. Make sure that the connection is snug, but the wire is
not crushed. Verify by tugging lightly on each wire to make sure that they do not move.
Cisco Firepower 2100 Series Hardware Installation Guide
50
Maintenance and Upgrades
Figure 25: Tightening the Terminal Block Captive Screws
Secure the Power Cord on the Power Supply Module
Positive (+) lead wire2Negative (-) lead wire1
Step 6
Step 7
Step 8
Step 9
Repeat these steps for the remaining DC input power source wire as applicable.
Use a tie wrap so secure the wires to the rack, so that the wires are not pulled from the terminal block.
Set the DC disconnect switch in the circuit to ON. In a system with multiple power supplies, connect each power supply
to a separate DC power source. In the event of a power source failure, if the second source is still available, it can maintain
system operation.
Verify power supply operation by checking the power supply LED on the front of the chassis. See Front Panel LEDs,
on page 9 for the LED values.
Secure the Power Cord on the Power Supply Module
To secure the power supply module against accidental removal and thus prevent disrupting system performance,
use the tie wrap and clamp provided in the accessories kit that ships with your Firepower 2100 security
appliance.
Take note of the following warnings:
Cisco Firepower 2100 Series Hardware Installation Guide
51
Secure the Power Cord on the Power Supply Module
Maintenance and Upgrades
Step 1
Warning
Statement 1030—Equipment Installation
Only trained and qualified personnel should be allowed to install, replace, or service this equipment.
Warning
Statement 1073—No User-Serviceable Parts
No user-serviceable parts inside. Do not open.
Attach the clamp to the tie wrap by holding the clamp with the loop side on the bottom and sliding the tie wrap through
the box-shaped channel above the clamp (see the following figure).
One side of the tie wrap has evenly spaced ridges and the other is smooth. Be sure the ridged side is face up and that you
slide it through the open side of the channel. You will hear a click as the tie slides through—it moves in one direction
only. To remove the tie wrap from the clamp, push the lever on the closed side of the box-shaped channel and slide out
the tie wrap.
Figure 26: Tie Wrap Through the Box Channel of the Clamp
Step 2
52
Tie wrap2Box channel1
Attach the clamp to the power supply module:
a) Locate the hexagonal ventilation hole on the power supply module at the center of the plug just below the power
connector body (see the following figures).
b) Plug the snapping portion of the tie wrap into the hexagonal hole.
c) With the clamp side facing up, push the tie wrap in until it is fully engaged.
Cisco Firepower 2100 Series Hardware Installation Guide
Maintenance and Upgrades
Secure the Power Cord on the Power Supply Module
Caution
Make sure you have the correct location because you cannot remove the tie wrap from the power supply
module once you have installed it without damaging the tie wrap.
Figure 27: Connecting the Tie Wrap
Hexagonal hole2Tie wrap1
Step 3
Secure the clamp:
a) Plug in the power supply power cord and wrap the clamp around the over mold portion of the power cord.
b) Squeeze the clamp ends together to the power supply so that the annular teeth engage with the mate on the clamp.
c) Make sure the clamp fits snugly into the over mold.
d) Adjust the clamp position on the tie wrap so that the clamp is tight against the front of the over mold and the power
cord cannot be removed by lightly pulling on it.
Figure 28: Clamp on Over Mold of Power Cord
Cisco Firepower 2100 Series Hardware Installation Guide
53
Remove and Replace the Fan Tray
Maintenance and Upgrades
Step 4
If you need to remove the power cord, push the release tab on the clamp to force the annular clamp teeth to disengage
and the clamp opens up. You can then remove the clamp from the power cord.
Remove and Replace the Fan Tray
You can remove and replace the fan tray while the 2130 and 2140 are running. The air flow moves from front
to back. All fan modules are integrated in a single fan tray.
Caution
Warning
Removing the fan tray exposes the appliance to no airflow. Replace the fan tray within 30 seconds after
removal to avoid overheating the appliance. If you wait longer than 30 seconds, the appliance may power
off automatically to prevent damage to components. The appliance will not power up and boot properly
if the fan tray is missing.
Take note of the following warnings:
Statement 1030—Equipment Installation
Only trained and qualified personnel should be allowed to install, replace, or service this equipment.
Cisco Firepower 2100 Series Hardware Installation Guide
54
Maintenance and Upgrades
Install the Optional Cable Management Brackets
Step 1
Step 2
Step 3
Warning
Have the fan tray ready for immediate insertion and near the appliance so that you can reinstall the fan tray within 30
seconds.
To remove a fan tray, face the rear of the chassis, and loosen the two captive screws on the fan tray.
Pull the fan tray out of the chassis.
Figure 29: Removing the Fan Tray
Statement 1073—No User-Serviceable Parts
No user-serviceable parts inside. Do not open.
Step 4
Step 5
Step 6
To replace a fan tray, hold the fan tray in front of the fan slot.
Push the fan tray into the chassis until it is properly seated.
If the system is powered on, listen for the fans. You should immediately hear the fans operating. If you do not hear the
fans, make sure the fan tray is inserted completely into the chassis and the faceplate is flush with the outside surface of
the chassis.
Verify that the fan is operational by checking the fan tray LED. See Front Panel LEDs, on page 9 for a description of
the fan LEDs.
Install the Optional Cable Management Brackets
You can install the optional cable management bracket on all models of the 2100 series. The optional cable
management bracket kit comes with 2 cable management brackets and four 8-32 x 0.375" screws.
Take note of the following warnings:
Cisco Firepower 2100 Series Hardware Installation Guide
55
Install the Optional Cable Management Brackets
Maintenance and Upgrades
Step 1
Warning
Statement 1030—Equipment Installation
Only trained and qualified personnel should be allowed to install, replace, or service this equipment.
Warning
Statement 1073—No User-Serviceable Parts
No user-serviceable parts inside. Do not open.
Attach the cable management bracket to the rack mount bracket:
a) Install the cable management studs into the rack mount bracket.
Figure 30: Installing the Cable Management Studs into the Rack Mount Bracket
b) Install two 8-32" screws through the inside of the rack mount bracket to secure the cable management bracket to rack
mount bracket.
Figure 31: Attaching the Cable Management Bracket to the Rack Mount Bracket
Cisco Firepower 2100 Series Hardware Installation Guide
56
Maintenance and Upgrades
Install the Optional Cable Management Brackets
Step 2
Install the cable management/rack bracket to the chassis by Installing three 8-32" screws through the rack mount bracket
on each side of the chassis.
Figure 32: Installing the Rack Mount Bracket to the Chassis
What to Do Next
Continue with installing the chassis in the rack. See Rack-Mount the Chassis, on page 33.
Cisco Firepower 2100 Series Hardware Installation Guide
57
Install the Optional Cable Management Brackets
Maintenance and Upgrades
Cisco Firepower 2100 Series Hardware Installation Guide
58
Loading...