Cisco Firepower 2120, Firepower 2110, Firepower 2140, Firepower 2130 Hardware Installation Manual
Cisco Firepower 2100 Series Hardware Installation Guide
First Published: 2017-05-25
Last Modified: 2017-06-20
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version
of the UNIX operating system. All rights reserved. Copyright©1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network
topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional
and coincidental.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://
www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
©
2017 Cisco Systems, Inc. All rights reserved.
CONTENTS
CHAPTER 1
CHAPTER 2
Overview 1
Cisco Firepower 2100 Series Features 1
Deployment Options 3
Package Contents 4
Serial Number Location 6
Front Panel 6
Front Panel LEDs 9
Rear Panel 14
Network Modules 15
Power Supply Modules 17
Fans 20
SSDs 20
Supported SFP/SFP+ Transceivers 20
Hardware Specifications 23
Installation Preparation 27
CHAPTER 3
Installation Notes and Warnings 27
Safety Recommendations 30
Maintain Safety with Electricity 30
Prevent Electrostatic Discharge Damage 31
Site Environment 31
Site Considerations 31
Power Supply Considerations 31
Equipment Rack Configuration Considerations 32
Mount and Connect 33
Rack-Mount the Chassis 33
Ground the Chassis 38
Cisco Firepower 2100 Series Hardware Installation Guide
iii
Contents
Connect Cables, Turn on Power, and Verify Connectivity 39
CHAPTER 4
Maintenance and Upgrades 43
Remove and Replace the Network Module 43
Remove and Replace the SSD 45
Remove and Replace the Power Supply Module 46
Connect the DC Power Supply Module 48
Secure the Power Cord on the Power Supply Module 51
Remove and Replace the Fan Tray 54
Install the Optional Cable Management Brackets 55
Cisco Firepower 2100 Series Hardware Installation Guide
iv
CHAPTER 1
Overview
This chapter describes the hardware features of the Cisco Firepower 2100 security appliance, and contains
the following sections:
Cisco Firepower 2100 Series Features, page 1
•
Deployment Options, page 3
•
Package Contents, page 4
•
Serial Number Location, page 6
•
Front Panel, page 6
•
Front Panel LEDs, page 9
•
Rear Panel, page 14
•
Network Modules, page 15
•
Power Supply Modules, page 17
•
Fans, page 20
•
SSDs, page 20
•
Supported SFP/SFP+ Transceivers, page 20
•
Hardware Specifications, page 23
•
Cisco Firepower 2100 Series Features
The Cisco Firepower 2100 series security appliance is a standalone modular security services platform. The
series includes the Firepower 2110, 2120, 2130, and 2140.
Figure 1: Firepower 2110/2120 and Firepower 2130/2140
Cisco Firepower 2100 Series Hardware Installation Guide
1
Cisco Firepower 2100 Series Features
The following table lists the features for the Firepower 2100 series.
Table 1: Cisco Firepower 2100 Series Features
Overview
2140213021202110Feature
Form factor
Rack mountable
Intel x86 processor
Cavium Network
Processor Unit
(NPU)
of interfaces
1 RU
Fits standard 19-in (48.3-cm) square-hole rack.
Yes
2 two-post mount brackets
(Optional) 4-post EIA-310-D rack
Yes
4-post EIA-310-D rack
(Optional) 2-two-post mount brackets
Front to rear (cold aisle to hot aisle)Airflow
Single 4-core at
1.8G
Single 6-core at
1.2G
Single 6-core at
1.9G
Single 8-core at
1.2G
Single 8-core at
2.0G
Single 12-core at
1.2G
16G8GCavium NPU RAM
8G (nominal)Flash
2416Maximum number
Single 16-core at
1.3G
64 GB32 GB16 GBIntel x86 memory
Single 16-core at
1.8G
1 Gigabit Ethernet (10M/100M/1G Base-T)Management port
RJ-45 serial portConsole port
Type A 2.0 (500mA)USB port
Network ports
12 fixed RJ-45 1G/100M/10M ports
Named Ethernet 1/1 through 1/12
4 fixed 1G/10G SFP+ ports4 fixed 1G SFP portsSmall Form-Factor
Pluggable (SFP)
ports
Pull-out label card
Yes
Displays serial number.
YesGrounding lug
Cisco Firepower 2100 Series Hardware Installation Guide
2
Overview
Deployment Options
2140213021202110Feature
YesLocator beacon
YesPower switch
Storage
Malware Storage
Pack (MSP)
NoNetwork modules
1 fixed AC power supply moduleAC power supply
Two SSD slots (100GB )
Ships with one 100GB SSD installed in
slot 1.
Yes
You can install the MSP in the SSD slot 2.
1 network module slot
NOT hot swappable
2 power supply slots
Ships with one
400W AC power
supply
Hot swappable
Yes (optional)NoDC power supply
YesNoRedundant power
1 hot-swappable fan tray with 4 fans4 fixed fansFan
Two SSD slots (200GB )
Ships with one 200GB SSD installed in
slot 1.
2 power supply slots
Ships with two
400W AC power
supplies
Hot swappable
Deployment Options
You can deploy the Firepower 2100 in the following ways:
As a firewall:
•
At the enterprise Internet edge deployed in a high availability configuration
◦
At branch offices in either an HA pair or standalone
◦
As a device that provides additional application control, URL filtering, or IPS/threat-centric capabilities:
•
Behind an enterprise Internet edge firewall in an inline in a transparent bump-in-the-wire
◦
configuration or as a standalone (requires hardware fail open network module support)
Deployed passively off a SPAN port on a switch or a tap on a network, or standalone
◦
As a VPN device:
•
For remote access VPN
◦
Cisco Firepower 2100 Series Hardware Installation Guide
3
Package Contents
For site-to-site VPN
◦
Package Contents
The following illustration shows the package contents for the Firepower 2110 and 2120. The contents are
subject to change and your exact contents will contain additional or fewer items depending on whether you
order the optional parts.
Figure 2: Firepower 2110 and 2120 Package Contents
Overview
2Firepower 2110 or 2120 chassis1
3
(country-specific)
5
screws:
Six 8-32, 0.281#
•
Four 12-24, 0.75#
•
Four 10-32, 0.75#
•
Four M6, 19mm
•
7
(Optional; in package if ordered)
4One power cord
62 rack-mount brackets and
8Two cable management brackets
Blue console cable PC terminal
adapter
SFP transceiver
(Optional; in package if ordered)
One ground lug kit
#6 AWG lug, two 10-32 x .38"
screws
Useful Links Cisco Firepower 2100
Series
Cisco Firepower 2100 Series Hardware Installation Guide
4
Overview
Package Contents
The following illustration shows the package contents for the Firepower 2130 and 2140. The contents are
subject to change and your exact contents will contain additional or fewer items depending on whether you
order the optional parts.
Figure 3: Firepower 2130 and 2140 Package Contents
3
5
9
11
(country-specific)
Left and right slide rails, two
M3X6mm wafer head screws
Two cable management brackets
and four 8-32 x 0.375" screws
(Optional; in package if ordered)
Power supply module tie wrap
and clamp
2Firepower 2130 or 2140 chassis1
Blue console cable PC terminal
adapter
4One or two power cords
SFP transceiver
(Optional; in package if ordered)
6Slide rail kit
Six 8-32 x .25" slide rail locking
bracket screws
8Two slide rail locking brackets7
One ground lug kit
#6 AWG lug, two 10-32 x .38"
screws
10Cable management bracket kit
Useful Links Cisco Firepower 2100
Series
Cisco Firepower 2100 Series Hardware Installation Guide
5
Serial Number Location
Serial Number Location
The serial number for the Firepower 2100 series chassis is located on the pull-out label card on the front panel.
Figure 4: Serial Number on 2100 Chassis
Overview
Front Panel
The following figure shows the front panel of the Firepower 2110 and 2120 security appliances. See Front
Panel LEDs, on page 9 for a description of the LEDs.
Figure 5: Firepower 2110 and 2120 Front Panel
2Power LED1
Gigabit Ethernet management port
Management 0 (also referred to as
Management 1/1 and Diagnostic 1/1)
Cisco Firepower 2100 Series Hardware Installation Guide
6
Overview
Front Panel
3
SSD (slot 1)4Twelve RJ-45 1G/100M/10M auto
duplex/auto MDI-X Base-T ports
Ethernet 1/1 through 1/12 labeled top to
bottom, left to right
System LEDs6Locator beacon5
RJ-45 console port8Type A USB 2.0 port7
10Pull-out label card9
4 fixed SFP (1G) ports
Fiber ports 1/13 through 1/16 labeled
left to right
SSD (slot 2)11
The following figure shows the front panel of the Firepower 2130 and 2140 security appliance. See Front
Panel LEDs, on page 9 for a description of the LEDs.
Figure 6: Firepower 2130 and 2140 Front Panel
3
11
Management 0 (also referred to as
Management 1/1 and Diagnostic 1/1)
Fiber ports 13 through 16 labeled left to
right
Cisco Firepower 2100 Series Hardware Installation Guide
Locator beacon2Power LED1
4Gigabit Ethernet management port
Twelve RJ-45 1G/100M/10M auto
duplex/auto MDI-X Base-T ports
Ethernet 1/1 through 1/12 labeled top
to bottom, left to right
SSD 26SSD 15
Type A USB 2.0 port8System LEDs7
Pull-out label card10RJ-45 console port9
124 fixed SFP+ (1G/10G) ports
Network Module (network module slot
1)
7
Front Panel
Overview
Management Port
The Firepower 2100 chassis has an RJ-45 copper management port.
RJ-45 Console Port
The Firepower 2100 chassis has a standard RJ-45 console port. You can use the command-line interface
(CLI) to configure your 2100 through the RJ-45 serial console port by using a terminal server or a
terminal emulation program on a computer.
The RJ-45 (8P8C) port supports RS-232 signaling to an internal UART controller. The console port
does not have any hardware flow control, and does not support a remote dial-in modem. The baud rate
is 9600. You can use the standard cable found in your accessory kit to convert the RJ45 to DB9 if
necessary.
Type A USB Port
You can use the external Type A USB port to attach a data-storage device. The external USB drive
identifier is disk1:. The Type A USB port supports the following:
OIR
•
USB drive formatted with FAT32
•
Boot kickstart image from ROMMON for discovery recovery purposes
•
Copy files to and from workspace:/ and volatile:/ within local-mgmt. The most relevant files are:
•
Core files
◦
Ethanalyzer packet captures
◦
Tech-support files
◦
Security module log files
◦
Platform bundle image upload using download image usbA:
•
The Type A USB port does NOT support Cisco Secure Package (CSP) image upload support.
Network Ports
The Firepower 2100 chassis has 12 fixed RJ-45 1G/100M/10M) ports. They are numbered from top to
bottom, left to right starting with 1 and are named Ethernet 1/1 through Ethernet 1/12.
The 2110 and 2120 also have four fixed SFP (1G) ports, and the 2130 and 2140 have four fixed SFP+
(1G/10G) ports. They are fiber ports numbered left to right (1/13 through 1/16).
Each port has LEDs that represent Link/Activity status.
Cisco Firepower 2100 Series Hardware Installation Guide
8
Overview
Front Panel LEDs
The following figure shows the Firepower 2110 and 2120 front panel LEDs.
Figure 7: Firepower 2110 and 2120 Front Panel LEDs
Front Panel LEDs
1
• Unlit – Input power is not
detected. Standby power is off.
• Blinking green – The system has
detected a power switch toggle
event, and initiated the shutdown
sequence. If the power switch is
in the OFF position, the system
powers off after shutdown is
completed. Do not remove the AC
or DC power source while this
LED is blinking so that the system
has time to perform a graceful
shutdown.
• Solid amber – The system is
powering up (before the BIOS
boots). This takes one to five
seconds at most.
• Solid green – The system is fully
powered up.
2PWR
Locator Beacon
• Unlit – Locate is off.
• Solid blue – Locate is on.
Note
The Locator beacon helps
you locate a unit that needs
physical service attention.
This feature is activated in
the software.
Cisco Firepower 2100 Series Hardware Installation Guide
9
Front Panel LEDs
Overview
3
4SYS (Health)
• Unlit – The system has not booted
up yet.
• Blinking green – The system is
booting up or in bootloader stage.
• Solid green – The system has fully
booted.
ACT (Active)
• Unlit – The system in standby
mode.
• Green – The system is active.
The status is updated every 10
seconds.
• Amber – Not in use at this time.
• Solid amber – The system boot up
has failed.
• Blinking amber – Alarm
condition, system needs service or
attention and may not boot
properly.
5
6SSD1 ACT
• Unlit – SSD is not present.
• Solid green – SSD is present; no
activity.
• Blinking green – SSD is active.
SSD2 ACT
• Unlit – SSD is not present.
• Solid green – SSD is present; no
activity.
• Blinking green – SSD is active.
7
8FAN
• Unlit – The environmental
subsystem is not active yet.
SSD1 Alert Status
• Unlit – SSD has normal activity.
• Solid amber – SSD failure.
• Solid green—The fans are running
normally. It may take up to one
minute for the LED status to turn
green after power is on.
• Solid amber—One fan has failed.
The system can continue to
operate normally, but fan service
is required.
• Blinking amber—Two or more
fans have failed, or the fan tray has
been removed from the system.
Immediate attention is required.
9
10SSD2 Alert Status
• Unlit – SSD has normal activity.
• Solid amber – SSD failure.
Ethernet Link
• Solid green – The link partner is
detected; no activity.
• Blinking green – Network
activity is detected.
Cisco Firepower 2100 Series Hardware Installation Guide
10
Overview
Front Panel LEDs
11
12Ethernet Speed
• Blinking green – The number of
blinks determines link speed; 1
blink=10Mbit, 2=100Mbit,
3=1Gbit.
Fiber Port
• Solid green – Port is enabled, the
link partner is detected.
• Solid amber – Port is enabled,
but the link partner is not
detected.
• Blinking green – Port is enabled;
network activity is detected.
The following figure describes the Firepower 2130 and 2140 front panel LEDs.
Figure 8: Firepower 2130 and 2140 Front Panel LEDs
Cisco Firepower 2100 Series Hardware Installation Guide
11
Front Panel LEDs
Overview
1
2Power
• Unlit – Input power is not
detected. Standby power is off.
Locator LED
• Unlit – Locate is off.
• Solid blue – Locate is on.
• Blinking green – The system has
detected a power switch toggle
event, and initiated the shutdown
sequence. If the power switch is
in the OFF position, the system
powers off after shutdown is
Note
The Locator beacon helps
you locate a unit that needs
physical service attention.
This feature is activated in
the software.
completed. Do not remove the AC
or DC power source while this
LED is blinking so that the system
has time to perform a graceful
shutdown.
• Solid amber – The system is
powering up (before the BIOS
boots). This takes one to five
seconds at most.
• Solid green – The system is fully
powered up.
3
4SYS (Health)
ACT (Active)
• Unlit – The system has not booted
up yet.
• Blinking green – The system is
booting up or in bootloader stage.
• Solid green – The system has fully
booted.
• Unlit – The system in standby
mode.
• Green – The system is active.
The status is updated every 10
seconds.
• Amber – Not in use at this time.
• Solid amber – The system boot up
has failed.
• Blinking amber – Alarm
condition, system needs service or
attention and may not boot
properly.
5
6SSD1 ACT
• Unlit – The SSD is not present.
• Solid green – The SSD is present;
no activity.
• Blinking green – The SSD is
active.
SSD2 ACT
• Unlit – The SSD is not present.
• Solid green – The SSD is
present; no activity.
• Blinking green – The SSD is
active.
Cisco Firepower 2100 Series Hardware Installation Guide
12
Overview
Front Panel LEDs
7
8PSU-1
• Unlit – The power supply module
is not present or not detected.
• Solid green – The power supply
module is present and working
properly.
• Solid amber – The power supply
module is present but a fault or
problem has been detected.
PSU-2
• Unlit – The power supply
module is not present or not
detected.
• Solid green – The power supply
module is present and working
properly.
• Solid amber – The power supply
module is present but a fault or
problem has been detected.
9
10FAN
• Unlit – The environmental
subsystem is not active yet.
SSD1 Alert Status
• Unlit – SSD has normal activity.
• Solid amber – SSD failure.
• Solid green—The fans are running
normally. It may take up to one
minute for the LED status to turn
green after power is on.
• Solid amber—One fan has failed.
The system can continue to
operate normally, but fan service
is required.
11
13
• Blinking amber—Two or more
fans have failed, or the fan tray has
been removed from the system.
Immediate attention is required.
• Unlit – SSD has normal activity.
• Solid amber – SSD failure.
• Blinking green – The number of
blinks determines link speed; 1
blink=10Mbit, 2=100Mbit,
3=1Gbit.
12SSD2 Alert Status
Ethernet Link
• Solid green – The link partner is
detected; no activity.
• Blinking green – Network
activity is detected.
14Ethernet Speed
Fiber Port
• Solid green – Port is enabled, the
link partner is detected.
• Solid amber – Port is enabled,
but the link partner is not
detected.
• Blinking green – Port is enabled;
network activity is detected.
Cisco Firepower 2100 Series Hardware Installation Guide
13
Rear Panel
Rear Panel
Overview
The following figure shows the rear panel of the Firepower 2110 and 2120.
Figure 9: Firepower 2110 and 2120 Rear Panel
Fixed power supply module2Power on/off switch1
4Fixed fans3
The following figure shows the rear panel of the Firepower 2130 and 2140.
Figure 10: Firepower 2130 and 2140 Rear Panel
Two-post grounding lug
Note
Power supply module 1 FAIL LED2Power on/off switch1
Power supply module 14Power supply module 2 FAIL LED3
The two-post grounding lug is
included in the accessory kit.
Fan tray6Power supply module 1 OK LED5
Power supply module 2 OK LED8Power supply module 27
Cisco Firepower 2100 Series Hardware Installation Guide
14
Overview
Network Modules
9
Power Switch
For More Information
Two-post grounding lug
Note
The power switch is located to the left of power supply module 1 on the rear of the chassis. It is a toggle
switch that controls power to the system. If the power switch is in standby position, only the 3.3V
standby power is enabled from the power supply module and the 12V main power is OFF. When the
switch is in the ON position, the 12V main power is turned on and the system boots.
Before you move the power switch to the OFF position, use the shutdown commands so that the system
can perform a graceful shutdown. This may take several minutes to complete. After the graceful shutdown
is completed, the front panel power LED is unlit and the console displays Power Down. See the FXOS
Configuration Guide for more information on using these commands.
Caution
The two-post grounding lug is
included in the accessory kit.
If you move the power switch to the OFF position before the shutdown
command sequence has completed or if you remove the system power cords
before the graceful shutdown is complete, disk corruption can occur.
See Remove and Replace the Power Supply Module, on page 46 for the procedure for removing and
•
replacing the power supply module in the Firepower 2130 and 2140.
See Remove and Replace the Fan Tray, on page 54 for the procedure for removing and replacing the
•
fan tray in the Firepower 2130 and 2140.
See Ground the Chassis, on page 38 for the procedure for using the grounding lug to ground the chassis.
•
See Power Supply Modules, on page 17 for a description of the power supply module LEDs.
•
See Front Panel LEDs, on page 9 for a description of the fan LEDs.
•
Network Modules
The Firepower 2130 and 2140 contain one network module slot that provides optical or electrical network
interfaces. Network modules are optional, removable I/O modules that provide either additional ports or
different interface types. The Firepower network module plugs into the chassis on the front panel.
The network module is NOT hot swappable.Note
The Firepower 2130 and 2140 support the Firepower 8-port 10G Network Module single-wide
(FPR-NM-8X10G SFP+). The 10 Gigabit Ethernet network module ports are numbered from top to bottom,
left to right.
Cisco Firepower 2100 Series Hardware Installation Guide
15
Loading...