Cisco Firepower 4100 Series, Firepower 4110, Firepower 4120, Firepower 4140, Firepower 4150 Hardware Installation Manual
Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide
First Published: 2016-03-31
Last Modified: 2018-11-16
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of
the UNIX operating system. All rights reserved. Copyright©1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network
topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional
and coincidental.
All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version.
Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com
go trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any
other company. (1721R)
©
2016-2018 Cisco Systems, Inc. All rights reserved.
CONTENTS
CHAPTER 1
Overview 1
Features 1
Deployment Options 4
Package Contents 4
Serial Number Location 5
Front Panel 6
Front Panel LEDs 7
Rear Panel 8
Network Modules 10
10-G Network Module 10
40-G Network Module 11
Hardware Bypass Network Modules 12
1-G Network Module with Hardware Bypass 13
40-G Network Module with Hardware Bypass 14
1-G SX/10-G SR/10-G LR Network Module with Hardware Bypass 16
Power Supply Modules 18
CHAPTER 2
Fan Modules 20
Supported SFP/SFP+ and QSFP Transceivers 21
Hardware Specifications 23
Product ID Numbers 25
Power Cord Specifications 28
Installation Preparation 35
Installation Warnings 35
Safety Recommendations 37
Maintain Safety with Electricity 38
Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide
iii
Contents
Prevent ESD Damage 38
Site Environment 39
Power Supply Considerations 39
Rack Configuration Considerations 39
CHAPTER 3
CHAPTER 4
Mount and Connect 41
Unpack and Inspect the Chassis 41
Rack-Mount the Chassis 42
Ground the Chassis 46
Install the FIPS Opacity Shield 48
Connect Cables, Turn on Power, and Verify Connectivity 53
Maintenance and Upgrade 55
Remove and Replace the Network Module 55
Remove and Replace the Fan Module 58
Remove and Replace the SSD 59
Remove and Replace the Power Supply Module 61
Connect the DC Power Supply Module 64
Secure the Power Cord on the AC Power Supply Module 70
Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide
iv
Overview
• Features, on page 1
• Deployment Options, on page 4
• Package Contents, on page 4
• Serial Number Location, on page 5
• Front Panel, on page 6
• Front Panel LEDs, on page 7
• Rear Panel, on page 8
• Network Modules, on page 10
• Hardware Bypass Network Modules, on page 12
• Power Supply Modules, on page 18
• Fan Modules, on page 20
• Supported SFP/SFP+ and QSFP Transceivers, on page 21
• Hardware Specifications, on page 23
• Product ID Numbers, on page 25
• Power Cord Specifications, on page 28
CHAPTER 1
Features
The Cisco Firepower 4100 series security appliance is a standalone modular security services platform. It is
capable of running multiple security services simultaneously and so is targeted at the data center as a
multiservice platform. The series includes the Firepower 4110, 4120, 4140, and 4150. See Product ID Numbers,
on page 25 for a list of the product IDs (PIDs) associated with the 4100 series.
The Firepower 4100 supports the following software:
• Cisco Firepower Threat Defense
Note
We recommend that you upgrade to the latest version (at least to Version 6.1.0)
to take advantage of software updates that enhance SSD management performance
and longevity.
• Cisco Firepower eXtensible Operating System (FXOS)
• Cisco ASA
Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide
1
Features
Note
The Firepower 4100 is certified for Common Criteria (CC) and Federal Information Processing Standards
(FIPS). See "Security Certifications Compliance" in the Cisco FXOS CLI Configuration Guide for the procedure
for enabling these modes using the CLI. See "Security Certifications Compliance" in the Cisco FXOS Firepower
Chassis Manager Configuration Guide for information for enabling these modes using the Firepower Chassis
Manager.
The following figure shows the Firepower 4100 series security appliance.
Figure 1: Firepower 4100 Series
Overview
See the Cisco Interactive Library for a video that displays the features and components of the Firepower 4100.
The following table lists the features for the Firepower 4100 series.
Table 1: Firepower 4100 Series Features
4150414041204110Feature
Form factor
1 RU
Fits a standard 19-in. (48.3cm) square-hole rack
Rack mount
Yes
Slide rails, mount ears, and screws included (4-post EIA-310-D rack)
Airflow
Front to rear
Cold aisle to hot aisle
Single 22-coreSingle 18-core
256-GB DDR4
DRAM
Memory
Maximum number
of interfaces
Single 12-coreProcessor
64-GB DDR4
DRAM
128-GB DDR4
DRAM
24
With two 8-port network modules installed
256-GB DDR4
DRAM
Management port
One Gigabit Ethernet
Supports 1-G fiber or copper SFPs
Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide
2
Overview
Features
4150414041204110Feature
One RJ-45 consoleSerial port
One USB 2.0 Type AUSB port
Eight fixed 1-G and 10-G SFP ports (named Ethernet 1/1 through 1/8)Network ports
SFP ports
Pullout asset card
Grounding lug
Locator beacon
Power switch
Network modules
Supported network
modules
Yes
Eight fixed 1-G and 10-G SFP ports
See Network Modules, on page 10 for the number of SFP/SFP+ ports for each network
module.
Yes
Displays the serial number; on the front panel
Yes
On rear panel
Yes
On front panel
Yes
On rear panel
Yes
Two network module slots ( named network module 2 and network module 3)
8-port 10-Gigabit Ethernet SFP+
4-port 40-Gigabit Ethernet QSFP+
AC power supply
8-port 1-Gigabit Ethernet SFP+ fail-to-wire
2-port 40-Gigabit Ethernet SFP+ fail-to-wire
6-port 1-Gigabit Ethernet SX fiber fail-to-wire
6-port 10-Gigabit Ethernet SR fiber fail-to-wire
6-port 10-Gigabit Ethernet LR fiber fail-to-wire
Two (1+1) power supply module slots
Ships with one 400-W AC power supply
modules
Hot-swappable
Two (1+1) power supply module slots
Ships with two 400-W AC power supply
modules
Hot-swappable
Yes (optional)NoDC power supply
Yes 1+1Redundant power
Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide
3
Deployment Options
Overview
4150414041204110Feature
Fan
Storage
MSP
Deployment Options
Here are some examples of how you can deploy the Firepower 4100:
• In a data center using NGFW and ASA
• At the core/aggregation layer of a 3-tier data center in a high availability configuration
Six fan module slots
3+1 redundancy
Hot-swappable
Two SSD slots (200 GB)
Ships with one SSD installed in slot 1.
Note
Slot 2 is reserved for the Malware Storage
Pack (MSP).
Yes
Installed in the second SSD slot only
RAID is not supported.
Two SSD slots (400 GB)
Ships with one SSD installed in slot 1.
Note
Slot 2 is reserved for the MSP.
RAID is not supported.
• As a dedicated multifunctional security service within converged infrastructure stacks, for example,
vBlock, FlexPod, and so forth, at the access layer
• As a high-performance data center security appliance between the WAN edge and the data center core
in a high availability configuration
• Inter-DC clustering deployments
• In newer spine/leaf data center designs, deployment as a leaf that exclusively offers security functions
Package Contents
The following figure shows the package contents for the Firepower 4100. Note that the contents are subject
to change and your exact contents might contain additional or fewer items.
Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide
4
Overview
Serial Number Location
Figure 2: Firepower 4100 Package Contents
9
inner slide rail to the chassis
Welcome to the Cisco Firepower 410015
Serial Number Location
The serial number for the Firepower 4100 series chassis is located on the pullout asset card on the front panel.
Blue console cable PC terminal adapter2Firepower 4100 chassis1
10/100/1000BASE-T SFP transceiver42 power cords (country-specific)3
Tie wrap clamp62 slide rails5
Flextronics tie wrap8Artesyn tie wrap7
102 M3X6 mm screws used to secure the
122 slide rail locking brackets11
Ten 8-32 x .375-in. countersink screws
used to secure the mounting bracket to
chassis (6 screws), and the cable
management brackets to the mounting
brackets (4 screws)
Two 10-32 x .375-in. screws used to secure
the ground lug
2 cable management brackets141 ground lug #6 AWG, 90 degree, #10 post13
Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide
5
Front Panel
Overview
Figure 3: Serial Number on the 4100 Chassis
You can also view additional model information on the compliance label located on the bottom of the chassis.
Figure 4: Compliance Label on the 4100 Chassis
Front Panel
Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide
6
The following figure shows the front panel of the Firepower 4100.
Overview
Front Panel LEDs
Figure 5: Firepower 4100 Front Panel
Gigabit Ethernet management port2RJ-45 console port1
11
Front Panel LEDs
The following figure and table describe the Firepower 4100 front panel LEDs.
Figure 6: Front Panel LEDs
Network module 3
Note
The 10-G network module is
shown.
4USB Type A port3
Eight fixed SFP+ (1-G/10-G) ports (in
network module slot 1)
Gigabit Ethernet 1/1 through 1/8 labeled
top to bottom, left to right
SSD 26SSD 15
Locator LED8Power LED7
10Pullout asset card9
Network module 2
Note
The 10-G network module is
shown.
Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide
7
Rear Panel
Overview
1
• Off—No connection or port is not in
use.
• Amber—No link or network failure.
• Green—Link up.
• Green, flashing—Network activity.
3
• Off— SSD not present.
• Green—SSD is present; no activity.
• Green, flashing—SSD is active.
• Amber—SSD failure.
• Amber, flashing—Rebuilding, flashes
at 1 Hz.
• Amber, flashing—Predictive failure
analysis (PFA) and hot spare; two fast
flashes at 4 Hz, pause for 0.5 seconds.
2Management
4SSD
Health (SYS)
• Off—System is not booting yet.
• Green, flashing—Power-up
diagnostics are complete and system
is booting up.
• Green—The system has passed
power-up diagnostics.
• Amber—Power-up diagnostics has
failed.
• Amber, flashing—Alarm; power-up
diagnostics are running.
Power
• Off—Input power not detected.
• Green, flashing—Appears only when
you move the power switch from ON
to OFF. System is shutting down and
powers off once shutdown is
completed.
• Amber—System is powering up.
• Green—System fully powered up.
• Amber, flashing—Reserved.
Rear Panel
5
This LED is not supported; reserved for
future use.
7
The following figure shows the rear panel of the Firepower 4100.
Network activity
• Off—No connection or port is not in
use.
• Amber—No link or network failure.
• Green—Link up.
• Green, flashing—Network activity.
6Active (ACT)
Locator LED
• Off—Locate is off.
• Blue—Locate is on.
Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide
8
Overview
Rear Panel
Figure 7: Firepower 4100 Rear Panel
Power supply module 12Power on/off switch1
Fan module 14Power supply module 23
Fan module 36Fan module 25
Fan module 58Fan module 47
10Fan module 69
Location for the two-post grounding lug
Note
The two-post grounding lug is
included in the accessory kit.
The power switch is located to the left of power supply module 1 on the rear of the chassis. It is a toggle
switch that controls power to the system. If the power switch is in standby position, only the 3.3-V standby
power is enabled from the power supply module and the 12-V main power is OFF. When the switch is in the
ON position, the 12-V main power is turned on and the system boots.
You can shut down the chassis in one of two ways:
• Perform a graceful shutdown using the shutdown commands. This may take several minutes to complete.
Then toggle the power switch to the OFF position. The power LED changes from solid green to off
immediately.
Note
The shutdown commands are first available in FXOS version 2.0.1. See the
FXOS Configuration Guide for more information on using these commands.
Caution
If you move the power switch to the OFF position before the shutdown command
sequence is complete or if you remove the system power cords before the graceful
shutdown is complete, disk corruption can occur.
• Toggle the power switch to the OFF position. The power LED changes from solid green to off.
Note
After removing power from the chassis either by moving the power switch to OFF or unplugging the power
cord, wait at least 10 seconds before turning power back ON.
Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide
9
Network Modules
Network Modules
The Firepower 4100 contains two network module slots that provide optical or electrical network interfaces.
Network modules are optional, removable I/O modules that provide either additional ports or different interface
types (1/10/40 G). The Firepower network modules plug into the chassis on the front panel.
For More Information
• See 10-G Network Module , on page 10 for a description of the 10-G network module.
• See 40-G Network Module , on page 11 for a description of the 40-G network module.
• See Hardware Bypass Network Modules, on page 12 for the location and description of the LEDs,
and the port configurations for the hardware bypass network modules.
• See Remove and Replace the Network Module, on page 55 for the procedure for removing and
replacing network modules.
Overview
10-G Network Module
The following figure shows the front panel of the 10-G network module (FPR4K-NM-8X10G). The
FPR4K-NM-8X10G is a single-wide module that supports hot swapping. The eight ports are numbered from
top to bottom, left to right.
Note
The FPR4K-NM-8X10G is NEBS-compliant.
Note
You can fit four copper SFPs in either the top row of ports or the bottom row of ports. Both rows cannot be
populated at the same time, because of the port row spacing.
Figure 8: FPR4K-NM-8X10G
Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide
10
Overview
40-G Network Module
3
5
7
9
Ethernet X/3
Ethernet X/7
Ethernet X/4
Ethernet X/8
For More Information
• For a list of copper SFPs, see Supported SFP/SFP+ and QSFP Transceivers, on page 21.
40-G Network Module
The following figure shows the front panel of the 40-G network module (FPR4K-NM-4X40G.) The
FPR4K-NM-4X40G is a single-wide module that supports hot swapping. The four ports are numbered left to
right.
2Captive screw/handle1
4
6
8
10
Ethernet X/1
Ethernet X/5
Ethernet X/2
Ethernet X/6
Network activity LEDs
• Off—No connection or port is not in
use.
• Amber—No link or network failure.
• Green—Link up.
• Green, flashing—Network activity.
Note
The FPR4K-NM-4X40G is NEBS-compliant.
Figure 9: FPR4K-NM-4X40G
Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide
11
Hardware Bypass Network Modules
Overview
3
5
Ethernet X/1
Ethernet X/3
Hardware Bypass Network Modules
Fail-to-wire (also known as hardware bypass) is a physical layer (Layer 1) bypass that allows paired interfaces
to go into bypass mode so that the hardware forwards packets between these port pairs without software
intervention. Fail-to-wire provides network connectivity when there are software or hardware failures. Hardware
bypass is useful on ports where the Firepower security appliance is only monitoring or logging traffic. The
hardware bypass network modules have an optical switch that is capable of connecting the two ports when
needed.
The fail-to-wire network modules have built-in SFPs.
2Captive screw/handle1
4
6
Network activity LEDs
• Off—No connection or port is not in
use.
• Amber—No link or network failure.
• Green—Link up.
• Green, flashing—Network activity.
Ethernet X/2
Ethernet X/4
Hardware bypass is supported only on a fixed set of ports. You can pair Port 1 with Port 2, Port 3 with Port
4, but you cannot pair Port 1 with Port 4 for example.
Note
Hardware bypass is only supported in inline mode. Also, hardware bypass support depends on your software
application.
Note
When the appliance switches from normal operation to hardware bypass or from hardware bypass back to
normal operation, traffic may be interrupted for several seconds. A number of factors can affect the length of
the interruption; for example, behavior of the optical link partner such as how it handles link faults and
debounce timing; spanning tree protocol convergence; dynamic routing protocol convergence; and so on.
During this time, you may experience dropped connections.
There are three configuration options for hardware bypass network modules:
• Passive interfaces—Connection to a single port.
For each network segment you want to monitor passively, connect the cables to one interface. This is
how the non-fail-to-wire network modules operate.
• Inline interfaces—Connection to any two like ports (10 G to 10 G for example) on one network module,
across network modules, or fixed ports.
For each network segment you want to monitor inline, connect the cables to pairs of interfaces.
Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide
12
Overview
1-G Network Module with Hardware Bypass
• Inline with fail-to-wire interfaces—Connection of a fail-to-wire paired set.
For each network segment that you want to configure inline with fail-open, connect the cables to the
paired interface set.
For the 40-G network module, you connect the two ports to form a paired set. For the 1/10-G network
modules, you connect the top port to the bottom port to form a fail-to-wire paired set. This allows traffic
to flow even if the security appliance fails or loses power.
Note
If you have a inline interface set with a mix of fail-to-wire and non-fail-to-wire interfaces, you cannot enable
hardware bypass on this inline interface set. You can only enable hardware bypass on an inline interface set
if all the pairs in the inline set are valid fail-to-wire pairs.
For More Information
• See 1-G Network Module with Hardware Bypass, on page 13 for a description of the 1-G network
module.
• See 40-G Network Module with Hardware Bypass, on page 14 for a description of the 40-G network
module.
• See 1-G SX/10-G SR/10-G LR Network Module with Hardware Bypass, on page 16 for a description
of the 1-G SX, 10-G SR, and LR network modules.
• See Remove and Replace the Network Module, on page 55 for the procedure for removing and
replacing single-wide network modules.
1-G Network Module with Hardware Bypass
The following figure shows the front panel view of the 1-G fail-to-wire network module (FPR4K-NM-8X1G-F).
Pair ports 1 and 2, 3 and 4, 5 and 6, and 7 and 8 to form hardware bypass paired sets.
Figure 10: FPR-NM-8X1G-F
Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide
13
40-G Network Module with Hardware Bypass
Overview
2Captive screw/handle1
8 network activity LEDs
• Left LED—Green indicates network
activity when a 10M/100M/1G
connection is made.
• Right LED—Not in use at this time.
3
Ethernet X/1
Ports 1 and 2 are paired together to form
a hardware bypass pair. LED B1 applies
to this paired port.
5
Ethernet X/2
Ports 5 and 6 are paired together to form
a hardware bypass pair. LED B3 applies
to this paired port.
4
Ethernet X/2
Ports 3 and 4 are paired together to form a
hardware bypass pair. LED B2 applies to
this paired port.
6
Ethernet X/2
Ports 7 and 8 are paired together to form a
hardware bypass pair. LED B4 applies to
this paired port.
Bypass LEDs B1 through B4
• Green—In standby mode.
• Amber, flashing—Port is in hardware
bypass mode, failure event.
• Amber—Port is in hardware bypass
mode, forced.
40-G Network Module with Hardware Bypass
The following figure shows the front panel of the 40-G fail-to-wire network module (FPR4K-NM-2X40G-F).
The FPR4K-NM-2X40G-F is a single-wide module that does not support hot swapping. The two ports are
numbered left to right. Pair the two ports to create a hardware bypass paired set.
Figure 11: FPR4K-NM-2X40G-F
Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide
14
Overview
40-G Network Module with Hardware Bypass
2Captive screw/handle1
Ethernet X/1
Ports 1 and 2 are paired together to form
a hardware bypass pair.
3
• Green—In standby mode.
• Amber, flashing—Port is in hardware
4Bypass LED BP:
Ethernet X/2
Ports 1 and 2 are paired together to form
a hardware bypass pair.
bypass mode, failure event.
• Amber—Port is in hardware bypass
mode, forced.
5
Network activity LEDs:
• Amber—No connection, or port is
not in use, or no link or network
failure.
• Green—Link up, no network activity.
• Green, flashing—Network activity.
The following table describes the cable specifications needed to keep the insertion loss as low as possible.
Table 2: 40-G BASE-SR Cable Specifications
Supported CableInterface
50 microns core diameterEthernet 40-G BASE-SR4
2000/4700 (OM3/4) modal bandwidth (MHz*km)850 nm wavelength
50 m cable distanceMPO-12 port adapter
Note
See the Cisco 40GBASE QSFP Modules Data Sheet for specifications of the QSFP for the 40-G BASE-SR-4.
We recommend the following Cisco OM3 MTP/MPO cables.
Table 3: Cisco Cables
Cable LengthCisco Part Number
5 mCAB-ETH-40G-5M
10 mCAB-ETH-40G-10M
20 mCAB-ETH-40G-20M
Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide
15
1-G SX/10-G SR/10-G LR Network Module with Hardware Bypass
1-G SX/10-G SR/10-G LR Network Module with Hardware Bypass
The following figure shows the front panel of the 1-G SX, 10-G SR and 10-G LR fail-to-wire network modules
(FPRK4-NM-6X1SX-F, FPRK4-NM-6X10SR-F, FPR4K-NM-6X10LR-F). This is a single-wide module that
does not support hot swapping. The six ports are numbered from top to bottom, left to right. Pair ports 1 and
2, 3 and 4, and 5 and 6 to form hardware bypass paired sets.
Figure 12: FPR4K-NM-6X1SX-F, FPR4K-NM-6X10SR-F, FPR4K-NM-6X10LR-F
Overview
2Captive screw/handle1
6 network activity LEDs
• Amber—No connection, or port is not
in use, or no link or network failure.
• Green—Link up, no network activity.
• Green, flashing—Network activity.
3
• Green—In standby mode.
• Amber, flashing—Port is in hardware
bypass mode, failure event.
4Bypass LEDs B1 through B3:
Ethernet X/1 (top port)
Ethernet X/2 (bottom port)
Ports 1 and 2 are paired together to form a
hardware bypass pair.
• Amber—Port is in hardware bypass
mode, forced.
5
Ethernet X/3 (top port)
Ethernet X/4 (bottom port)
Ports 3 and 4 are paired together to form
a hardware bypass pair.
6
Ethernet X/5 (top port)
Ethernet X/6 (bottom port)
Ports 5 and 6 are paired together to form a
hardware bypass pair.
The 1-G SX /10-G SR/10-G LR network modules have the following insertion loss measurements. Insertion
loss measurements help you to troubleshoot the network by verifying cable installation and performance.
Table 4: 1-G SX Network Module (FPR4K-NM-6X1SX-F)
MaximumTypicalOperating Mode
Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide
16
Overview
1-G SX/10-G SR/10-G LR Network Module with Hardware Bypass
Insertion loss
Normal
Hardware bypass
Core diameter (microns)
Cable and operating
distance
62.5
62.5
50
50
50
Table 5: 10-G SR Network Module (FPR4K-NM-6X10SR-F)
Insertion loss
Normal
0.9 dB
1.2 dB
Modal bandwidth
(MHz/km)
160 (FDDI)
200 (OM1)
400
500 (OM2)
2000 (OM3)
0.9 dB
1.4 dB
1.7 dB
Cable distance
Note
Half the
distance
specified by
the IEEE
standard.
110 m
137 m
250 m
275 m
500 m
MaximumTypicalOperating Mode
1.4 dB
Hardware bypass
Core diameter (microns)
Cable and operating
distance
62.5
62.5
50
50
50
50
Table 6: 10-G LR Network Module (FPR4K-NM-6X10LR-F)
Insertion loss
Normal
1.2 dB
Modal bandwidth
(MHz/km
160 (FDDI)
200 (OM1)
400
500 (OM2)
2000 (OM3)
4700 (OM4)
1.2 dB
1.7 dB
Cable distance
Note
Half the
distance
specified by
the IEEE
standard.
13 m
16.5 m
33 m
41 m
150 m
200 m
MaximumTypicalOperating Mode
1.6 dB
Hardware bypass
Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide
1.5 dB
1.9 dB
17
Power Supply Modules
Overview
distance
Power Supply Modules
The Firepower 4100 supports two AC or DC power supply modules so that dual power supply redundancy
protection is available. Facing the back of the chassis, the power supply modules are numbered left to right,
for example, PSU1 and PSU2.
Note
Do not mix AC and DC power supply modules in one chassis.
Core diameter (microns)
Modal bandwidth
(MHz/km
Cable distance
Note
Half the
distance
specified by
the IEEE
standard.
5 kmSingle modeG.652Cable and operating
Note
Attention
After removing power from the chassis either by moving the power switch to OFF or unplugging the power
cord, wait at least 10 seconds before turning power back ON.
Make sure that one power supply module is always active.
See Remove and Replace the Power Supply Module, on page 61 for the procedure for removing and replacing
the power supply module.
AC Power Supply
The power supplies can supply up to 1100-W power across the input voltage range. The load is shared when
both power supply modules are plugged in and running at the same time. The power supply modules are
hot-swappable.
Table 7: AC Power Supply Module Hardware Specifications
100 to 240 V ACInput voltage
Maximum current
13 A (at 100 V AC)
Note
The system power requirements are lower than the power
supply module capabilities. See Hardware Specifications, on
page 23 for the system power requirements.
1100 WMaximum output power
Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide
18
Overview
Power Supply Modules
50 to 60 HzFrequency
1+1 redundantRedundancy
92%Efficiency at 50% load
DC Power Supply
The power supplies can supply up to 950 W of power across the input voltage range. The load is shared when
both power supply modules are plugged in and running at the same time. The power supply modules are
hot-swappable.
Table 8: DC Power Supply Module Hardware Specifications
-40 to -60 V DCInput voltage
Maximum current
26A (at 40 V DC)
Note
The system power requirements are lower than the power
supply module capabilities. See Hardware Specifications, on
page 23 for the system power requirements.
950 WMaximum output power
1+1 redundantRedundancy
92%Efficiency at 50% load
Power Supply Module LEDs
The following figure shows the two-color power supply LEDs. The LEDs are located on the upper right side.
Figure 13: Power Supply Module LEDs
The following table describes the power module supply LEDs.
Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide
Green OK LED2Amber FAIL LED1
19
Fan Modules
Overview
Table 9: Power Supply Module LEDs
Green LED (OK Status)Amber LED (Fail
Status)
OffOffNo power to all power supplies
OffOnPower supply module failure
Includes over voltage, over current, over temperature,
and fan failure
Off1 Hz flashingPower supply module warning events
Power supply continues to operate (high temperature,
high power, and slow fan)
1 Hz flashingOffPower is present.
3.3 VSB on (power supply module off)
OnOffPower supply module is OK and on.
Fan Modules
The Firepower 4100 requires six fan modules, which are hot-swappable. They are installed in the rear of the
chassis. The system supports operation with a single fan failure (N+1 fan redundancy), but do not run the
system for an extended amount of time without all fan modules installed. Keep removal and replacement time
at 3 minutes. Remove and replace one fan module at a time.
If you remove a fan or a fan fails, the other fans operate at full speed, which can be noisy.
The fan modules are numbered left to right, for example, FAN1, FAN2, FAN3, FAN4, FAN5, and FAN6.
See Remove and Replace the Fan Module, on page 58 for the procedure for removing and replacing the fan
module.
The following figure shows the location of the fan LED.
Figure 14: Fan LED
Cisco Firepower 4110, 4120, 4140, and 4150 Hardware Installation Guide
20
Loading...