cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco Community Designated VIP Class of 2020

199
Views
0
Helpful
4
Replies
Beginner

FP9300 Security modules

Hi All

I trying to design a scalable solution using the FP9300 chassis.

I assume I can us only 2 security modules, as I seen that in other discussions, but what is the throughput?

The data sheet only mentions 1xSM44, 3xSM44, 1xSM56 & 3xSM56.

What is the throughput for 2xSM44 or 2xSM56, does anyone know or can someone point me at the relevant data, as its not in the spec sheets I've seen on line, thus far.

Thanks - P

 

4 REPLIES 4
Hall of Fame Guru

Re: FP9300 Security modules

A given (native) logical device uses a given security module exclusively. So a single FTD firewall for example uses one security module and we can see the specifications in the data sheet for that. 

You only use multiple SMs when you have multiple logical devices - either each running as stand alone or as part of a cluster.

If you want to know more about clusters (or containerized) throughput please refer to Andrew Ossipov's Cisco Live presentations.

Beginner

Re: FP9300 Security modules

Marvin

Thanks for taking the time to reply.

 

Yes that is interesting (YouTube) but it doesn’t answer my question.

I’m trying to scale throughput in IDS mode

 

1xSM-56 = 64Gbps

2xSM-56 = ?

3xSM-56 = 153Gbps

 

I have a load balancer in front to sort that side of things, I’m after 80Gbps so don’t want to go to the expense 3xSM-56 if I don’t need to.

 

Can you point me at any documentation that will help, because I’ve not been able to find the numbers myself?

 

Cheers - P

Enthusiast

Re: FP9300 Security modules

Hi,
I think there is no cisco doc mentioning throughput of 2xSM. All docs mentioning only 1xSM & 3xSM.
Hall of Fame Guru

Re: FP9300 Security modules

What do you mean by IDS mode? In the Firepower world that term is usually used to refer to running the classic Sourcefire/Cisco appliance with inline pairs. That image is not supported as a logical device on Firepower 9300 appliances. They support FTD or ASA images (and Radware Virtual Defense Pro).

For FTD, a given appliance runs as a logical device with one security module associated. So the maximum throughput for a single appliance FTD instance is that of the respective SM-44 or SM-46 it is associated with.

Multiple FTD instances on a Firepower 9300 (when designing for higher throughput) would normally be clustered. The Cisco Live presentation has lots of detail about that - much more than can be easily conveyed here.

Whether or an FTD cluster would work with your load balancer architecture is something you'd be best suited to engage with your partner or Cisco SE so that the end to end architecture can be validated. Such a design would entail many hundreds of thousands of dollars of investment and would not be well served by making decisions based on a public forum discussion.

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here