Solved: Common Criteria FPR2100

jon.moss · ‎02-17-2020

Hi all, i'm finding it a bit of a minefield determining if the FPR-2100-NGFW is EAL4 certified (common criteria) https://www.commoncriteriaportal.org/products/

According to the CC site it is not, however this link from Cisco suggests that it is (but doesn't say to which level) - https://www.cisco.com/c/en/us/td/docs/security/firepower/2100/hw/guide/b_install_guide_2100/overview.html

Ideally i'd like to take advantage of having this fwall deployed with IPS available, as i understand it the only way to achieve this is to run with the firepower image. Or is there a way to run ASA code and then access the firepower module separate?

thanks

Marvin Rhoads · ‎02-18-2020

You're welcome.

I'd recommend you first inquire with your Cisco account manager whether CC certification testing is underway or planned for the 2100 series.

View solution in original post

Marvin Rhoads · ‎02-17-2020

I don't believe the 2100 series was specifically evaluated. I suspect the stub reference in the documentation is incorrectly copied over from the 4100/9300 series documentation.

If you run ASA code (logical device) on any Firepower 1000, 2100 or 4100 series appliance then you cannot also run either an FTD device or configure a Firepower service module.

jon.moss · ‎02-18-2020

Thanks Marvin, appreciate the response. So i'm looking at the 4300 or higher, which given the price point isn't a starter in this scenario

I don't really want to be running separate IPS appliances - i guess i could consider the 5525X

Marvin Rhoads · ‎02-18-2020

You're welcome.

I'd recommend you first inquire with your Cisco account manager whether CC certification testing is underway or planned for the 2100 series.