Please Explain how the Secure Firewall 4200 Architecture differs and what's new from smaller Firewall lines. Thank

It offers much higher performance due to a number of factors:

1. Hardware Crypto Accelerator chips (Marvell Nitrox V x1, 2 or 4 depending on model) can perform IPsec Encryption/Decryption in hardware.

2. Dedicated inter-chip links between the crypto acceleration chip and the flow offload engine. This allows traffic to be decrypted and encrypted without adding traffic to the system bus.

3. Higher speed internal switch fabric (3.2 Tbps) allowing the use of much higher speed netmods (4 x 200 Gbps and 2 x 100 Gbps plus FTW (fail-to-wire)).

4. Much higher CPU (32 cores, 64 cores or 2 x 64 cores) and RAM (256 GB, 512 GB or 1 TB) to provide system resources for the much higher throughput (65-145 Gbps with firewall and IPS features active, clusterable and capable of multi-instance)

Hi Marvin,

Was the FXOS removed?  If yes, what version?

@KelvinT ALL Cisco Secure Firewalls with NGFW image include FXOS - no matter what version.

For the 4200 (unlike the 4100 and 9300) the FXOS is usually bundled with the FTD image. Only in multi-instance mode do we handle FXOS and FTD images separately.

This is mentioned in the following document: https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/compatibility/threat-defense-compatibility.html

Search for "Secure Firewall 3100/4200 Series".