Showing results for 
Search instead for 
Did you mean: 

Introducing the Firepower 2100 series NGFW


banner ngfw.PNG

What Cisco Security announced ...

Introducing Cisco Firepower 2100 Series Next-Generation Firewall.  With threats like ransomware, when you’re breached, your network’s not ‘up’. Cisco Firepower 2100 Series NGFWs deliver business resiliency through superior threat defense. When advanced threat functions are enabled, Firepower NGFW sustains throughput performance versus competing designs. Cisco also improves IT efficiency with simplified management. Keep your network optimized, and data safe, with Firepower.

Visit the Firepower 2100 series page for more information, read the press release, and read on for details.

More insights:

Read Dave Stuart's insights on the Cisco Firepower 2100 Series

David Ulevitch and Jason Lamar intro the new NGFWs:

* Register for the March 1, NGFW briefing to hear Dave Stuart and team provide details and demos

NGFW blog.PNGFirepower 2100 Stacked Straight.png

* Registration for the Security Customer Connection Program is required.  Registration is quick and easy to complete.  After that, make your way to the Security track and you'll find this webinar and all upcoming offerings.

We know you have questions

Let's start a conversation! Simply reply to this post or start a new discussion. Your peers and Cisco product teams would be interested in hearing what you think and what questions you have on our recent announcements or anything Cisco Security related.


interested in a comparison between the NGFW 2100 and the NGFW ASA 5500 series.

Is it that the 2100 has a superior throughput due to its quad core and separation of lower level OSI layers and upper level layers?

Cisco Employee

Thanks Caroline that made it a lot clearer,

              so it appears that the 2100 & 4100 are higher end NGFW

with significantly higher throughput.


Peter, the "superior" throughput you mention - if you mean in comparison to the ASA 5500-X Series - is actually built in to the design.  But if you mean how it sustains that same throughput once the IPS function is activated - that is due to the dual multi-core CPU architecture you cite.


Don't forget about the Firepower 9300 as well.  It should be noted that all three sets are also able to run as a Firepower NGIPS (Next-generation IPS).


Thanks Joseph

I had read about the split processing of the 2100 series. Seems a very sensible thing to do. Examine & filter out the lower level "packets" before examining higher level data.

I suppose if you had a spare $20,000 or so to give me I could get a 9300.


I will check my sofa cushions, Peter.


Why do we not see performance numbers with AMP enabled or SSL enabled? I can see that we have the same throughput with NGIPS and AVC. However, how do we size for other combinations of features like AMP, URL Filtering, or SSL decrypt? Will that information be coming out soon?


Engineering is still testing AMP and SSL decryption performance (availability of the 2100s is still scheduled for the end of April) and they will be incorporated into our Performance Estimator tool when completed.


The Cisco Firepower Malware Storage Pack, SSD (FPR-MSP-SSD) is mandatory for AMP Service?


It is not mandatory. It is an extra storage pack for malware (or unknown files) caught on the wires.




Well Cisco Firepower is amazing product now. You can have two different models with the various licensing models in Cisco 2100 series firewall. One model is Cisco Firepower with ASA image where you can have the same capabilities of ASA CLI model and the other Cisco model is Cisco Firepower with NGFW image.


Would be nice to have the Visio Stencils made for the Cisco Firepower 2100 series.


Thank you

Nicolas Rolland

Ottawa, ON

Content for Community-Ad