FPR3110 Cisco Secure Firewall

An advanced variant of the NGFW firewall designed for medium and large enterprises looking for a comprehensive and efficient solution to protect their network infrastructure.
Manufacturer
Cisco
SKU Number
FPR-3110-NGFW-K9
Series
Cisco Secure Firewall 3100
Model
FPR3110
Main functions
Application Visibility Control, IPS (Intrusion Prevention System), Malware Defence, URL Filtering

Availability: Available

  • Product description
  • Basic parameters
  • FPR3100 Series parameters
  • Cisco ASA Features
  • Norms and certifications

Cisco FPR3110

Thanks to Cisco Secure Firewall FPR3110 you will introduce the next level of security in your organization. Bet on the advanced variant of the next-generation firewall designed for medium and large enterprises looking for a comprehensive solution to protect your network infrastructure.

If you are using Cisco ASA devices, the FPR3110 is the right migration path.

Cisco migration path firewalls

The system uses advanced firewall technology that allows filtering the network traffic at the application level. It also offers IPS (Intrusion Prevention System) and VPN (Virtual Private Network) functions that provide access control and confidentiality of data transmitted over the network.

Additionally, Cisco FPR3110 has been equipped with network traffic analysis tools, thanks to which it can quickly detect and react to potential security threats. The scalability of the presented solution allows for easy expansion of the IT infrastructure depending on the changing business needs.

Cisco FPR3110 implementation – key benefits

Wondering if the Cisco Security 3110 series firewall is the right choice for you? Learn about the key benefits of a next-generation firewall.

High-quality network protection

The FPR3110 technology combines the advantages of a new generation firewall with advanced security features, providing comprehensive protection against external and internal threats.

Cisco Secure Firewalls are advanced security mechanisms such as:

  • Cisco Security Intelligence – IP, URL and DNS threat detection
  • Cisco Secure IPS – endpoint protection
  • Cisco Malware Defence – enables detection, blocking, tracking, analysis, and containment of targeted and persistent malware, addressing the attack continuum both during and after attacks. Integrated threat correlation with Cisco Secure Endpoint is also optionally available.
  • Cisco Secure Malware Analytics
  • URL Filtering – more than 80 categories, and 280 categorized URLs

Automation of security processes

Advanced machine learning and artificial intelligence algorithms used by the Cisco FPR3110 enable the automation of network security processes. This allows you to detect and respond to threats in real time, reducing response time and reducing the burden on IT staff.

Automatic updates of vulnerabilities and IPS signatures are guaranteed by the Collective Security Intelligence (CSI) of the Cisco Talos cell.

Application visibility control (AVC)

As standard, the FPR3110 provides the AVC function, supporting over 4,000 applications, as well as geolocation, users and websites. The FPR3100 series firewalls also support OpenAppID

Scalability and flexibility

The system provides scalable solutions for organizations of various sizes and network complexity. As a result, you can easily adapt it to your business needs, expand it as your organization grows, and provide flexibility in planning your network security strategy.

In addition, the Open API enables integration with external products such as Snort® and OpenAppID resources.

Ease of management

The Cisco Secure Firewall 3110’s simple and intuitive Firewall Management Center interface allows network administrators to easily configure, monitor, and manage the appliance. This, in turn, saves time and resources that your company can spend on strategic IT tasks.

If you prefer, you can manage your cloud firewall through the Cisco Defense Orchestrator.

High availability (HA)

Available modes: Active/active, Active/standby. The Cisco Secure Firewall 3100 allows you to create clusters of up to 8 chassis.

Implementation tailored to the needs of your organization

Take advantage of our offer and entrust us with the implementation directly at the company’s headquarters or in the cloud via virtual network protection. Check out how many advanced security and integration options the choice of next-generation firewall gives you now and entrust the cybersecurity in your organization to specialists from Grandmetric.

Model Firewall FPR3110
Form factor 1U; rack-mounted
Interfaces 8 x RJ45, 8 x 1/10G SFP+
Optional interfaces Module 8 x 10G SFP+
Throughput FW + AVC (1024B) 17 Gbps
Throughput FW + AVC + IPS (1024B) 17 Gbps
Maximum concurrent sessions, with AVC 2 mln
Maximum new connections per second, with AVC 130 thousand
TLS 4.8 Gbps
Throughput: IPS (1024B) 17 Gbps
Throughput: IPSec VPN (1024B TCP w/Fastpath) 8 Gbps
Projected IPSec VPN Throughput (1024B TCP w/Fastpath) with VPN Offload (FTD 7.2) 11 Gbps
Maximum VPN Peers 3 thousand
Dimensions (H x W x D) 4,4 x 43,3 x 50,8 cm
Disc 1x 900 GB, 1x spare socket
Weight 10,5 kg

Performance and key functionalities

Model Firewall FW+AVC+IPS IPS Throughput Interfaces Optional interfaces
FPR3105 10G 10G 10G 8 x RJ45, 8 x 1/10G SFP+ 10G SFP+
FPR3110 18G 17G 17G 8 x RJ45, 8 x 1/10G SFP+ 10G SFP+
FPR3120 22G 21G 21G 8 x RJ45, 8 x 1/10G SFP+ 10G SFP+
FPR3130 42G 38G 38G 8 x RJ45, 8 x 1/10/25G SFP+ 10G/25G/40G SFP+, 4X40G NM
FPR3140 49G 45G 45G 8 x RJ45, 8 x 1/10/25G SFP+ 10G/25G/40G SFP+, 4X40G NM

Specificatioin details

Feature FPR3105 FPR3110 FPR3120 FRP3130 FPR3140
Throughput: FW + AVC (1024B) 10 Gbps 17 Gbps 21 Gbps 38 Gbps 45 Gbps
Throughput: FW + AVC + IPS (1024B) 10 Gbps 17 Gbps 21 Gbps 38 Gbps 45 Gbps
Maximum concurrent sessions, with AVC 1.5 mln 2 mln 4 mln 6 mln 10 mln
Maximum new connections per second, with AVC 90 thousand 130 thousand 170 thousand 240 thousand 300 thousand
TLS 3.2 Gbps 4.8 Gbps 6.7 Gbps 9.1 Gbps 11.5 Gbps
Throughput: IPS (1024B) 10 Gbps 17 Gbps 21 Gbps 38 Gbps 45 Gbps
Throughput: IPSec VPN (1024B TCP w/Fastpath) 5.5 Gbps 8 Gbps 10 Gbps 17.8 Gbps 22.4 Gbps
Projected IPSec VPN Throughput
(1024B TCP w/Fastpath) with VPN Offload (FTD 7.2)
NA 11.5 Gbps 13.5 Gbps 33 Gbps 39.4 Gbps
Maximum VPN Peers 2 thousand 3 thousand 6 thousand> 15 thousand 20 thousand
Local On-device Management Yes Yes Yes> Yes Yes

ASA Performance and capabilities on Secure Firewall 3100 appliances

Feature FPR3105 FPR3110 FPR3120 FRP3130 FPR3140
Stateful inspection firewall throughput * 10 Gbps 18 Gbps 22 Gbps 42 Gbps 49 Gbps
Stateful inspection firewall throughput (multiprotocol) ** 9 Gbps 15 Gbps 17 Gbps 39 Gbps 43 Gbps
Concurrent firewall connections 1.5 mln 2 mln 4 mln 6 mln 10 mln
New connections per second 150 thousand 300 thousand 500 thousand 875 thousand 1.1 mln
New connections per second 3.2 Gbps 4.8 Gbps 6.7 Gbps 9.1 Gbps 11.5 Gbps
IPsec VPN throughput
(450B UDP L2L test)
5.5 Gbps 8 Gbps 10 Gbps 14 Gbps 17 Gbps
IPSec VPN Throughput (1024B TCP w/Fastpath) 5.5 Gbps 8 Gbps 10 Gbps 17.8 Gbps 22.4 Gbps
Projected IPsec VPN throughput
(450B UDP L2L test) with VPN Offload (ASA 9.18)
7 Gbps 12 Gbps 15.4 Gbps 28 Gbps 33 Gbps
Maximum VPN Peers 2 thousand 3 thousand 7 thousand 15 thousand 20 thousand
Security contexts (included; maximum) 2;100 2;100 2;100 2;100 2;100
High availability
Active/active; Active/standby Active/active; Active/standby Active/active; Active/standby Active/active; Active/standby Active/active; Active/standby
Clustering 8 8 8 8 8
Local On-device Management Yes Yes Yes> Yes Yes
Local On-device Management Yes Yes Yes> Yes Yes
Local On-device Management Yes Yes Yes Yes Yes

* Throughput measured with 1500B User Datagram Protocol (UDP) traffic measured under ideal test conditions.

** “Multiprotocol” refers to a traffic profile consisting primarily of TCP-based protocols and applications like HTTP, SMTP, FTP, IMAPv4, BitTorrent, and DNS.

The Cisco Secure Firewall 3100 Series complies with the following standards and regulations

Directives

2004/108/EC and 2006/108/EC

Safety

  • UL 62368-1
  • CAN/CSA-C22.2 No. 62368-1
  • EN 62368-1
  • IEC 62368-1
  • IEC 60950-1
  • AS/NZS 62368-1
  • GB4943

EMC: emissions

  • FCC 47CFR15 Class A
  • AS/NZS CISPR 32 Class A
  • EN55032/CISPR 32 Class A
  • ICES-003 Class A
  • VCCI Class A
  • KS C 9832 Class A
  • CNS-13438 Class A
  • EN61000-3-2 Power Line Harmonics
  • EN61000-3-3 Voltage Changes, Fluctuations, and Flicker

EMC: Immunity

  • IEC/EN61000-4-2 Electrostatic Discharge Immunity
  • IEC/EN61000-4-3 Radiated Immunity
  • IEC/EN61000-4-4 EFT-B Immunity
  • IEC/EN61000-4-5 Surge
  • IEC/EN61000-4-6 Immunity to Conducted Disturbances
  • IEC/EN61000-4-11 Voltage Dips, Short Interruptions, and Voltage Variations
  • KS C 9835

Standards ETSI/EN

  • EN 300 386 Telecommunications Network Equipment (EMC)
  • EN55032/CISPR 35 Multimedia Equipment (Emissions)
  • EN55024/CISPR 24 Information Technology Equipment (Immunity)
  • EN55035/CISPR 35 Multimedia Equipment (Immunity)
  • EN61000-6-1 Generic Immunity Standard