Data sheet

Cisco public

Cisco Secure Firewall 3100 Series

Cisco Secure Firewall

Cisco Secure IPS

© 2024 Cisco and/or its affiliates. All rights reserved. Page 1 of 10

Contents
Cisco Secure Firewall 3100 Series 3
Model overview 3
Cisco Secure Firewall 3100 series summary 3
Performance specifications and feature details 4
Hardware specifications 6
Cisco Capital 10
Document history 10

© 2024 Cisco and/or its affiliates. All rights reserved. Page 2 of 10

Cisco Secure Firewall 3100 Series
The mid-range Cisco Secure Firewall 3100 Series supports your evolving world. It makes hybrid work and zero
trust practical, with the flexibility to ensure strong return on investment.

The Cisco Secure Firewall 3100 Series is a family of threat-focused security appliances that delivers business
resiliency and superior threat defense. Each model offers outstanding performance for multiple firewall use
cases, even when advanced threat functions are enabled. These performance capabilities are enabled by a
modern CPU architecture coupled with purpose-built hardware that optimizes firewall, cryptographic, and threat
inspection functions.

The five models in the 3100 Series deliver a range of performance levels to address use cases from the Internet
edge to the data center and private cloud. The 3100 Series supports also clustering to deliver increased
performance that can scale to meet your needs as your organization grows.

Each model in the series can run either ASA or Firewall Threat Defense (FTD) software and the platform can be
deployed in both firewall and dedicated IPS modes. For inline sets and passive interfaces, the 3100 series
supports Q-in-Q (stacked VLAN) with up to two 802.1Q headers in a packet.

Model overview

Cisco Secure Firewall 3100 series summary

Table 1. Cisco Secure Firewall 3100 Series performance and specification highlights

Secure Firewall Firewall FW+AVC+IPS IPS Interfaces Optional interfaces

Models Throughput

3105 10G 10G 10G 8 x RJ45, 8 x 1/10G SFP+ 10G SFP+

3110 18G 17G 17G 8 x RJ45, 8 x 1/10G SFP+ 10G SFP+

3120 22G 21G 21G 8 x RJ45, 8 x 1/10G SFP+ 10G SFP+

3130 42G 38G 38G 8 x RJ45, 8 x 1/10/25G 10G/25G/40G SFP+, 4X40G

SFP+ NM

3140 49G 45G 45G 8 x RJ45, 8 x 1/10/25G 10G/25G/40G SFP+, 4x40G

SFP+ NM

© 2024 Cisco and/or its affiliates. All rights reserved. Page 3 of 10

Performance specifications and feature details
Table 2. Cisco Secure Firewall 3100 Series performance and capabilities, running on Firewall Threat Defense (FTD)
software

Features 3105 3110 3120 3130 3140

Throughput: FW + AVC 10 Gbps 17.0 Gbps 21.0 Gbps 38.0 Gbps 45.0 Gbps
(1024B)

Throughput: FW + AVC 10 Gbps 17.0 Gbps 21.0 Gbps 38.0 Gbps 45.0 Gbps
+ IPS (1024B)

Maximum concurrent 1.5 million 2 million 4 million 6 million 10 million

sessions, with AVC

Maximum new 90,000 130,000 170,000 240,000 300,000

connections per
second, with AVC

TLS1 3.2 Gbps 4.8 Gbps 6.7 Gbps 9.1 Gbps 11.5 Gbps

Throughput: NGIPS 10.0 Gbps 17.0 Gbps 21.0 Gbps 38.0 Gbps 45.0 Gbps
(1024B)

IPSec VPN Throughput 5.5 Gbps 8 Gbps 10 Gbps 17.8 Gbps 22.4 Gbps
(1024B TCP
w/Fastpath)

Projected IPSec VPN NA 11.0 Gbps 13.5 Gbps 33.0 Gbps 39.4 Gbps
Throughput
(1024B TCP
w/Fastpath) with VPN
Offload (FTD 7.2)

Maximum VPN Peers 2,000 3,000 7,000 15,000 20,000

Local On-device Yes Yes Yes Yes Yes

Management

Centralized Centralized configuration, logging, monitoring, and reporting are performed by the Firewall
management Management Center or alternatively in the cloud with Cisco Defense Orchestrator

Application Visibility Standard, supporting more than 4000 applications, as well as geolocations, users, and websites
and Control (AVC)

AVC: OpenAppID Standard

support for custom,
open source,
application detectors

Cisco Security Standard, with IP, URL, and DNS threat intelligence
Intelligence

Cisco Secure IPS Available; can passively detect endpoints and infrastructure for threat correlation and Indicators
of Compromise (IoC) intelligence

© 2024 Cisco and/or its affiliates. All rights reserved. Page 4 of 10

 Features 3105 3110 3120 3130 3140

Cisco Malware Defense Available; enables detection, blocking, tracking, analysis, and containment of targeted and
persistent malware, addressing the attack continuum both during and after attacks. Integrated
threat correlation with Cisco Secure Endpoint is also optionally available

Cisco Secure Malware Available

Analytics

URL Filtering: number More than 80

of categories

URL Filtering: number More than 280 million

of URLs categorized

Automated threat feed Yes: class-leading Collective Security Intelligence (CSI) from the Cisco Talos Group
and IPS signature (https://www.cisco.com/c/en/us/products/security/talos.html)
updates

Third-party and open- Open API for integrations with third-party products; Snort® and OpenAppID community
source ecosystem resources for new and specific threats

High availability and Active/active, Active/standby. Cisco Secure Firewall 3100 Series allows clustering of up to 8
clustering chassis (no clustering on 3105)

Cisco Trust Anchor Secure Firewall 3100 Series platforms include Trust Anchor Technologies for supply chain and
Technologies software image assurance. Please see the section below for additional details

1
Throughput measured with 50% TLS 1.2 traffic with AES256-SHA with RSA 2048B keys.

Note: Performance will vary depending on features activated, and network traffic protocol mix, and
packet size characteristics. Performance is subject to change with new software releases. Consult your
Cisco representative for detailed sizing guidance.

Table 3. ASA Performance and capabilities on Secure Firewall 3100 appliances

Features 3105 3110 3120 3130 3140

Stateful inspection 10.0 Gbps 18.0 Gbps 22.0 Gbps 42.0 Gbps 49.0 Gbps
firewall throughput1

Stateful inspection 9.0 Gbps 15.0 Gbps 17.0 Gbps 39.0 Gbps 43.0 Gbps
firewall throughput
(multiprotocol)2

Concurrent firewall 1.5 million 2 million 4 million 6 million 10 million

connections

New connections per 150,000 300,000 500,000 875,000 1,100,000

second

IPsec VPN throughput 5.5 Gbps 8 Gbps 10 Gbps 14 Gbps 17 Gbps

(450B UDP L2L test)

Projected IPsec VPN 7.0 Gbps 12.0 Gbps 15.4 Gbps 28.0 Gbps 33.0 Gbps
throughput
(450B UDP L2L test) with
VPN Offload (ASA 9.18)

© 2024 Cisco and/or its affiliates. All rights reserved. Page 5 of 10

 Features 3105 3110 3120 3130 3140

Maximum VPN Peers 2,000 3,000 7,000 15,000 20,000

Security contexts 2; 100 2; 100 2; 100 2; 100 2; 100

(included; maximum)

High availability Active/active and Active/active and Active/active and Active/active and Active/active and
active/ standby active/ standby active/ standby active/ standby active/ standby

Clustering N/A 8 8 8 8

Scalability VPN Load Balancing

Centralized Centralized configuration, logging, monitoring, and reporting are performed by Cisco Security
management Manager or alternatively in the cloud with Cisco Defense Orchestrator

Adaptive Security Web-based, local management for small-scale deployments

Device Manager

1
Throughput measured with 1500B User Datagram Protocol (UDP) traffic measured under ideal test conditions.
2
“Multiprotocol” refers to a traffic profile consisting primarily of TCP-based protocols and applications like HTTP, SMTP, FTP, IMAPv4,
BitTorrent, and DNS.

Hardware specifications
Table 4. Cisco Secure Firewall 3100 Series hardware specifications

Features Cisco Secure Firewall Model

3105 3110 3120 3130 3140

Dimensions (H 1.75 x 17 x 20 in. 1.75 x 17 x 20 in. 1.75 x 17 x 20 in. 1.75 x 17 x 20 in. 1.75 x 17 x 20 in.
x W x D)
(4.4 x 43.3 x (4.4 x 43.3 x (4.4 x 43.3 x (4.4 x 43.3 x (4.4 x 43.3 x
50.8 cm) 50.8 cm) 50.8 cm) 50.8 cm) 50.8 cm)

Form factor 1RU 1RU 1RU 1RU 1RU

(rack units)

Integrated I/O 8 x 10M/100M/ 8 x 10M/100M/ 8 x 10M/100M/ 8 x 10M/100M/ 8 x 10M/100M/

1GBASE-T 1GBASE-T 1GBASE-T Ethernet 1GBASE-T 1GBASE-T
Ethernet interfaces Ethernet interfaces interfaces (RJ- 45), Ethernet interfaces Ethernet interfaces
(RJ- 45), 8 x 1/10 (RJ- 45), 8 x 1/10 8 x 1/10 Gigabit (RJ- 45), 8 x (RJ- 45), 8 x
Gigabit (SFP) Gigabit (SFP) (SFP) Ethernet 1/10/25 Gigabit 1/10/25 Gigabit
Ethernet interfaces Ethernet interfaces interfaces (SFP) Ethernet (SFP) Ethernet
interfaces interfaces

Network 8 x 1/10G Options 8 x 1/10G Options 8 x 1/10G Options 8 x 1/10/25G, 8 x 1/10/25G,

modules
4 x 40G Options, 4 x 40G Options

Maximum Up to 24 total Up to 24 total Up to 24 total Up to 24 total Up to 24 total

number of Ethernet ports, Ethernet ports, Ethernet ports, Ethernet ports Ethernet ports
interfaces (8x1G RJ-45, (8x1G RJ-45, (8x1G RJ-45, (8x1G RJ-45, (8x1G RJ-45,
8x1/10G SFP, and 8x1/10G SFP, and 8x1/10G SFP, and 8x1/10/25G SFP, 8x1/10/25G SFP,
network module) network module) network module)

© 2024 Cisco and/or its affiliates. All rights reserved. Page 6 of 10

 Features Cisco Secure Firewall Model

3105 3110 3120 3130 3140

and network and network
module) module)

Integrated 1 x 1/10G SFP 1 x 1/10G SFP 1 x 1/10G SFP 1 x 1/10G SFP 1 x 1/10G SFP
network
management
ports

Serial port 1 x RJ-45 console 1 x RJ-45 console 1 x RJ-45 console 1 x RJ-45 console 1 x RJ-45 console

USB 1 x USB 3.0 Type- 1 x USB 3.0 Type- 1 x USB 3.0 Type-A 1 x USB 3.0 Type- 1 x USB 3.0 Type-
A (900mA) A (900mA) (900mA) A (900mA) A (900mA)

Storage 1x 900 GB, 1x 1x 900 GB, 1x 1x 900 GB, 1x spare 1x 900 GB, 1x 1x 900 GB, 1x
spare slot spare slot slot spare slot spare slot

Power supply Single 400W AC, Single 400W AC, Single 400W AC, Dual 400W AC. Dual 400W AC.
configuration Dual 400W AC Dual 400W AC Dual 400W AC
optional. optional. optional. Single/dual 400W Single/dual 400W
DC optional1 DC optional1
Single/Dual 400W Single/Dual 400W Single/Dual 400W
DC optional1 DC optional1 DC optional1

AC input 100 to 240V AC 100 to 240V AC 100 to 240V AC 100 to 240V AC 100 to 240V AC
voltage

AC maximum < 6A at 100V < 6A at 100V < 6A at 100V < 6A at 100V < 6A at 100V
input current

AC maximum 400W 400W 400W 400W 400W

output power

AC frequency 50 to 60 Hz 50 to 60 Hz 50 to 60 Hz 50 to 60 Hz 50 to 60 Hz

AC efficiency >89% at 50% load >89% at 50% load >89% at 50% load >89% at 50% load >89% at 50% load

DC input -48V to -60VDC -48V to -60VDC -48V to -60VDC -48V to -60VDC -48V to -60VDC
voltage

DC maximum < 12.5A at -48V < 12.5A at -48V < 12.5A at -48V < 12.5A at -48V < 12.5A at -48V
input current

DC maximum 400W 400W 400W 400W 400W

output power

DC efficiency >88% at 50% load >88% at 50% load >88% at 50% load >88% at 50% load >88% at 50% load

Redundancy 1+1 AC or DC with 1+1 AC or DC with 1+1 AC or DC with 1+1 AC or DC with 1+1 AC or DC with
dual supplies dual supplies dual supplies dual supplies dual supplies

Fans 2 hot-swappable 2 hot-swappable 2 hot-swappable fan 2 hot-swappable 2 hot-swappable

fan modules (with fan modules (with modules (with 2 fans fan modules (with 2 fan modules (with 2
2 fans each)2 2 fans each)2 each)2 fans each)2 fans each)2

Noise 65 dBA@ 25C 65 dBA@ 25C 65 dBA@ 25C 65 dBA@ 25C 65 dBA@ 25C

© 2024 Cisco and/or its affiliates. All rights reserved. Page 7 of 10

 Features Cisco Secure Firewall Model

3105 3110 3120 3130 3140

74 dBA maximum 74 dBA maximum 74 dBA maximum 74 dBA maximum 74 dBA maximum

Rack Yes. Fixed mount Yes. Fixed mount Yes. Fixed mount Yes. Fixed mount Yes. Fixed mount
mountable brackets optional. brackets optional. brackets optional. brackets optional. brackets optional.
(2- post). Mount (2- post). Mount (2- post). Mount (2- post). Mount (2- post). Mount
rails included (4- rails included (4- rails included (4- rails included (4- rails included (4-
post EIA- 310-D post EIA- 310-D post EIA- 310-D post EIA- 310-D post EIA- 310-D
rack) rack) rack) rack) rack)

Weight 23 lb (10.5 kg) 1 x 23 lb (10.5 kg) 1 x 23 lb (10.5 kg) 1 x 25 lb (11.4 kg) 2 x 25 lb (11.4 kg) 2 x
power supplies, 1 power supplies, 1 power supplies, 1 x power supplies, 1 x power supplies, 1 x
x NM, fan module, x NM, fan module, NM, fan module, 1x NM, fan module, 1x NM, fan module, 1x
1x SSD 1x SSD SSD SSD SSD

Temperature: 32 to 104°F 32 to 104°F 32 to 104°F 32 to 104°F 32 to 104°F

operating (0 to 40°C) (0 to 40°C) (0 to 40°C) (0 to 40°C) (0 to 40°C)
or NEBS operation
(see below)3

Temperature: -4 to 149°F -4 to 149°F -4 to 149°F -4 to 149°F -4 to 149°F

nonoperating
(-20 to 65°C) (-20 to 65°C) (-20 to 65°C) (-20 to 65°C) (-20 to 65°C)

Humidity: 10 to 85% 10 to 85% 10 to 85% 10 to 85% 10 to 85%

operating
noncondensing noncondensing noncondensing noncondensing noncondensing

Humidity: 5 to 95% 5 to 95% 5 to 95% 5 to 95% 5 to 95%

nonoperating noncondensing noncondensing noncondensing noncondensing noncondensing

Altitude: 10,000 ft (max) 10,000 ft (max) 10,000 ft (max) or 10,000 ft (max) 10,000 ft (max)
operating NEBS operation
(see below)3

Altitude: 40,000 ft (max) 40,000 ft (max) 40,000 ft (max) 40,000 ft (max) 40,000 ft (max)
nonoperating

NEBS Operating altitude: 0

operation to 13,000 ft
(FPR- 3120 (3962 m)
Only)3
Operating
temperature: Long
term: 0 to 45°C, up
to 6,000 ft (1829 m)
Long term: 0 to
35°C, 6,000 to
13,000 ft
(1829 to 3964 m)
Short term: -5 to
55°C, up to 6,000 ft
(1829 m)

1
Dual power supplies are hot-swappable.

2
Fans operate in a 3+1 redundant configuration where the system will continue to function with only 3 operational fans. The 3 remaining
fans will run at full speed.

© 2024 Cisco and/or its affiliates. All rights reserved. Page 8 of 10

3
FPR-3120 platform is designed to be NEBS ready. The availability of NEBS certification is pending.

Table 5. Cisco Secure Firewall 3100 Series NEBS, Regulatory, Safety, and EMC Compliance

Specification Description

Regulatory compliance ● Products comply with CE markings per directives 2004/108/EC and 2006/108/EC

Safety ● UL 62368-1
● CAN/CSA-C22.2 No. 62368-1
● EN 62368-1
● IEC 62368-1
● IEC 60950-1
● AS/NZS 62368-1
● GB4943

EMC: emissions ● FCC 47CFR15 Class A

● AS/NZS CISPR 32 Class A

● EN55032/CISPR 32 Class A
● ICES-003 Class A
● VCCI Class A

● KS C 9832 Class A
● CNS-13438 Class A
● EN61000-3-2 Power Line Harmonics

● EN61000-3-3 Voltage Changes, Fluctuations, and Flicker

EMC: Immunity ● IEC/EN61000-4-2 Electrostatic Discharge Immunity

● IEC/EN61000-4-3 Radiated Immunity
● IEC/EN61000-4-4 EFT-B Immunity

● IEC/EN61000-4-5 Surge
● IEC/EN61000-4-6 Immunity to Conducted Disturbances
● IEC/EN61000-4-11 Voltage Dips, Short Interruptions, and Voltage Variations

● KS C 9835

EMC: ETSI/EN ● EN 300 386 Telecommunications Network Equipment (EMC)

● EN55032/CISPR 35 Multimedia Equipment (Emissions)
● EN55024/CISPR 24 Information Technology Equipment (Immunity)
● EN55035/CISPR 35 Multimedia Equipment (Immunity)

● EN61000-6-1 Generic Immunity Standard

© 2024 Cisco and/or its affiliates. All rights reserved. Page 9 of 10

Cisco Capital
Flexible payment solutions to help you achieve your objectives

Cisco Capital makes it easier to get the right technology to achieve your objectives, enable business
transformation and help you stay competitive. We can help you reduce the total cost of ownership, conserve
capital, and accelerate growth. In more than 100 countries, our flexible payment solutions can help you
acquire hardware, software, services and complementary third-party equipment in easy, predictable
payments. Learn more.

Document history
New or Revised Topic Described In Date

3105 model added Tables 1, 2, 3, 4 March xx, 2023

Printed in USA C78-745072-05 09/24

© 2024 Cisco and/or its affiliates. All rights reserved. Page 10 of 10