What's new

Cisco Firepower 1010

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

coxhaus

Part of the Furniture
I wondered if anybody on this site is running one of these? It may be a little advanced for this site. But with the EOL of the Cisco RV340 router and no replacement announced yet I am looking around. I have been trained on the old Cisco PIX firewalls which I think will be like running ASA on the Firepower 1010.

It might be an option for me. It would be a CLI only firewall using command line. I would have to deal with Cisco SMartNet Maintenace.

I have seen a Cisco Firepower listed for as little as $377 and then around another $100 per year for support to get software updates.
 
So I do not have an answer to your question, but I am curious as to why there is no "recommended replacement" listed for the RV 340. Is Cisco withdrawing from this class of product? Not sure this "old dog" is up for learning CLI as a new trick ......

Maybe they are just not there yet? Strange though as they usually announce the new product before putting up the EOL notice - don't they?
 
I guess we still have software and security updates until Oct 2022 but after that I will be looking for a replacement.
 
Continue looking for a replacement from today. After October next year, you should be already using a new/currently supported product if security is important to you and your network.
 
It could be the chip shortage. Cisco does things in a big way as their company is big.

If you have never worked on Cisco CLi then ASA is not for you. Cisco has a GUI for the Firepower 1010 but it is tied to database work that requires a good UPS or otherwise their databases can corrupt if it shuts down unexpectedly. I have not figured it all out.
 
Yes, my thoughts exactly.

& @L&LD - yes I am searching now. Will likely wait until after the Holiday Season but the Christmas break is usually when I do my major network tinkering. Open to any suggestions you may have to offer.
 
I'll defer to @coxhaus and @Trip here. I'd take any leads they offer and run with those. :)
 
Yes, my thoughts exactly.

& @L&LD - yes I am searching now. Will likely wait until after the Holiday Season but the Christmas break is usually when I do my major network tinkering. Open to any suggestions you may have to offer.
I would say you will probably be good until next Christmas unless there is some big hack that comes out. We will have support through most of the summer. It's just when the next big hack comes out. You will know as it will show up and be listed. It might even be longer.

I am just looking around to see what if.

I don't think there are too many Firepower 1010s running at home. I am sure it will be an excellent firewall. But between having to license the product and deal with real Cisco not the friendly Small Business Cisco it will limit it for home use. I am sure there are thousands of the Firepower firewalls out there but they are on the business side.

The problem with loading the GUI software as it is a different OS is that it cannot be shutdown abruptly or the databases for all the IPS and WAN filtering will corrupt. The firewall has to have a shutdown issued to the box to shut it down gracefully which I don't see working for home use. It would need a large UPS tied to the firewall which I don't plan to run any more since I turned off my rack system. It had a large APC with a USB port out to notify a Microsoft server to shut down as the power is running out.
 
Last edited:
The more I look the more I think the 1010 will be more powerful than my Cisco RV340 router.
The number of NAT connections per second for the RV340 is 3000 vs 1010 is 25000.
The number of NAT connections for the RV340 is 40,000 and the 1010 is 100,000

The Firepower 1010 will support 75 VPN connections. Way more than I need.
 
Don't forget pfsense, Netgate SG-5100, Max Active Connections 4.0 Million and can be expanded.
3.6gbits aggregated WAN throughput (tested here up to 3.0)
 
The Netgate SG-5100 is $768 for 1 year. The Cisco Firepower last I saw was $475 for 1 year.
That is a lot of active connections. Big CPUs do make for big routers. How many VPNs can it run? The Cisco can run 75 but it will cost more but Cisco's VPN is the best in my mind. But home does not require that. I assume they use a co-processor. I don't need more than a gig for home. I ran pfsense for a year and I won't go back. Untangle is probably what I would run if I wanted to run software on a small x86 PC. Untangle is still a possible solution.

I would think Cisco's firewall solution would be of a higher caliber than Negate's firewall. Cisco has much bigger firewalls if you need to expand. Cisco Firepower 1010 is the smallest firewall Cisco offers in this line. I think the Cisco Firepower is about right for home use with the low price. You do step into a real networking world with no hand holding when you enter the Cisco enterprise level.

PS
That is the only statistic that I can find published on the Netgate SG-5100. They don't publish anything else. Do they expect to live or die with 1 statistic? I found more statics. And that statistic is without running Snort or Suricata because they have it listed as optional.

Does it cost more if you want Snort loaded and maintained? What is the performance with Snort loaded and say 50 or 60 VPNs running?
Cisco is going to be close to true. Yes, they use best scenarios but you will be close when you implement it.

It looks like Negate SG-5100 is about the same on VPNs as the Firepower 1010. But of course, Negate is not running Snort.
 
Last edited:
The Netgate SG-5100 is $768 for 1 year. The Cisco Firepower last I saw was $475 for 1 year.
pfSense is 'free', its up to you how you want to support it, your can load it with opensense and buy cheaper hardware.

That is a lot of active connections. Big CPUs do make for big routers. How many VPNs can it run? The Cisco can run 75 but it will cost
I don't run VPN's as vpn is a waste of CPU, I use a sslvpn gateway (ssh based) behind it which can handle 200x more then any crap vpn.

more but Cisco's VPN is the best in my mind.
If you want to live with cisco security track record (which is crap) go for it. (in such cases I'd go for a FS router any day over cisco).

That is the only statistic that I can find published on the Netgate SG-5100. They don't publish anything else. Do they expect to live or die with 1 statistic?
There are youtube reviews. https://www.google.nl/search?q=lawrence+youtube+netgate

Does it cost more if you want Snort loaded and maintained?
No idea, I don't run such needless stuff on a firewall, behind it is a nginx cluster with Lua IDS/ATP and additional connectors to manage the firewall.
 
I'm using SG-5100 appliance and it doesn't require any support subscriptions. The hardware is about 10x faster compared to Cisco RV34x series and 3x faster compared to Cisco 1010. I run packages as Suricata IDS/IPS (Snort is also available), pfBlockerNG IP/DNS blocker, OpenVPN Server (built-in, Wireguard available as a package), Unbound DNS as resolver (built-in), APC UPS monitor for my battery backup, traffic monitor, ntopng, service watchdog. The appliance can do full Gigabit IDS/IPS, Wireguard, IPSec and ~400Mbps OpenVPN. Never had any issues with OS updates, few times with packages updates (fixed fast by developers). I also run 3x Cisco RV345P routers for business and have no intentions to replace them any time soon. Very basic units, but do what I need them to do. The main advantage is simplicity.
 
I'm using SG-5100 appliance and it doesn't require any support subscriptions. The hardware is about 10x faster compared to Cisco RV34x series and 3x faster compared to Cisco 1010. I run packages as Suricata IDS/IPS (Snort is also available), pfBlockerNG IP/DNS blocker, OpenVPN Server (built-in, Wireguard available as a package), Unbound DNS as resolver (built-in), APC UPS monitor for my battery backup, traffic monitor, ntopng, service watchdog. The appliance can do full Gigabit IDS/IPS, Wireguard, IPSec and ~400Mbps OpenVPN. Never had any issues with OS updates, few times with packages updates (fixed fast by developers). I also run 3x Cisco RV345P routers for business and have no intentions to replace them any time soon. Very basic units, but do what I need them to do. The main advantage is simplicity.
I really doubt you have run a Firepower 1010. You are talking out your A$$.
 
Data sheet is available online. Get one and start paying subscription services for something available in pfSense for free. Your choice.
 
Data sheet is available online. Get one and start paying subscription services for something available in pfSense for free. Your choice.
The SG-5100 is not possible to be 3x faster than a Firepower 1010. Data sheet for 1010
"Stateful inspection firewall throughput1 2 Gbps" Best case.

Your statements are crap as usual.
 
Your statements are crap as usual.

I know what's inside and what can run on it. Netgate hardware is actually exactly 46.7% faster in what scales linearly. For example, OpenVPN: Cisco 1010 ~300Mbps -> SG-5100 >400Mbps. Same for routing performance. The 3x difference comes when hardware + available software performance is in play. Netgate with pfSense has available Suricata multi-threaded IDS/IPS (for a long time). Cisco 1010 users have to wait for Snort 3.x engine integration in software. Current Snort engine is single-threaded. Another advantage of SG-5100 is upgradability. It has a RAM slot and M.2 SATA port. Cisco components are soldered on the PCB. Sorry about the crap, but I don't work with "In my mind, I would think, I assume". Someone else may be interested to know what the differences are. You are free to purchase, use and subscribe to whatever you like.

But of course, Negate is not running Snort.

Both Snort and Suricata are available, user's choice:
https://docs.netgate.com/pfsense/en/latest/packages/snort/index.html
 
Last edited:
I know what's inside and what can run on it. Netgate hardware is actually exactly 46.7% faster in what scales linearly. For example, OpenVPN: Cisco 1010 ~300Mbps -> SG-5100 >400Mbps.

the sg-5100 only has a quad core atom cpu in - good from a thermal point of view and adequate for a lot of users but not really a high performance solution

sg-6100 and sg-7100 are also still atom - you have to go all the way up to the 1537/1541 before you get decent high performance options ( xeon ).

If space is an issue and you don’t have heavy needs ( heavy ids/ips on a multi-gig internet connection etc) the little netgates are fine - but there is a reason you see most people running pfsense/opnsense on proper server hardware, or paying the big $ for the xeon powered netgate units
 
not really a high performance solution

Correct. It's the cheapest home/office x86 firewall they offer. Intel 4C/4T Denverton C3558, 8MB cache, 2.2GHz. No more Xeon powered servers at home. SG-5100 replaced Dell PowerEdge 4C/8T Xeon E3-1240 3.8GHz. I'm done playing with enterprise gear at home, even though I get tons of it for free.
 
Correct. It's the cheapest home/office x86 firewall they offer. Intel 4C/4T Denverton C3558, 8MB cache, 2.2GHz. No more Xeon powered servers at home. SG-5100 replaced Dell PowerEdge 4C/8T Xeon E3-1240 3.8GHz. I'm done playing with enterprise gear at home, even though I get tons of it for free.

other issue with the sg-5100 is it's only got gbe ports - 2gig and 4gig fibre to the home means that's not very future proof

the sg-6100 has 2.5gbe and sfp+ yet is no dearer than the 5100, so if you are buying netgate branded hardware the newer model is the obvious choice
 
Similar threads

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top