Cisco Secure Firewall 1010 vs 1120
The Secure Firewall 1010 is a desktop appliance for small/home offices, while the 1120 is a 1RU appliance with roughly 2.5x the throughput and SFP uplinks for larger branches. Choose the 1010 for very small sites, and the 1120 when you need more throughput, more VPN peers, and fiber uplinks.
Cisco Secure Firewall 1010
Desktop next-gen firewall (Firepower 1010) for small and home offices with built-in switch ports.
- Desktop form factor with 8x GE RJ45 (PoE on 2 ports)
- 890 Mbps FW+AVC, 880 Mbps threat throughput
- 400 Mbps IPsec VPN, up to 75 VPN peers
- Runs FTD or ASA image; managed by FDM, FMC, or CDO
Cisco Secure Firewall 1120
1RU next-gen firewall (Firepower 1120) for mid-size branches with copper and SFP interfaces.
- 1RU rack form factor, 8x GE RJ45 + 4x SFP
- 2.3 Gbps FW+AVC and threat throughput
- 1.2 Gbps IPsec VPN, up to 150 VPN peers
- Runs FTD or ASA image; managed by FDM, FMC, or CDO
Cisco Secure Firewall 1010 vs Cisco Secure Firewall 1120: spec comparison
| Spec | Cisco Secure Firewall 1010 | Cisco Secure Firewall 1120 |
|---|---|---|
| Form factor | Desktop | 1RU rack-mount |
| FW + AVC throughput (1024B) | 890 Mbps | 2.3 Gbps |
| FW + AVC + IPS (threat) throughput | 880 Mbps | 2.3 Gbps |
| IPsec VPN throughput | 400 Mbps | 1.2 Gbps |
| Max concurrent sessions (AVC) | 100K | 200K |
| New connections/sec (AVC) | 6,000 | 15,000 |
| Max VPN peers | 75 | 150 |
| Interfaces | 8x GE RJ45 (2 with PoE) | 8x GE RJ45 + 4x SFP |
| Onboard storage | 200 GB | 200 GB |
| Software | FTD or ASA | FTD or ASA |
| Redundant power supply | No (external adapter) | No (single internal PSU) |
Choose Cisco Secure Firewall 1010 if
Choose the 1010 for home offices, very small branches, and teleworker sites. Its desktop chassis, built-in switch ports, and PoE on two ports let it power a phone or AP without a separate switch, and 890 Mbps is plenty for small Internet links.
Choose Cisco Secure Firewall 1120 if
Choose the 1120 when a small site is outgrowing the 1010: it offers about 2.5x the throughput, double the concurrent sessions and VPN peers, and adds SFP fiber uplinks in a rack-mount chassis suited to a wiring closet.
Verdict
These two sit at the bottom of the Secure Firewall 1000 Series. Pick the 1010 for the smallest sites where a desktop unit with built-in switching is ideal. Step up to the 1120 when you need more throughput, more VPN capacity, fiber uplinks, or a rack-mount form factor. Both run the same FTD software, so management is identical.
Frequently asked questions
What is the difference between the Secure Firewall 1010 and 1120?
The 1010 is a desktop appliance with 890 Mbps FW+AVC throughput and built-in switch ports; the 1120 is a 1RU appliance with 2.3 Gbps throughput, 4 SFP uplinks, and roughly double the sessions and VPN peers.
Does the Secure Firewall 1010 have PoE?
Yes. The 1010 provides Power over Ethernet on two of its eight GE ports, which can power an IP phone or access point directly. The 1120 does not include built-in PoE ports.
How many VPN users can each support?
The 1010 supports up to 75 VPN peers and the 1120 up to 150. If you need more remote-access capacity, look at the 1140 (400) or the 3100 Series.
Do the 1010 and 1120 run ASA or FTD software?
Both can run Firepower Threat Defense (FTD) for full next-gen features or the classic ASA image if you prefer a traditional firewall, giving flexibility during ASA-to-FTD migrations.
More Security comparisons
Specs are for planning and may change; Uniqcli confirms the current Cisco bill of materials and pricing on your quote. Cisco, Catalyst, Nexus, Meraki, and Firepower are trademarks of Cisco Systems, Inc.; Uniqcli LLC is an independent authorized Cisco partner.