https://community.cisco.com/t5/network-security/cisco-firepower-ftd-1010-high-availability-active-and-standby/m-p/4457559#M1083233 <P>Hi</P> <P>From my experience i did a similar thing with FTD 2100 managed from FMC. If you doing from FMC make sure your in service firewall stay (make its as primary firewall) when doing a HA configure (From FMC GUI). I am sure the method for FTD2100 and 1010 is same.</P> <P>&nbsp;</P> <P>the reason saying keep the in service production as Primary as the Primary will push the configuration to Secondary firewall via FMC. make sure your layer 2 (VLAN) are solid and configured on both sides of DC</P> <P>&nbsp;</P> <P>make sure you have license for HA pair. here i get from cisco web <A href="https://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config-guide-v61/firepower_threat_defense_high_availability.html" target="_self">here</A>&nbsp;</P> <H3 class="editable">Smart License Requirements for HA</H3> <P>The following license requirements must be met for both physical and virtual FTDs:</P> <UL> <LI>Both devices in an HA pair must have&nbsp;either a registered license, or an&nbsp;evaluation license. If the devices are registered, they can be registered to different Cisco Smart Software Manager accounts, but the accounts must have the same state for the export-controlled functionality setting, either both enabled or both disabled. However, it does not matter if you have enabled different optional licenses on the devices.</LI> <LI>Both devices within the HA pair must have the same licenses during operation. It is possible to be in compliance on one device, but out of compliance&nbsp;on the other if there are insufficient licenses.&nbsp;If your Smart Licenses account does not include enough purchased entitlements, your account becomes Out-of-Compliance (even though one of the devices may be&nbsp;compliant) until you purchase the correct number of licenses.</LI> </UL> Tue, 31 Aug 2021 14:05:56 GMT Sheraz.Salim 2021-08-31T14:05:56Z https://community.cisco.com/t5/network-security/cisco-firepower-ftd-1010-high-availability-active-and-standby/m-p/4457533#M1083232 <P>HI,</P><P>I have&nbsp;Cisco Firepower FTD 1010, and due to the fact that we need high available network, i have question if i can order another FTD 1010, and configure both devises with High Availability Active and Standby.</P><P>Now i have one FTD1010 connected to 3 Cisco SG350.</P><P>Can i do a high availability Active and standby ?</P><P>Any information or from experience knowledge, or documentation will be appreciated&nbsp;</P> Tue, 31 Aug 2021 13:13:08 GMT https://community.cisco.com/t5/network-security/cisco-firepower-ftd-1010-high-availability-active-and-standby/m-p/4457533#M1083232 HaniAbuelkhair39121 2021-08-31T13:13:08Z https://community.cisco.com/t5/network-security/cisco-firepower-ftd-1010-high-availability-active-and-standby/m-p/4457559#M1083233 <P>Hi</P> <P>From my experience i did a similar thing with FTD 2100 managed from FMC. If you doing from FMC make sure your in service firewall stay (make its as primary firewall) when doing a HA configure (From FMC GUI). I am sure the method for FTD2100 and 1010 is same.</P> <P>&nbsp;</P> <P>the reason saying keep the in service production as Primary as the Primary will push the configuration to Secondary firewall via FMC. make sure your layer 2 (VLAN) are solid and configured on both sides of DC</P> <P>&nbsp;</P> <P>make sure you have license for HA pair. here i get from cisco web <A href="https://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config-guide-v61/firepower_threat_defense_high_availability.html" target="_self">here</A>&nbsp;</P> <H3 class="editable">Smart License Requirements for HA</H3> <P>The following license requirements must be met for both physical and virtual FTDs:</P> <UL> <LI>Both devices in an HA pair must have&nbsp;either a registered license, or an&nbsp;evaluation license. If the devices are registered, they can be registered to different Cisco Smart Software Manager accounts, but the accounts must have the same state for the export-controlled functionality setting, either both enabled or both disabled. However, it does not matter if you have enabled different optional licenses on the devices.</LI> <LI>Both devices within the HA pair must have the same licenses during operation. It is possible to be in compliance on one device, but out of compliance&nbsp;on the other if there are insufficient licenses.&nbsp;If your Smart Licenses account does not include enough purchased entitlements, your account becomes Out-of-Compliance (even though one of the devices may be&nbsp;compliant) until you purchase the correct number of licenses.</LI> </UL> Tue, 31 Aug 2021 14:05:56 GMT https://community.cisco.com/t5/network-security/cisco-firepower-ftd-1010-high-availability-active-and-standby/m-p/4457559#M1083233 Sheraz.Salim 2021-08-31T14:05:56Z