https://community.cisco.com/t5/network-security/firepower-failover-behavior/m-p/4794088#M1098667 <P>If the portchannel was dedicated per interface, then all interfaces would need to go down to dictate a failover.</P> <P>If you were using sub interfaces on the portchannel and the sub interface went down, that would cause a failover.</P> Tue, 14 Mar 2023 21:44:23 GMT Rob Ingram 2023-03-14T21:44:23Z https://community.cisco.com/t5/network-security/firepower-failover-behavior/m-p/4794045#M1098658 <P><STRONG>Context:</STRONG> Just got an pair of FTD 4140s and 2140s HA configured.&nbsp; They're at v7.0.5 with vFMC and wondering how the FTDs handle failover scenarios.&nbsp; For this question, monitoring is enabled for L2 and L3 interfaces and I have a single Inside (access) and Outside (trunked) configured for each appliance (just for the example, not actual config).</P><P><STRONG>The Question:</STRONG> Is there a difference in the failover behavior when an entire appliance goes offline versus when an interface goes offline?&nbsp; For example and pretty obvious, if my primary (active) 4140 goes offline for whatever reason, the standby will become active.&nbsp; However, what if an individual interface, L2 or L3, on the primary (active) goes offline?&nbsp; Does the interface itself failover to the standby?&nbsp; Or does the entire standby unit become active?</P><P><STRONG>Addt'l Question:</STRONG> Does the failover behavior change when Etherchannel/Port-channels are configured?</P><P>Regards,</P><P>Wreckt</P> Tue, 14 Mar 2023 20:52:26 GMT https://community.cisco.com/t5/network-security/firepower-failover-behavior/m-p/4794045#M1098658 Wrecktangle 2023-03-14T20:52:26Z https://community.cisco.com/t5/network-security/firepower-failover-behavior/m-p/4794049#M1098659 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1314171">@Wrecktangle</a> by default the failure of an interface on the Active Firewall (whether it's physical or logical) would cause the standby FTD appliance (the entire standby unit) to become active.</P> Tue, 14 Mar 2023 20:58:37 GMT https://community.cisco.com/t5/network-security/firepower-failover-behavior/m-p/4794049#M1098659 Rob Ingram 2023-03-14T20:58:37Z https://community.cisco.com/t5/network-security/firepower-failover-behavior/m-p/4794071#M1098662 <P>This is the information I used when deploying our FTD's with FMC frontend.&nbsp;<A href="https://www.cisco.com/c/en/us/td/docs/security/firepower/630/fdm/fptd-fdm-config-guide-630/fptd-fdm-ha.html" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/firepower/630/fdm/fptd-fdm-config-guide-630/fptd-fdm-ha.html</A></P><P>&nbsp;</P> Tue, 14 Mar 2023 21:16:14 GMT https://community.cisco.com/t5/network-security/firepower-failover-behavior/m-p/4794071#M1098662 Eric R. Jones 2023-03-14T21:16:14Z https://community.cisco.com/t5/network-security/firepower-failover-behavior/m-p/4794078#M1098663 <BLOCKQUOTE><HR /><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/97036">@Rob Ingram</a>&nbsp;wrote:(whether it's physical or logical) would cause the standby FTD appliance (the entire standby unit) to become active.<HR /></BLOCKQUOTE><P>Assuming this includes etherchannel/port-channels (logical), why would one use an etherchannel/port-channel say in the case of a 2 or 4-port etherchannel if it will failover if any of those ports go down?</P> Tue, 14 Mar 2023 21:34:31 GMT https://community.cisco.com/t5/network-security/firepower-failover-behavior/m-p/4794078#M1098663 Wrecktangle 2023-03-14T21:34:31Z https://community.cisco.com/t5/network-security/firepower-failover-behavior/m-p/4794088#M1098667 <P>If the portchannel was dedicated per interface, then all interfaces would need to go down to dictate a failover.</P> <P>If you were using sub interfaces on the portchannel and the sub interface went down, that would cause a failover.</P> Tue, 14 Mar 2023 21:44:23 GMT https://community.cisco.com/t5/network-security/firepower-failover-behavior/m-p/4794088#M1098667 Rob Ingram 2023-03-14T21:44:23Z https://community.cisco.com/t5/network-security/firepower-failover-behavior/m-p/4794119#M1098669 <P>Appreciate the enlightenment!</P> Tue, 14 Mar 2023 23:03:01 GMT https://community.cisco.com/t5/network-security/firepower-failover-behavior/m-p/4794119#M1098669 Wrecktangle 2023-03-14T23:03:01Z