https://community.cisco.com/t5/network-security/how-to-design-dr-site-ftd-firewall/m-p/5050775#M1110390 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1037350">@ShareefKooliyodan0444</a> based on your diagram you probably want to take into consideration having FMC High Availability when the DC site is down, as the DR site currently has no way to manage the DR firewall. You can deploy a secondary FMC in the DR and promote in the event the DC site goes down. <A href="https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/admin/720/management-center-admin-72/system-ha.html" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/admin/720/management-center-admin-72/system-ha.html</A></P> <P>Alternatively if both sites have internet access you could consider using the Cloud FMC (cdFMC) which would have reachability to both sites.</P> <P>Whether using an on premise FMC or cdFMC, both the DC and DR&nbsp; FTDs can share the same policies so you'd have a consistent configuration deployed at both sites.</P> Tue, 26 Mar 2024 12:10:23 GMT Rob Ingram 2024-03-26T12:10:23Z https://community.cisco.com/t5/network-security/how-to-design-dr-site-ftd-firewall/m-p/5049835#M1110324 <P>Hello Guys&nbsp;</P><P>Kindly check attached scenario and please advice how i can design and configure DR site ftd firewall&nbsp;</P><P>&nbsp;</P><P>Do I required separate fmc for DR site FTD ? if not required how I will register DR site ftd in Head office fmc ?</P><P>&nbsp;</P><P>Can I manage DR site ftd from Head office fmc ?if I can manage how I will create nat and access policy for this site separately ?</P><P>&nbsp;</P> Mon, 25 Mar 2024 07:17:50 GMT https://community.cisco.com/t5/network-security/how-to-design-dr-site-ftd-firewall/m-p/5049835#M1110324 ShareefKooliyodan0444 2024-03-25T07:17:50Z https://community.cisco.com/t5/network-security/how-to-design-dr-site-ftd-firewall/m-p/5049849#M1110325 <P>the FMC can mgmt many FTD, each FTD in different site and each FTD have it config NAT and ACL, you can config NAT and then deploy it for FTD in DR.<BR /><BR />note:- there is no attachment&nbsp;</P> <P>MHM</P> Mon, 25 Mar 2024 07:35:05 GMT https://community.cisco.com/t5/network-security/how-to-design-dr-site-ftd-firewall/m-p/5049849#M1110325 MHM Cisco World 2024-03-25T07:35:05Z https://community.cisco.com/t5/network-security/how-to-design-dr-site-ftd-firewall/m-p/5049850#M1110326 <P>Thank you , Kindly find my scenario&nbsp; is attached , can you share if you have any sample configuration doc or video ?</P> Mon, 25 Mar 2024 07:38:18 GMT https://community.cisco.com/t5/network-security/how-to-design-dr-site-ftd-firewall/m-p/5049850#M1110326 ShareefKooliyodan0444 2024-03-25T07:38:18Z https://community.cisco.com/t5/network-security/how-to-design-dr-site-ftd-firewall/m-p/5050707#M1110377 <P>sure&nbsp;<BR /><A href="https://www.youtube.com/watch?v=kgZuDNfKQ5A&amp;list=PLpGt4hh32rCqTytts_V-tBAPJ3ad2EgWX" target="_blank" rel="noopener">1. Cisco FTD Overview and Features (youtube.com)</A></P> <P>this series of video how you config FTD</P> <P><SPAN>For position of FMC it can in DR (separate fmc) or fmc in head office, fmc will mgmt both ftd.&nbsp;</SPAN></P> <P><SPAN>If the fmc in Head office then config acl and NAT and deploy to ftd in DR.&nbsp;</SPAN></P> <P>MHM</P> Tue, 26 Mar 2024 12:18:18 GMT https://community.cisco.com/t5/network-security/how-to-design-dr-site-ftd-firewall/m-p/5050707#M1110377 MHM Cisco World 2024-03-26T12:18:18Z https://community.cisco.com/t5/network-security/how-to-design-dr-site-ftd-firewall/m-p/5050775#M1110390 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1037350">@ShareefKooliyodan0444</a> based on your diagram you probably want to take into consideration having FMC High Availability when the DC site is down, as the DR site currently has no way to manage the DR firewall. You can deploy a secondary FMC in the DR and promote in the event the DC site goes down. <A href="https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/admin/720/management-center-admin-72/system-ha.html" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/admin/720/management-center-admin-72/system-ha.html</A></P> <P>Alternatively if both sites have internet access you could consider using the Cloud FMC (cdFMC) which would have reachability to both sites.</P> <P>Whether using an on premise FMC or cdFMC, both the DC and DR&nbsp; FTDs can share the same policies so you'd have a consistent configuration deployed at both sites.</P> Tue, 26 Mar 2024 12:10:23 GMT https://community.cisco.com/t5/network-security/how-to-design-dr-site-ftd-firewall/m-p/5050775#M1110390 Rob Ingram 2024-03-26T12:10:23Z