https://community.cisco.com/t5/network-security/fmc-ftd-ha-cluster/m-p/5162638#M1115183 <P>FTD HA active/standby or cluster ?</P> <P>MHM</P> Mon, 19 Aug 2024 13:25:26 GMT MHM Cisco World 2024-08-19T13:25:26Z https://community.cisco.com/t5/network-security/fmc-ftd-ha-cluster/m-p/5162599#M1115179 <P>Hello community,</P><P>currently we are facing a challenge to build FTD HA cluster using FMC while using the same interface for DATA and MANAGEMENT traffic processing.</P><P>However it turned out that on FTD models 1150 such setup is not supported. When building up a cluster we get message: "High availability not supported on this model for devices enabled for Management access through data interfaces".</P><P>In case we use our available public IPs for management interfaces to separate DATA and MANAGEMENT traffic there will be no left for outside interface to build VPN tunnel. In case we use private IPs for management interfaces we will not be able to publish any changes from FMC in case VPN tunnel will be down.</P><P>I would like to ask you what is the best practice to follow in such scenario.</P><P>Also I would like to ask you, in case we use public IPs for management interface, is there a way to secure this interface which will be facing public internet? (like limit access only from certain IPs, or deny ICMP, etc...)</P><P>Thanks a lot for any valuable information on these topics!</P> Mon, 19 Aug 2024 12:19:46 GMT https://community.cisco.com/t5/network-security/fmc-ftd-ha-cluster/m-p/5162599#M1115179 kamensky@kronovision.sk 2024-08-19T12:19:46Z https://community.cisco.com/t5/network-security/fmc-ftd-ha-cluster/m-p/5162638#M1115183 <P>FTD HA active/standby or cluster ?</P> <P>MHM</P> Mon, 19 Aug 2024 13:25:26 GMT https://community.cisco.com/t5/network-security/fmc-ftd-ha-cluster/m-p/5162638#M1115183 MHM Cisco World 2024-08-19T13:25:26Z https://community.cisco.com/t5/network-security/fmc-ftd-ha-cluster/m-p/5162640#M1115184 <P>HA active/ standby</P> Mon, 19 Aug 2024 13:27:40 GMT https://community.cisco.com/t5/network-security/fmc-ftd-ha-cluster/m-p/5162640#M1115184 kamensky@kronovision.sk 2024-08-19T13:27:40Z https://community.cisco.com/t5/network-security/fmc-ftd-ha-cluster/m-p/5162659#M1115186 <P>MHM</P> Mon, 19 Aug 2024 18:54:34 GMT https://community.cisco.com/t5/network-security/fmc-ftd-ha-cluster/m-p/5162659#M1115186 MHM Cisco World 2024-08-19T18:54:34Z https://community.cisco.com/t5/network-security/fmc-ftd-ha-cluster/m-p/5162667#M1115187 <P>FYI version 7.4 added support for this feature.</P> <TABLE class="table frame-topbot table--pgwide-1" border="1" width="100%"> <TBODY class="tbody"> <TR> <TD colspan="4" class="entry align-left colsep-1 rowsep-1"> <P class="p"><STRONG class="ph b">High Availability/Scalability</STRONG></P> </TD> </TR> <TR> <TD class="entry align-left colsep-1 rowsep-1"> <P class="p"><SPAN class="ph">Manage threat defense high availability pairs using a data interface.</SPAN></P> </TD> <TD class="entry align-left colsep-1 rowsep-1"> <P class="p">7.4.0</P> </TD> <TD class="entry align-left colsep-1 rowsep-1"> <P class="p">7.4.0</P> </TD> <TD class="entry align-left colsep-1 rowsep-1"> <DIV id="Cisco_Concept.dita_f1d9dce2-d61d-4aaa-ba45-c419ab2d3d39__74_ha_data_interface" class="div"> <P class="p">Threat defense high availability now supports using a regular data interface for communication with the management center. Previously, only standalone devices supported this feature.</P> <P class="p">See: <A class="xref" href="https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/740/management-center-device-config-74/get-started-device-management.html" target="_blank" rel="noopener">Using the Threat Defense Data Interface for Management</A></P> </DIV> </TD> </TR> </TBODY> </TABLE> Mon, 19 Aug 2024 14:12:12 GMT https://community.cisco.com/t5/network-security/fmc-ftd-ha-cluster/m-p/5162667#M1115187 Marvin Rhoads 2024-08-19T14:12:12Z https://community.cisco.com/t5/network-security/fmc-ftd-ha-cluster/m-p/5162782#M1115194 <P>Thanks a lot for info, tested, working.</P> Mon, 19 Aug 2024 18:36:26 GMT https://community.cisco.com/t5/network-security/fmc-ftd-ha-cluster/m-p/5162782#M1115194 kamensky@kronovision.sk 2024-08-19T18:36:26Z