Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2926
Views
10
Helpful
5
Replies

IPS resources on Firepower

Go to solution
mateens
Level 1
Level 1

‎02-11-2021 01:19 AM - edited ‎02-11-2021 01:20 AM

Hi,

If there are 2 instances for 2 customers on 4100 series firewall. Is it possible to assign specific resources to a specific customer also for IPS?

can anyone provide any cisco documentation ?

 

Mateen

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Oliver Kaiser
Level 7
Level 7

‎02-11-2021 05:15 AM

You can use multi-instance mode to achieve "real" multi tenancy on FPR4100 / 9300. That way every virtual instance received dedicated cpu cores, memory and disk space. Splitting resources within a single instance is not possible, for example you cannot provision a virtual instance running Firepower Threat Defense and use 20% of the cpu cores for Customer A traffic and 50% of cpu cores for Customer B traffic. For a clean seperation you musst assign a dedicated instance to each customer (... atleast if you really need resource reservations) and a seperate data/control/mgmt plane for each customer

View solution in original post

5 Replies 5

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎02-11-2021 02:59 AM

here is multi tenancy deployment and configuratiion guide :

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/multi-instance/multi-instance_solution.html

 

If you got access to cisco Live Presentation look one of the document is good for reference :

 

BRKACI-3004

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
mateens
Level 1
Level 1

‎02-11-2021 03:01 AM

Can IPS resources also divided ?

 

 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎02-11-2021 03:32 AM

I have not deployed, yes and hope so.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
mateens
Level 1
Level 1

‎02-11-2021 03:35 AM

heard that IPS use shared resources when needed so it is not recomended to run IPS when firepower is shared with other customers. Cannot find any documentation.

0 Helpful

Go to solution
Oliver Kaiser
Level 7
Level 7

‎02-11-2021 05:15 AM

You can use multi-instance mode to achieve "real" multi tenancy on FPR4100 / 9300. That way every virtual instance received dedicated cpu cores, memory and disk space. Splitting resources within a single instance is not possible, for example you cannot provision a virtual instance running Firepower Threat Defense and use 20% of the cpu cores for Customer A traffic and 50% of cpu cores for Customer B traffic. For a clean seperation you musst assign a dedicated instance to each customer (... atleast if you really need resource reservations) and a seperate data/control/mgmt plane for each customer

Customers Also Viewed These Support Documents