cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2909
Views
10
Helpful
5
Replies

IPS resources on Firepower

mateens
Level 1
Level 1

Hi,

If there are 2 instances for 2 customers on 4100 series firewall. Is it possible to assign specific resources to a specific customer also for IPS?

can anyone provide any cisco documentation ?

 

Mateen

1 Accepted Solution

Accepted Solutions

Oliver Kaiser
Level 7
Level 7

You can use multi-instance mode to achieve "real" multi tenancy on FPR4100 / 9300. That way every virtual instance received dedicated cpu cores, memory and disk space. Splitting resources within a single instance is not possible, for example you cannot provision a virtual instance running Firepower Threat Defense and use 20% of the cpu cores for Customer A traffic and 50% of cpu cores for Customer B traffic. For a clean seperation you musst assign a dedicated instance to each customer (... atleast if you really need resource reservations) and a seperate data/control/mgmt plane for each customer

View solution in original post

5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

here is multi tenancy deployment and configuratiion guide :

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/multi-instance/multi-instance_solution.html

 

If you got access to cisco Live Presentation look one of the document is good for reference :

 

BRKACI-3004

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

mateens
Level 1
Level 1

Can IPS resources also divided ?

 

 

balaji.bandi
Hall of Fame
Hall of Fame

I have not deployed, yes and hope so.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

mateens
Level 1
Level 1

heard that IPS use shared resources when needed so it is not recomended to run IPS when firepower is shared with other customers. Cannot find any documentation.

Oliver Kaiser
Level 7
Level 7

You can use multi-instance mode to achieve "real" multi tenancy on FPR4100 / 9300. That way every virtual instance received dedicated cpu cores, memory and disk space. Splitting resources within a single instance is not possible, for example you cannot provision a virtual instance running Firepower Threat Defense and use 20% of the cpu cores for Customer A traffic and 50% of cpu cores for Customer B traffic. For a clean seperation you musst assign a dedicated instance to each customer (... atleast if you really need resource reservations) and a seperate data/control/mgmt plane for each customer

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: