cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Ask the Expert- SD-WAN

482
Views
0
Helpful
4
Replies
Highlighted

Firepower 2100 HA vs Clustering

Hello,

 

I'm trying to understand the difference between HA and clustering.

 

I see in the datasheet 2 lines different https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/data_sheet-c78-736661.html#ModelOverview

 

But I read in a cisco doc that  "FirePOWER Clustering means HA" https://learningnetwork.cisco.com/docs/DOC-30551

 

So for the 2110, we have HA but not clustering, but with the last citation, I have no HA because no clustering.

 

I'm lost ... 

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Master

Re: Firepower 2100 HA vs Clustering

HA = High Availability. One device is Active and the other is Standby. For devices running ASA software and multiple contexts (think "virtual firewalls") the Active and Standby roles can be reversed across different contexts thus the concept of "Active-Active". A given context is always Active-Standby though. For devices running FTD software, HA is only Active-Standby. Firepower 4100 and 9300 models (NOT 2100 series) can run multiple instances of FTD in containers and those can in turn be each configured Active-Standby across multiple chassis.

 

Clustering = combining multiple hardware appliances into a logical cluster for both high availability and scalability. Firepower 4100 and 9300 series appliances running FTD support clustering, as do most devices running ASA software (exception - ASAv, low end hardware like the ASA 5506-X and 5508-X, and the Firepower 2100 series running ASA software). In a cluster, all functional members are simultaneously active and there is some advanced software taking care of distributing flows and connections among the cluster members.

4 REPLIES 4
Hall of Fame Master

Re: Firepower 2100 HA vs Clustering

The Cisco Learning Network document you cited refers to classic Firepower NGIPS devices. It does not describe the capabilities of Firepower Threat Defense (FTD) on Firepower 2100 or any other hardware platform. Also, it is written by a contributor and is not an official Cisco publication.

The data sheet rightly notes that clustering (for FTD) is available on the Firepower 4100 and 9300 series appliances. The 2100 series does not currently offering clustering support but does offer Active-Standby high availability.

 

Re: Firepower 2100 HA vs Clustering

Ok thanks but I don't understand the difference between cluster and HA. I may be dumb but could you explain me the difference between HA and cluster ? 

More over it's written that the active/active is supported on HA for the 2100 series

Hall of Fame Master

Re: Firepower 2100 HA vs Clustering

HA = High Availability. One device is Active and the other is Standby. For devices running ASA software and multiple contexts (think "virtual firewalls") the Active and Standby roles can be reversed across different contexts thus the concept of "Active-Active". A given context is always Active-Standby though. For devices running FTD software, HA is only Active-Standby. Firepower 4100 and 9300 models (NOT 2100 series) can run multiple instances of FTD in containers and those can in turn be each configured Active-Standby across multiple chassis.

 

Clustering = combining multiple hardware appliances into a logical cluster for both high availability and scalability. Firepower 4100 and 9300 series appliances running FTD support clustering, as do most devices running ASA software (exception - ASAv, low end hardware like the ASA 5506-X and 5508-X, and the Firepower 2100 series running ASA software). In a cluster, all functional members are simultaneously active and there is some advanced software taking care of distributing flows and connections among the cluster members.

Re: Firepower 2100 HA vs Clustering

Ok thanks very clear Marvin !