Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2226
Views
10
Helpful
3
Replies

FTD 2K series Fail Open? Software Bypass IPS?

Go to solution
Freemen
Level 1
Level 1

‎07-31-2018 03:22 AM - edited ‎02-21-2020 08:02 AM

Hi

if FTD 2K in on routed mode, if the IPS engine somehow hang or not responding, it can be software bypass? or the health monitor will trigger as fail then fail over to secondary unit?

 

 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Nikolaj Pabst
Level 5
Level 5
In response to Rahul Govindan

‎08-01-2018 09:39 PM

Sorry, missread the post, this is not an option in routed mode.

View solution in original post

3 Replies 3

Go to solution
Nikolaj Pabst
Level 5
Level 5

‎08-01-2018 01:37 AM

Hi Freemen,

Inline-Pairs can be used for somthing like this with the Failsafe allow setting.

/Nikolaj

 

 

0 Helpful

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni

‎08-01-2018 07:29 PM - edited ‎08-01-2018 07:30 PM

Answer to this is no. The Failover trigger conditions for the FTD are:

 

Active unit loses power or stops normal operation.

Active unit interface physical link down.

Active unit interface up, but connection problem causes interface testing.

 

Source: https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/firepower_threat_defense_high_availability.html#ID-2107-000001b1

 

Unless the IPS hang somehow causes the FTD2 to be unable to talk to FTD1, I do not see this being a failover trigger condition. 

Go to solution
Nikolaj Pabst
Level 5
Level 5
In response to Rahul Govindan

‎08-01-2018 09:39 PM

Sorry, missread the post, this is not an option in routed mode.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card