I haven't touched firewalls for quite some time and I have a few questions.
I'm about to set up a couple of FPR-2120 firewalls and an FMC but before i get started i'm not too sure about the following:
1. Do i need to licence each firewall individually even if they're active/standby?
2. Can i configure the active/standby between the devices first and then register them both on the FMC? Or will i need to configure this using the FMC?
3. Do i need a management ip address for each firewall even though the active config gets transferred to the standby when it fails?
1. Yes. If they haven't been purchased yet there is an ordering bundle which discounts the licenses for the second appliance. However each requires its own unique license(s).
2. It needs to be configured completely from the FMC.
3. Each appliance needs its own unique management address.
Thanks for the swift response Marvin
I do have another question regarding FMC though. At the moment i will be configuring the devices using an evaluation version of FMC in my lab. When i install these devices in the customer network on site, i will have to install a new version of FMC. Can i simply just re register the devices to the new version of FMC on customer site or will this cause any sort of conflict or issues for me?
Since they are 2100 series they will be running at least 6.2.1. Recommended would be to just go up to the latest 6.2.2 on both the FMC and the appliances.
When changing from a lab/staging FMC to production you can simply "configure manager remove" / "configure manager add" from the devices.
However when you re-register and deploy policies from the new FMC any existing settings will be overwritten (access control and related polices, platform settings etc.). As long as you're OK with that, it works fine.