I'm about to implement two Firepower 2100 on my company. I would like to know about the differences about HA Schemes, Is there any services that can work differently on each scheme? which one is the most recommended and why?
In general I don't see necessity to use Active/Active.
Active/Standby works pretty well, and it is simpler to implement/operate.
Hey ¿whats about the IPS licences? ¿We need to buy two licences (one for each 2100) or only one for the active device?
Thanks a lot
From IPS point of view both are active (ready to forward traffic), so you will need two licenses independently of your deploy (active/active, active/standby).
I hope Cisco change it soon... but for now you need two licenses.
The Firepower appliances running FTD there is no Active/Active HA per se since that was a construct from ASA software that relied on multiple contexts. Straight HA on FTD uses an Active/Standby scheme.
You can run a 2-unit cluster which is sort of like Active-Active but very few customers bother to do that.
In any case, separate licenses (IPS subscription, URL Filtering and or Malware (AMP)) are required for each physical appliance.
How can you configure this?
'You can run a 2-unit cluster which is sort of like Active-Active but very few customers bother to do that.' Is this supported on the 2100?
Clustering for FTD is currently (as of release 6.4) only supported on the 4100 and 9300 series appliances.