cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


1297
Views
10
Helpful
4
Replies
Beginner

Firepower 2100 HA differences Active/Active vs Active/Passive

I'm about to implement two Firepower 2100 on my company.  I would like to know about the differences about HA Schemes, Is there any services that can work differently on each scheme? which one is the most recommended and why?

4 REPLIES 4
Enthusiast

Re: Firepower 2100 HA differences Active/Active vs Active/Passive

Hi jfigueroa8,

In general I don't see necessity to use Active/Active.
Active/Standby works pretty well, and it is simpler to implement/operate.

Beginner

Re: Firepower 2100 HA differences Active/Active vs Active/Passive

Hey ¿whats about the IPS licences? ¿We need to buy two licences (one for each 2100) or only one for the active device?

 

Thanks a lot

Enthusiast

Re: Firepower 2100 HA differences Active/Active vs Active/Passive

From IPS point of view both are active (ready to forward traffic), so you will need two licenses independently of your deploy (active/active, active/standby).

 

I hope Cisco change it soon... but for now you need two licenses.

Highlighted
Hall of Fame Master

Re: Firepower 2100 HA differences Active/Active vs Active/Passive

The Firepower appliances running FTD there is no Active/Active HA per se since that was a construct from ASA software that relied on multiple contexts. Straight HA on FTD uses an Active/Standby scheme.

 

You can run a 2-unit cluster which is sort of like Active-Active but very few customers bother to do that.

 

In any case, separate licenses (IPS subscription, URL Filtering and or Malware (AMP)) are required for each physical appliance.