cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


1057
Views
10
Helpful
4
Replies
Beginner

Firepower 2100 HA differences Active/Active vs Active/Passive

I'm about to implement two Firepower 2100 on my company.  I would like to know about the differences about HA Schemes, Is there any services that can work differently on each scheme? which one is the most recommended and why?

4 REPLIES
Enthusiast

Re: Firepower 2100 HA differences Active/Active vs Active/Passive

Hi jfigueroa8,

In general I don't see necessity to use Active/Active.
Active/Standby works pretty well, and it is simpler to implement/operate.

Beginner

Re: Firepower 2100 HA differences Active/Active vs Active/Passive

Hey ¿whats about the IPS licences? ¿We need to buy two licences (one for each 2100) or only one for the active device?

 

Thanks a lot

Enthusiast

Re: Firepower 2100 HA differences Active/Active vs Active/Passive

From IPS point of view both are active (ready to forward traffic), so you will need two licenses independently of your deploy (active/active, active/standby).

 

I hope Cisco change it soon... but for now you need two licenses.

Highlighted
Hall of Fame Master

Re: Firepower 2100 HA differences Active/Active vs Active/Passive

The Firepower appliances running FTD there is no Active/Active HA per se since that was a construct from ASA software that relied on multiple contexts. Straight HA on FTD uses an Active/Standby scheme.

 

You can run a 2-unit cluster which is sort of like Active-Active but very few customers bother to do that.

 

In any case, separate licenses (IPS subscription, URL Filtering and or Malware (AMP)) are required for each physical appliance.

CreatePlease to create content
Blog-New Labels