09-22-2018 04:38 AM - edited 02-21-2020 08:16 AM
I'm using ASA 5506X with FTD and i'm managing the ASA with FDM i'm not using FMC to manage my ASA. I want to configure failover between two ISP through Firepower Device Manager (FDM) but i'm unable to see any option to track the interface for going down like we can configure the rest stuff using ASDM with IP SLA track object etc etc, But in FDM i can't see any of these option.
Please suggest how to configure failover for dual ISP using FDM.
I have 6.2.0 version of ASA FTD.
Or any document for CLI to configure the requirement please share.
Thank you all
09-22-2018 11:34 PM
Hello,
The dual ISP config requires reusable object called 'sla monitor' and then this needs to be called under interface. If these options are not available in FDM (which is likely), then it is recommended to install and use FMC. Either ways, the flex config related config can only be done in FMC and is a better and efficient way to manager ASA running FTD.
https://community.cisco.com/t5/firewalls/ftd-vs-fmc/td-p/3017936
HTH
AJ
09-23-2018 06:10 AM
You might also wait until Firepower release 6.3. It should be out soon (October-ish) and will include a large number of enhancements in the things you can do with FDM.
09-30-2018 10:27 PM
Thank you for your response, so i cannot configure isp failover or load balance with FTD 6.2 ?
09-30-2018 11:31 PM
is 6.3 still on the table for october?
04-02-2019 12:59 AM - edited 04-02-2019 02:25 AM
Hi, i have the same issue with ASA 5508-x with FDM. I have upgraded to 6.3 but still there is no option to configure this. Also i cant configure two 0/0 routes with different outside interfaces and different metrics.
04-04-2019 12:15 PM
Hi, you must have FMC to configure these requirements right now, But cisco have a plan in future to integrate these features with FDM.
10-16-2020 07:47 AM
Hello guys,
do you know if its already supported having dual ISP failover on a FTD firewall managed with FDM?, or at least in roadmap?
I believe its a basic feature for many customers.
Thanks in advance
10-16-2020 08:41 PM
SLA Monitor (including using it with route tracking for the dual ISP failover use case) will be configurable via the Firepower Device Manager (FDM) on-box manager GUI in version 6.7. Expect it to be released within the next month.
06-14-2022 07:02 AM - edited 06-14-2022 07:09 AM
How does all this apply to PAT? The FTD device will let you configure only one (1) PAT per source network. How can you duplicate that to another interface as a backup?
Actually, I may have figured that out. Add a new Manual-NAT, but set it to Dynamic.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: