cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9873
Views
10
Helpful
9
Replies

FTD with FDM Dual ISP Failover

shehrozceh
Level 1
Level 1

I'm using ASA 5506X with FTD and i'm managing the ASA with FDM i'm not using FMC to manage my ASA. I want to configure failover between two ISP through Firepower Device Manager (FDM) but i'm unable to see any option to track the interface for going down like we can configure the rest stuff using ASDM with IP SLA track object etc etc, But in FDM i can't see any of these option.

 

Please suggest how to configure failover for dual ISP using FDM.

I have 6.2.0 version of ASA FTD.

Or any document for CLI to configure the requirement please share.

 

Thank you all

9 Replies 9

Ajay Saini
Level 7
Level 7

Hello,

 

The dual ISP config requires reusable object called 'sla monitor' and then this needs to be called under interface. If these options are not available in FDM (which is likely), then it is recommended to install and use FMC. Either ways, the flex config related config can only be done in FMC and is a better and efficient way to manager ASA running FTD.

 

https://community.cisco.com/t5/firewalls/ftd-vs-fmc/td-p/3017936

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/reusable_objects.html#task_F02660A479A14815A29083B8862266B1

 

 

 

HTH
AJ

Marvin Rhoads
Hall of Fame
Hall of Fame

You might also wait until Firepower release 6.3. It should be out soon (October-ish) and will include a large number of enhancements in the things you can do with FDM.

Thank you for your response, so i cannot configure isp failover or load balance with FTD 6.2 ? 

@Marvin Rhoads

 

is 6.3 still on the table for october? 

Please remember to rate useful posts, by clicking on the stars below.

Hi, i have the same issue with ASA 5508-x with FDM. I have upgraded to 6.3 but still there is no option to configure this. Also i cant configure two 0/0 routes with different outside interfaces and different metrics.

Hi, you must have FMC to configure these requirements right now, But cisco have a plan in future to integrate these features with FDM.

Hello guys,

do you know if its already supported having dual ISP failover on a FTD firewall managed with FDM?, or at least in roadmap?

I believe its a basic feature for many customers.

Thanks in advance

Marvin Rhoads
Hall of Fame
Hall of Fame

SLA Monitor (including using it with route tracking for the dual ISP failover use case) will be configurable via the Firepower Device Manager (FDM) on-box manager GUI in version 6.7. Expect it to be released within the next month.

FDM 6.7 SLA Monitor.PNG

 

How does all this apply to PAT? The FTD device will let you configure only one (1) PAT per source network. How can you duplicate that to another interface as a backup?

Actually, I may have figured that out. Add a new Manual-NAT, but set it to Dynamic.

RFC 1925
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: