I am in the process of adding some new vlans to our network. I know on my switches I can add the new vlans to the port channels and not have an issue with the channel dropping. Is this the same for the Firepower firewalls. I am using two 1140s in HA managed by FMC. I don't have a way to test this without scheduling an outage which I would prefer not to if it isn't necessary. If the firewalls behave like the switches I can add the new vlan to the port channel at each end without disrupting traffic. I would just like to verify that is the case.
Solved! Go to Solution.
can you share logical diagram how devices are connected. if your VLANs using FW as default gateway point, you can add new VLAN interface to FW inside interface (or any interface where network is terminating). if your firewall have port channel and using that as a gateway to VLANs, you can add new VLAN interfaces to portchanel.
I know I can add the vlan to the port channel. That isn't the issue. I just want to make sure that when I add the new vlan it is not going to force the port channel to reconverge and I will lose traffic on that channel while it is doing it. I know I can do it on my switches but I haven't done it on my firewalls yet.