Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2259
Views
0
Helpful
3
Replies

FTD

amaresh_22jan
Frequent Visitor
Frequent Visitor

‎08-12-2019 11:34 AM

Hi All,

 

Attached is the diagram for the refence,

 

 

 

Diagaram is as follows

 

Two router - One each router one ISP link is terminated , Each ISP has provided 8 public IP which is required from design and Natting prospective.

 

Two FTD firewall- For Natting , Site to site VPN config , IPS  configuration etc

 

Two WAN switch (Stackable) - For design purpose - Connecting Routers , Firewall .

 

TWO ASA firewall- Design only for Remote access VPN.(VPN ConcentaratoR)

Two core switch-connecting FTD

 

 

The main objective is to obatin redudancy on each level. --- Router , FTD , WAN Switch , ASA , coreswitch

 

Also I would like to know whether the FTD  needs to be clusted or Configured in Active/Standby. 

 

Kindly Note - Natting  for the LAN tarffic needs to be configured on FTD. , If the Primary Router/Link goes down then the Public IP from secoundary IP needs to be utilised for Natting purpose..

 

Kindly suggest design with config .

 

 

 

 

 

 

 

Labels:
Preview file
5310 KB
0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎08-12-2019 12:02 PM

We are not have information what model of FTD you going to deploy. Hope both FTD will in same location.

 

here is the refernce and best use cases :

 

https://www.ciscolive.com/c/dam/r/ciscolive/latam/docs/2017/pdf/BRKSEC-2050.pdf

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/clustering/ftd-cluster-solution.html

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/firepower_threat_defense_high_availability.pdf

 

 

BB

=====️ Preenayamo Vasudevam ️=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

amaresh_22jan
Frequent Visitor
Frequent Visitor
In response to balaji.bandi

‎08-12-2019 08:54 PM

FTD 2210, It wil be in same location. Whether suggested design will work keeping FTD in cluster mode and ensuring the high vaiability as mentioned
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to amaresh_22jan

‎08-12-2019 10:46 PM

High level your design should work. let us know any further asistance required, follow HA guide lines as per previous post.

 

BB

=====️ Preenayamo Vasudevam ️=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents