Re: FTD

amaresh_22jan · ‎08-12-2019

Hi All,

Attached is the diagram for the refence,

Diagaram is as follows

Two router - One each router one ISP link is terminated , Each ISP has provided 8 public IP which is required from design and Natting prospective.

Two FTD firewall- For Natting , Site to site VPN config , IPS configuration etc

Two WAN switch (Stackable) - For design purpose - Connecting Routers , Firewall .

TWO ASA firewall- Design only for Remote access VPN.(VPN ConcentaratoR)

Two core switch-connecting FTD

The main objective is to obatin redudancy on each level. --- Router , FTD , WAN Switch , ASA , coreswitch

Also I would like to know whether the FTD needs to be clusted or Configured in Active/Standby.

Kindly Note - Natting for the LAN tarffic needs to be configured on FTD. , If the Primary Router/Link goes down then the Public IP from secoundary IP needs to be utilised for Natting purpose..

Kindly suggest design with config .

balaji.bandi · ‎08-12-2019

We are not have information what model of FTD you going to deploy. Hope both FTD will in same location.

here is the refernce and best use cases :

https://www.ciscolive.com/c/dam/r/ciscolive/latam/docs/2017/pdf/BRKSEC-2050.pdf

https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/clustering/ftd-cluster-solution.html

https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/firepower_threat_defense_high_availability.pdf

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

amaresh_22jan · ‎08-12-2019

FTD 2210, It wil be in same location. Whether suggested design will work keeping FTD in cluster mode and ensuring the high vaiability as mentioned

balaji.bandi · ‎08-12-2019

High level your design should work. let us know any further asistance required, follow HA guide lines as per previous post.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help