Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1776
Views
10
Helpful
5
Replies

ASA 5516 Standby Active and Firepower(Virtual)

Go to solution
mape18
Level 1
Level 1

‎12-07-2020 06:56 AM

Hi

I have one Asa 5516 up and running with Firepower Services (the firepower is a virtual server). I´m going to install an other Asa so they are in failover Active Standby and  don´t really know how to manage Firepower. i hope somebody can help me, thanks in forward!

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎12-07-2020 07:00 AM

Firepower module can be manage with ASDM with Limited, but if you like to manage fully then FMC is good option.

 

If you bringing other device of ASA making HA, you should have same like a like hardware for to build HA if you like both ASA and FP to be HA .

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎12-07-2020 11:28 PM

If the new ASA / FP going to be standby, you need to basic config add master so  primary will sync all to secondary in HA environment.

 

ASA  need to configure as per below document :

 

https://www.petenetlive.com/KB/Article/0000048

 

FP you need to configure management interface and register with FMC then do HA between FP Service module.

 

Note: always take the configuration and backup out of the box, Make sure no changes while making HA, or making FP HA

 

always do in a maintenance window, to avoid business continuity.

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful
5 Replies 5

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎12-07-2020 07:00 AM

Firepower module can be manage with ASDM with Limited, but if you like to manage fully then FMC is good option.

 

If you bringing other device of ASA making HA, you should have same like a like hardware for to build HA if you like both ASA and FP to be HA .

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
mape18
Level 1
Level 1
In response to balaji.bandi

‎12-07-2020 11:14 PM

Thanks for the answer. Well it is FMC we have. So what i have to do is to install firepower on the new Asa with connection to the FMC

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎12-07-2020 11:28 PM

If the new ASA / FP going to be standby, you need to basic config add master so  primary will sync all to secondary in HA environment.

 

ASA  need to configure as per below document :

 

https://www.petenetlive.com/KB/Article/0000048

 

FP you need to configure management interface and register with FMC then do HA between FP Service module.

 

Note: always take the configuration and backup out of the box, Make sure no changes while making HA, or making FP HA

 

always do in a maintenance window, to avoid business continuity.

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
mape18
Level 1
Level 1
In response to balaji.bandi

‎12-08-2020 12:17 AM

Yes, the new Asa will be Standby, thanks for the details in your reply!

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to balaji.bandi

‎12-08-2020 12:23 AM

The ASAs take care of all the HA bits.

The Firepower service modules will not be HA per se. They can be managed as a group from FMC (apply same policies) but they don't fail over (i.e., active-standby roles) on their own. Each Firepower service module runs independently and has no awareness of the other one.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card