Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
580
Views
5
Helpful
2
Replies

Can I connect Palo alto Firewall with Firepower NG IPS?

raymondluis13
Level 1
Level 1

‎10-04-2022 07:50 PM - edited ‎10-04-2022 07:53 PM

Untitled.png

 

So i have a network with topology that look like that. My palo alto firewalls are layer 3 device and in active-passive mode, while my Firepower NG-IPS are Layer 2 devices or transparent mode and in active-active mode. There's a scenario where lets say an A Palo alto Firewall is in Active mode, but A Firepower NG-IPS have some problems and fail to operate. Right now, is this scenario happen, i have to manually switch B Palo Alto Firewall to be an active firewall. I want to ask, is there a way to connect Palo alto firewall and Firepower NG-IPS status. So lets say 1 Firepower NG-IPS fail, then the Palo Alto Firewall can automatically switch to the Firewall that has active Firepower NG-IPS. Thank you

RL
0 Helpful
2 Replies 2

Divya Jain
Cisco Employee
Cisco Employee

‎10-21-2022 03:39 AM

Hello @raymondluis13 
Suggestions from my end :
1. Can the Palo Alto firewall not monitor the Link connecting it to NGIPS? Maybe make use of some script to do so that in case it detectes Peer not responding, Firewall can do a failover to Firewall 2.
2. Check if you can make use of API's for monitoring the NGIPS status and accordingly failover the firewall?

-----------------------------------------
If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.


You can also learn more about Secure Firewall (formerly known as NGFW) through our live Ask the Experts (ATXs) session. Check out Cisco Network Security ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-network-security-ask-the-experts-resources/ta-p/4416493] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
-----------------------------------------

Regards
Divya Jain

raymondluis13
Level 1
Level 1
In response to Divya Jain

‎10-23-2022 06:57 PM

Hello DIvya, thanks for the response. The problem is my team only handle Firepower, the Palo Alto Firewall are handle by the other team, so i dont have any authority to configure the Palo Alto Firewall. I want to know is there a way or setting so the Firepower can be the one that monitor the Palo Alto Firewall? or maybe there an API that Firepower can use to monitor the firewall. Thank you Divya

RL
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card