cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
224
Views
5
Helpful
2
Replies

Can I connect Palo alto Firewall with Firepower NG IPS?

raymondluis13
Beginner
Beginner

Untitled.png

 

So i have a network with topology that look like that. My palo alto firewalls are layer 3 device and in active-passive mode, while my Firepower NG-IPS are Layer 2 devices or transparent mode and in active-active mode. There's a scenario where lets say an A Palo alto Firewall is in Active mode, but A Firepower NG-IPS have some problems and fail to operate. Right now, is this scenario happen, i have to manually switch B Palo Alto Firewall to be an active firewall. I want to ask, is there a way to connect Palo alto firewall and Firepower NG-IPS status. So lets say 1 Firepower NG-IPS fail, then the Palo Alto Firewall can automatically switch to the Firewall that has active Firepower NG-IPS. Thank you

RL
2 Replies 2

Divya Jain
Cisco Employee
Cisco Employee

Hello @raymondluis13 
Suggestions from my end :
1. Can the Palo Alto firewall not monitor the Link connecting it to NGIPS? Maybe make use of some script to do so that in case it detectes Peer not responding, Firewall can do a failover to Firewall 2.
2. Check if you can make use of API's for monitoring the NGIPS status and accordingly failover the firewall?

-----------------------------------------
If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.


You can also learn more about Secure Firewall (formerly known as NGFW) through our live Ask the Experts (ATXs) session. Check out Cisco Network Security ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-network-security-ask-the-experts-resources/ta-p/4416493] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
-----------------------------------------

Regards
Divya Jain

Hello DIvya, thanks for the response. The problem is my team only handle Firepower, the Palo Alto Firewall are handle by the other team, so i dont have any authority to configure the Palo Alto Firewall. I want to know is there a way or setting so the Firepower can be the one that monitor the Palo Alto Firewall? or maybe there an API that Firepower can use to monitor the firewall. Thank you Divya

RL
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers