Cisco ASA-5555 X with FTD

pankajsingh87 · ‎11-21-2017

Hi,

We are having ASA 5555X single appliance with FTD running 6.2, Now we have to introduce HA standby appliance into the network.

What is the step by step approach to achieve this. Is there any downtime required for this?

Please help.

Thanks.

Bogdan Nita · ‎11-21-2017

It can be done without downtime.

Steps would be:

1. install and configure the FTD on the new ASA

2. configure and activate the failover on the working ASA (should be configured as primary)

3. failover configuration on the new ASA (should be configured as secondary), but no activation

4. cable up the secondary ASA and activate the failover

5. Activate failover on the secondary, at this point it should get the configuration from the primary ASA and if everything is ok it will report as standby ready

Make sure you have the same version on the secondary ASA as the new one.

If your primary ASA is in multi context mode configure the secondary ASA in multi context as well.

The FTD on the secondary ASA will be used only when the secondary ASA will become active.

Marvin Rhoads · ‎11-21-2017

Bogdan - HA for FTD on ASA is not the same as regular ASA HA. HA for FTD can only be setup from Firepower Management Center.

Instructions for doing so can be found here:

https://www.cisco.com/c/en/us/td/docs/security/firepower/622/configuration/guide/fpmc-config-guide-v622/firepower_threat_defense_high_availability.html#task_686C71A99B5C4CA18FC6681F83B23F45