04-17-2017 11:20 PM - edited 03-10-2019 06:49 AM
Hello Experts
Does Cisco FTD image running on 9300 hardware support BFD feature with dynamic routing? Any documents to refer to?
Regards,
Sumanta.
04-18-2017 12:50 AM
It is not configurable through UI on FTD.
However, starting with 6.2 version of FTD you can use FlexConfig to push the BFD configuration on the FTD sensor.
See more on:
http://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/flexconfig_policies.html#task_C7C8FE28A3CF4322A0C342DCA08BC493
04-25-2017 02:51 AM
Hi Claudiu
Thanks, but I was not able to find any reference to BFD. It only talks about Flex config.
04-25-2017 04:26 AM
BFD is a configuration under OSPF and BGP routing on the classic ASA as of release 9.6(2).
http://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/general/asa-96-general-config/intro-intro.html
While Flexconfig does allow one to go "under the covers" of the FTD code to modify bits of the Lina configuration (classic ASA code) that are not yet exposed in the FTD GUIs (FirePOWER Device Manager or FirePOWER Management Center), the feature is constrained. Among the constraints are the blacklisting of certain commands.
Relevant to this thread is the fact that BGP and OSPF/OSPFv3 configuration commands are all blacklisted. This is noted in the following:
http://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/flexconfig_policies.html#reference_ztv_qvw_yx
They did not explicitly include the BFD commands; but I am pretty sure they are excluded as well and their not being included inthe blacklist is a documentation oversight as the feature is brand new to ASA.
04-25-2017 11:48 PM
Hi Marvin
Thanks a lot. What about VRRP/HSRP support?
04-26-2017 06:44 AM
You're welcome.
Definitely no on the HSRP / VRRP.
FTD does not use the same concept as those first hop redundancy protocols to establish itself as a high availability gateway.
It instead uses the built-in HA capability that gives you a virtual IP that floats between the Primary and Secondary units as they become active.
04-26-2017 08:02 AM
Hi Marvin
Thanks a lot.
04-26-2017 08:32 AM
You're welcome. Please rate if the answers helped.
12-22-2017 02:03 AM
Hello,
I have the same probleme and i need to know if you configured you BFD on Flexconfiguration, if yes, can you please tell how you did it?
Best regards.
M. BELKAS
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide