Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2061
Views
0
Helpful
1
Replies

Cisco Firepower FTD 1010 High Availability Active and Standby

Go to solution
HaniAbuelkhair39121
Level 1
Level 1

‎08-31-2021 06:13 AM

HI,

I have Cisco Firepower FTD 1010, and due to the fact that we need high available network, i have question if i can order another FTD 1010, and configure both devises with High Availability Active and Standby.

Now i have one FTD1010 connected to 3 Cisco SG350.

Can i do a high availability Active and standby ?

Any information or from experience knowledge, or documentation will be appreciated 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Sheraz.Salim
VIP
VIP

‎08-31-2021 06:48 AM - edited ‎08-31-2021 07:05 AM

Hi

From my experience i did a similar thing with FTD 2100 managed from FMC. If you doing from FMC make sure your in service firewall stay (make its as primary firewall) when doing a HA configure (From FMC GUI). I am sure the method for FTD2100 and 1010 is same.

 

the reason saying keep the in service production as Primary as the Primary will push the configuration to Secondary firewall via FMC. make sure your layer 2 (VLAN) are solid and configured on both sides of DC

 

make sure you have license for HA pair. here i get from cisco web here 

Smart License Requirements for HA

The following license requirements must be met for both physical and virtual FTDs:

  • Both devices in an HA pair must have either a registered license, or an evaluation license. If the devices are registered, they can be registered to different Cisco Smart Software Manager accounts, but the accounts must have the same state for the export-controlled functionality setting, either both enabled or both disabled. However, it does not matter if you have enabled different optional licenses on the devices.
  • Both devices within the HA pair must have the same licenses during operation. It is possible to be in compliance on one device, but out of compliance on the other if there are insufficient licenses. If your Smart Licenses account does not include enough purchased entitlements, your account becomes Out-of-Compliance (even though one of the devices may be compliant) until you purchase the correct number of licenses.
please do not forget to rate.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Sheraz.Salim
VIP
VIP

‎08-31-2021 06:48 AM - edited ‎08-31-2021 07:05 AM

Hi

From my experience i did a similar thing with FTD 2100 managed from FMC. If you doing from FMC make sure your in service firewall stay (make its as primary firewall) when doing a HA configure (From FMC GUI). I am sure the method for FTD2100 and 1010 is same.

 

the reason saying keep the in service production as Primary as the Primary will push the configuration to Secondary firewall via FMC. make sure your layer 2 (VLAN) are solid and configured on both sides of DC

 

make sure you have license for HA pair. here i get from cisco web here 

Smart License Requirements for HA

The following license requirements must be met for both physical and virtual FTDs:

  • Both devices in an HA pair must have either a registered license, or an evaluation license. If the devices are registered, they can be registered to different Cisco Smart Software Manager accounts, but the accounts must have the same state for the export-controlled functionality setting, either both enabled or both disabled. However, it does not matter if you have enabled different optional licenses on the devices.
  • Both devices within the HA pair must have the same licenses during operation. It is possible to be in compliance on one device, but out of compliance on the other if there are insufficient licenses. If your Smart Licenses account does not include enough purchased entitlements, your account becomes Out-of-Compliance (even though one of the devices may be compliant) until you purchase the correct number of licenses.
please do not forget to rate.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card