Solved: Cisco Firepower HA Pair

PaulPatterson99634 · ‎03-31-2021

I currently have two Firepower 2110 devices that I want to use for an HA pair. However, I have one Public IP for the outside interface. Is there a way that I can still set these devices up as an HA pair, similar to the ASA, if I run them through a switch with one Public IP?

Rob Ingram · ‎03-31-2021

Hi @PaulPatterson99634

Yes you can still setup failover HA with only 1 IP address on the outside interface.

"Although recommended, the standby address is not required. Without a standby IP address, the active unit cannot perform network tests to check the standby interface health; it can only track the link state. You also cannot connect to the standby unit on that interface for management purposes"

Reference:-

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/high_availability_for_firepower_threat_defense.html#ID-2107-000000a8

View solution in original post

Rob Ingram · ‎03-31-2021

Hi @PaulPatterson99634

Yes you can still setup failover HA with only 1 IP address on the outside interface.

"Although recommended, the standby address is not required. Without a standby IP address, the active unit cannot perform network tests to check the standby interface health; it can only track the link state. You also cannot connect to the standby unit on that interface for management purposes"

Reference:-

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/high_availability_for_firepower_threat_defense.html#ID-2107-000000a8