Re: Cisco FTDs that need to match

kondeye · ‎06-01-2024

Using Cisco fmc 7.4 in HA (1 at each site), with total 4 ftds, 2 HA at each different sites that were not kept up to date with deployments. I need the back up FTD to match the primary FTD. Is there an easy way to make this happen? They can't be HA since when 1 goes down our traffic will go out the other with different routes, different public ip and VPN tunnels. If I could have this happen in HA and the contractor that set this up didn't this could happen that would be great as well. Could save us when we upgrade our ftds 2120s next year.

https://tutuapp.uno/

balaji.bandi · ‎06-01-2024

Is there an easy way to make this happen?

Hope they are not HA (if HA you need to break ) and manually upgrade as Primary FTD and join the HA that is the only option you have.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

smithjohns40 · ‎06-01-2024

It seems like you're referring to Service Control Orders (SCOs) for FTDs (Field Test Devices) that need to match. Can you provide more context or specify what information or assistance you're looking for regarding this?

Marvin Rhoads · ‎06-01-2024

If the HA pair at Site A and the HA pair at Site B can have the same Access Control Policy and NAT Policy then you can just add Site B pair as targets for those policies.

If the zones and subnets are different though, it is more complicated and will require a fair amount of manual setup and work to keep them current.