Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
902
Views
0
Helpful
2
Replies

Cisco NGFW 4100 Cluster with Active/Active setup

dngore
Cisco Employee
Cisco Employee

‎04-01-2019 04:54 AM

Hi Expert,

Customer is looking for Active/Active deployment for NGFW 4100. The solution is to use firewalls in cluster setup and make A/A by using Etherchannel load balancing scheme.

 

Queries are:

1. Can it be deployed for two firewalls setup?

2. Will Master unit entertain user traffic?

3. Any issues/limitation for cluster in two firewall deployment?

 

Kindly share your thoughts on same.

 

Labels:
0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎04-01-2019 06:10 AM

You can not have Active/Active with single context. Active/Active only with Multi Context

 

here is single context Master / Slave

 

Multi-context

context A  Primary / Other until slave

context B  Salve / Other untl is Active.

 

here is the design guide

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/firepower_threat_defense_cluster_for_the_fxos_chassis.html#concept_491990D3D9574F4DA5B15BA191E9D60E

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

dngore
Cisco Employee
Cisco Employee
In response to balaji.bandi

‎04-01-2019 08:57 AM

Hi,
As per my understanding, FP4100/9300 supports Active/Active in cluster deployment. Active/Active is achieved by etherchannel load balancing algorithm : src-dst-IP or src-dst-ip-port.

Here is the link:
https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/firepower_threat_defense_cluster_for_the_fxos_chassis.html#concept_b1f_35n_sz

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card