cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1325
Views
5
Helpful
2
Replies

Configure firewall to allow communication between FMC HA across two data centers

1s.bancha
Level 5
Level 5

I would like to deploy FMC HA across two data centers.

 

There are two data centers. Each data center has
- 1 FMC
- 1 pair of FTD HA

 

Note that please find the attached network diagram.

 

Because there are existing firewalls in between two data centers,
does anyone know the specific list of ports required to configure the existing firewall to allow communication between FMC-FMC and FMC-FTD across two data centers?

 

Thank you in advance.
Bancha

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

For FMC-FMC HA nodes and for FMC-FTD you must allow tcp/8305. Both ends act as initiator for various functions so it must be allowed to source from both ends.

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/security__internet_access__and_communication_ports.html#ID-2202-000000dc

View solution in original post

2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

For FMC-FMC HA nodes and for FMC-FTD you must allow tcp/8305. Both ends act as initiator for various functions so it must be allowed to source from both ends.

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/security__internet_access__and_communication_ports.html#ID-2202-000000dc

Hi Marvin Rhoads,

 

Thanks so much for your prompt answer and the document.

 

Bancha

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: