cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

455
Views
5
Helpful
2
Replies
Highlighted
Contributor

Configure firewall to allow communication between FMC HA across two data centers

I would like to deploy FMC HA across two data centers.

 

There are two data centers. Each data center has
- 1 FMC
- 1 pair of FTD HA

 

Note that please find the attached network diagram.

 

Because there are existing firewalls in between two data centers,
does anyone know the specific list of ports required to configure the existing firewall to allow communication between FMC-FMC and FMC-FTD across two data centers?

 

Thank you in advance.
Bancha

Everyone's tags (6)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Hall of Fame Guru

Re: Configure firewall to allow communication between FMC HA across two data centers

For FMC-FMC HA nodes and for FMC-FTD you must allow tcp/8305. Both ends act as initiator for various functions so it must be allowed to source from both ends.

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/security__internet_access__and_communication_ports.html#ID-2202-000000dc

View solution in original post

2 REPLIES 2
Highlighted
Hall of Fame Guru

Re: Configure firewall to allow communication between FMC HA across two data centers

For FMC-FMC HA nodes and for FMC-FTD you must allow tcp/8305. Both ends act as initiator for various functions so it must be allowed to source from both ends.

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/security__internet_access__and_communication_ports.html#ID-2202-000000dc

View solution in original post

Highlighted
Contributor

Re: Configure firewall to allow communication between FMC HA across two data centers

Hi Marvin Rhoads,

 

Thanks so much for your prompt answer and the document.

 

Bancha