Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1746
Views
5
Helpful
4
Replies

connect new FTD for HA pair with a prodcutive FTD

Go to solution
QW_netzwerk
Level 1
Level 1

‎09-08-2020 09:28 AM

Hello,

 

is it possible to connect a new FTD to join as HA pair with a productive FTD? As far as I have seen for HA pair the both FTD should have no interface configuration before HA configuration.

 

regards

Saimun

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ruben Cocheno
Spotlight
Spotlight

‎09-08-2020 05:05 PM

@QW_netzwerk 

 

You just need to run the wizard on the FMC saying the you adding an HA pair, and you need to select which is the primary and secondary nodes. The secondary node only need to have the managed interface up and reachable from the FMC. After you select both nodes, FMC will convert the two firewalls in a HA pair.

 

Expect some service disruption while you doing this.

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/

View solution in original post

4 Replies 4

Go to solution
Rob Ingram
VIP
VIP

‎09-08-2020 11:04 AM

Hi,

No you don't need to have both FTD's without configuration. When you create the HA pair, select the existing production FTD as the Active unit and the new FTD as the secondary. The existing configuration from the production FTD will be used for the HA configuration.

 

HTH

0 Helpful

Go to solution
gilbert.aispuro1
Level 1
Level 1

‎09-08-2020 03:31 PM

I can attest to what Rob says. I had a single FP 2110 with a full config that was in production for two months before adding another for HA. I had no issue what so ever. 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎09-08-2020 03:53 PM - edited ‎09-08-2020 03:53 PM

Required basic configuration done on the new FTD before joining to HA (physical connection to be ready)

 

Good document :

 

https://docs.defenseorchestrator.com/Configuration_Guides/Firepower_Threat_Defense_High_Availability/0010_Firepower_Threat_Defense_High_Availability_Pair_Requirements

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Ruben Cocheno
Spotlight
Spotlight

‎09-08-2020 05:05 PM

@QW_netzwerk 

 

You just need to run the wizard on the FMC saying the you adding an HA pair, and you need to select which is the primary and secondary nodes. The secondary node only need to have the managed interface up and reachable from the FMC. After you select both nodes, FMC will convert the two firewalls in a HA pair.

 

Expect some service disruption while you doing this.

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card