cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1473
Views
5
Helpful
4
Replies

connect new FTD for HA pair with a prodcutive FTD

QW_netzwerk
Beginner
Beginner

Hello,

 

is it possible to connect a new FTD to join as HA pair with a productive FTD? As far as I have seen for HA pair the both FTD should have no interface configuration before HA configuration.

 

regards

Saimun

1 Accepted Solution

Accepted Solutions

Ruben Cocheno
Enthusiast
Enthusiast

@QW_netzwerk 

 

You just need to run the wizard on the FMC saying the you adding an HA pair, and you need to select which is the primary and secondary nodes. The secondary node only need to have the managed interface up and reachable from the FMC. After you select both nodes, FMC will convert the two firewalls in a HA pair.

 

Expect some service disruption while you doing this.

Please mark it helpfull if it was the case, and i have this problem too. Double touchdown is amazing. Thanks to make Engineering easy.

View solution in original post

4 Replies 4

Rob Ingram
VIP Expert VIP Expert
VIP Expert

Hi,

No you don't need to have both FTD's without configuration. When you create the HA pair, select the existing production FTD as the Active unit and the new FTD as the secondary. The existing configuration from the production FTD will be used for the HA configuration.

 

HTH

gilbert.aispuro1
Beginner
Beginner

I can attest to what Rob says. I had a single FP 2110 with a full config that was in production for two months before adding another for HA. I had no issue what so ever. 

balaji.bandi
VIP Community Legend VIP Community Legend
VIP Community Legend

Required basic configuration done on the new FTD before joining to HA (physical connection to be ready)

 

Good document :

 

https://docs.defenseorchestrator.com/Configuration_Guides/Firepower_Threat_Defense_High_Availability/0010_Firepower_Threat_Defense_High_Availability_Pair_Requirements

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Ruben Cocheno
Enthusiast
Enthusiast

@QW_netzwerk 

 

You just need to run the wizard on the FMC saying the you adding an HA pair, and you need to select which is the primary and secondary nodes. The secondary node only need to have the managed interface up and reachable from the FMC. After you select both nodes, FMC will convert the two firewalls in a HA pair.

 

Expect some service disruption while you doing this.

Please mark it helpfull if it was the case, and i have this problem too. Double touchdown is amazing. Thanks to make Engineering easy.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: