Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
656
Views
0
Helpful
1
Replies

Custer FireSIGHT

audiel.santiago
Level 1
Level 1

‎12-17-2015 11:37 PM - edited ‎03-10-2019 06:31 AM

I have two ASAs 8525-X high availability configure Active/Standby and I add new deployment with two Managed Device 3D8140.

¿What is the best design for have high availability in Firewall ASA and FireSight?

FireSight works in inline mode, I want configure individual device in a cluster with high availability link interface


¿What could happen with the ASA when failover occurs in the IPS?
Does change the secondary ASA to active state?

Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎12-18-2015 05:54 AM

The ASA 5585-X high availability cluster will have no awareness of the failover event or failover state of the inline 3D8140 unless their failover causes a monitored interface link to go down on one of the ASAs.

If the 3D8140 is configured per best practice to fail-open on the network module's inline interface, this will never happen.

A true highest availability design would have interfaces from each ASA going to both inline IPS appliances. They could be in an Etherchannel or configured as redundant interfaces, depending on your throughput requirements and number of available interfaces.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card