cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
21745
Views
72
Helpful
18
Replies

Firepower 2100 HA differences Active/Active vs Active/Passive

jfigueroa8
Level 1
Level 1

I'm about to implement two Firepower 2100 on my company.  I would like to know about the differences about HA Schemes, Is there any services that can work differently on each scheme? which one is the most recommended and why?

18 Replies 18

andre.ortega
Spotlight
Spotlight

Hi jfigueroa8,

In general I don't see necessity to use Active/Active.
Active/Standby works pretty well, and it is simpler to implement/operate.

Hey ¿whats about the IPS licences? ¿We need to buy two licences (one for each 2100) or only one for the active device?

 

Thanks a lot

From IPS point of view both are active (ready to forward traffic), so you will need two licenses independently of your deploy (active/active, active/standby).

 

I hope Cisco change it soon... but for now you need two licenses.

No solution till now. So in Active/Standy on FPR2120 and I have to buy 2 TAMC licences.

I am sorry, for that purpose there is a demand to have active/active or to by second HA lic. for nothing.

That is a solution.

Marvin Rhoads
Hall of Fame
Hall of Fame

The Firepower appliances running FTD there is no Active/Active HA per se since that was a construct from ASA software that relied on multiple contexts. Straight HA on FTD uses an Active/Standby scheme.

 

You can run a 2-unit cluster which is sort of like Active-Active but very few customers bother to do that.

 

In any case, separate licenses (IPS subscription, URL Filtering and or Malware (AMP)) are required for each physical appliance.

Hi Marvin,

 

How can you configure this?

 

'You can run a 2-unit cluster which is sort of like Active-Active but very few customers bother to do that.' Is this supported on the 2100?

 

Thanks

 

Osman

So is there currently no way to have an active/active set up with FTD?

This is not currently possible if you have 2100 series appliances.

Hi, is it still the case that 2130 FTD does not support active/active scenario?

It does not. (And there are no near term plans to change that.)

Thanks for your help Marvin

Pleease what does 2-unit cluster means? how to achieving 2-unit clustering? Please any link may refer to 2-unit clustering. 

Thank you for your advise. 

@jiami A link was already provided earlier in this thread.

Version 7.2 has added clustering for the new 3100 series but is otherwise very similar to what was described for 6.4. Reference:

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/720/management-center-device-config-72/device-ops-cluster-sec-fw-3100.html

Review Cisco Networking for a $25 gift card