cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1063
Views
10
Helpful
2
Replies

Firepower 4410 FTD image Feature

I have some question about a feature on firepower 4100 series (with FTD image)

  • what's mode of failover support on firepower 4410 (with FTD image)? and is It need another things (like a firepower management center or anythings) to configure failover?
  • about VPN. what type of vpn that FTD image supported? and is It has any client software?
  • I'm confused between FTD and ASA image.if I use FTD image.It's all of a new things, right? I will never seen a ASA CLI in FTD image or It's still a ASA CLI also.
2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

FirePOWER 4110 with FTD image requires you to use FirePOWER Management Center (FMC) to manage it. That applies whether you are talking about a single device or multiple devices. (For ASA hardware running FTD you can alternatively use the on-box FirePOWER Device Manager or FDM but it has limited functionality and only recommended for single device deployments. Some features cannot be setup at all using FDM.)

High availability will supported via inter-chassis clustering in FTD 6.2 (look for it soon). As of the current FTD 6.1, we only support intra-chassis clustering (e.g. between security modules on the same chassis) on the FirePOWER 9300 chassis.

Remote access VPN of any kind is not currently supported on FTD. It will not be in FTD 6.2 either but we hope to see it coming soon in a subsequent release. Currently FTD supports only site-site IPsec IKEv1 VPN.

The cli on FTD is a whole new construct. You do not ever configure the data plane via cli. It can be used for initial setup of the management plane and some troubleshooting / diagnostic fucntions.

There is an ASA cli under the covers but you cannot "conf t" from it. When you log into an FTD device via cli you will be in a limited functions "clish" (command line interface shell). The clish will have a prompt of > (greater than symbol). You can move to Linux user shell by typing "expert" and can then get into ASA shell via "sudo lina_cli". You can also move directly to ASA shell from clish via "system support diagnostic cli".

tgrundbacher
Level 1
Level 1

On a FP4100 with FTD, active/standby, stateful failover is supported. As always, both appliances need to have the same hardware specifications. Licensing doesn't need to match. Check the HA configuration guide:

http://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config-guide-v61/firepower_threat_defense_high_availability.html

Toni

Review Cisco Networking for a $25 gift card