Solved: Firepower HA 2 subnets problem

cm · ‎10-04-2022

Hi All

I have 2 Firepower FTD (2130 models) in HA (high availabilty)mode working well in routed Mode. Its working using ONE protected subnet eg 98.x.x.0/24 for my servers. My servers are reachable from the outside using Public Addresses etc. BUT I have requirement to add a SECOND Subnet eg 49.x.x.0/24 on the same HA pair. is that possible. Logically this leans to BGP to advertise internal Networks. Any Examples or case Studies. So my Current setup below looks something like this ;

98.x.x.3 - 12( Protected Servers)--------98.x.x.1-2(Gw) [{Inside} HA -FTD(2 ftd) {Ouside} ] 69.x.x.1-2--- Static >---69.x.x.250[ Router-ISP ] (WORKING )

REQUIRED

98.x.x.0/24 and 49.x.x.0/24( Protected Servers)--------98.x.x.1-2(Gw) [{Inside} HA -FTD(2 ftd) {Ouside} ] 69.x.x.1-2--- Static >---69.x.x.250 [Router-ISP ]

Please Assist

cm · ‎10-10-2022

We managed to get working using IGP in our case it was OSPF used to advertise routes. I had made a mistake saying Subinterfaces dont work... It was just my wrong interpretation. Sub interfaces dont work on the failover link only.

View solution in original post

MHM Cisco World · ‎10-04-2022

but config subinterface in FTD can solve issue this make FTD have one subinterface for each subnet.

cm · ‎10-04-2022

Unfortunately you cannot use subinterfaces in high availability mode.

cm · ‎10-10-2022

We managed to get working using IGP in our case it was OSPF used to advertise routes. I had made a mistake saying Subinterfaces dont work... It was just my wrong interpretation. Sub interfaces dont work on the failover link only.

MHM Cisco World · ‎10-10-2022

So glad your issue solve.

Good luck freind