Yes, I know that. But what if I can not stretch WAN vlan to both sites and Firepowers, but I will configure those interfaces neverthelss and firewalls wont see each other on that vlan - I will set them as non-monitored interfeces. Does FTD talk to each other on that type of interface?

So if we have ISP A and ISP B:

I configure ISP-A subinterface on vlan A on both members, but only one of them will be able to communicate with ISP. Node B will be "blind" on that subinterface.

Then I will configure interfaces to ISP B the same way.

Using IP SLA tracking I will be able to change default route when cluster failover.

I absolutely agree that it's not elegant and not recommended but its a backup design if wont be able to build two independent clusters.

The problem I see is that IP SLA changing the default route will not trigger a failover event.

So if you lose the site A ISP gateway reachability (or whatever upstream address you have in your IP SLA monitor) and that triggers a default route change, the site A Firepower will remain active but with an unusable default route.

Hi,

Marvin good point. And this finishes the discussion I think

Thanks