cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1575
Views
15
Helpful
7
Replies

FMC FTD (Cluster) and Conext

Alex Ribas
Level 1
Level 1

I'm installing FTD in my network but I'd like to implement Context in FTD

I'm using FMC  6.3.0

 

1-FTD on ASA5516x

Model : Cisco ASA5516-X Threat Defense (75) Version 6.3.0 (Build 83)

2-FTD on ASA5516x

Model : Cisco ASA5516-X Threat Defense (75) Version 6.3.0 (Build 83)

 

My idea is: Clusters and Multiple contexts, I was comfortable to do it but when I'm was using Cisco ASA and Context (Failover etc) but in FTD and FMC I never did it before.

 

Anyone configured it before?

Thanks you

Alex Ribas

 

 

 

 

 

 

3 Accepted Solutions

Accepted Solutions

Multiple context does not exist on FTD, the closest feature is multi-instance, but that is only supported on FPR-4100/9300 hardware so will not work on your ASA 5516.

 

Clustering is also only supported on FPR-4100/9300 hardware, so will also not work on your hardware.

 

Your hardware will support Active/Standby failover.

 

For reference:

https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/multi-instance/multi-instance_solution.html

https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/clustering/ftd-cluster-solution.html

 

HTH

View solution in original post

The ASA 5516 only supports a maximum of 5 context....unless you were referring to 6 context across the 2 ASA 5516?

I don't see a reason why you need to run multiple-context. Why can you not just use one context, then you could run FTD image in HA.

View solution in original post

Yes, FTD managed via FDM (local management without FMC) can authenticate to AD.

https://www.cisco.com/c/en/us/td/docs/security/firepower/630/fdm/fptd-fdm-config-guide-630/fptd-fdm-identity-sources.html

 

You then just create access control rules against AD users/groups with or without URL filtering

View solution in original post

7 Replies 7

Multiple context does not exist on FTD, the closest feature is multi-instance, but that is only supported on FPR-4100/9300 hardware so will not work on your ASA 5516.

 

Clustering is also only supported on FPR-4100/9300 hardware, so will also not work on your hardware.

 

Your hardware will support Active/Standby failover.

 

For reference:

https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/multi-instance/multi-instance_solution.html

https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/clustering/ftd-cluster-solution.html

 

HTH

So the solution in this case

Use Cisco ASA 5516-x Context(IoS) and Module Faiolver ok and

"FirePower Separate using  filters integrate with FMC ? )

Any idea?

Thank you

Alex

 

You can use ASA software with FPR module managed via FMC.

 

Yes but

I have 2 Cisco ASA 5516x (6 Contexts) and one context we use to go to Internet.

 

My Plan is:

Profile Users Integrate Active Directory (GROUP_DIRECTOR_ FULL ACCESS) without URL Filter)

Profile Users integrate Acrive Direcgtory (GRUPO_USERS) Filter url

And user just FIrePower controller my context

It's possible?

 

 

The ASA 5516 only supports a maximum of 5 context....unless you were referring to 6 context across the 2 ASA 5516?

I don't see a reason why you need to run multiple-context. Why can you not just use one context, then you could run FTD image in HA.

Can I use URL filter per user (Active Directory) in one context using FirePower without FMC?

Thank you.

 

Yes, FTD managed via FDM (local management without FMC) can authenticate to AD.

https://www.cisco.com/c/en/us/td/docs/security/firepower/630/fdm/fptd-fdm-config-guide-630/fptd-fdm-identity-sources.html

 

You then just create access control rules against AD users/groups with or without URL filtering

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: