Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
369
Views
3
Helpful
5
Replies

FMC FTD HA Cluster

Go to solution
kamensky@kronovision.sk
Level 1
Level 1

‎08-19-2024 05:19 AM

Hello community,

currently we are facing a challenge to build FTD HA cluster using FMC while using the same interface for DATA and MANAGEMENT traffic processing.

However it turned out that on FTD models 1150 such setup is not supported. When building up a cluster we get message: "High availability not supported on this model for devices enabled for Management access through data interfaces".

In case we use our available public IPs for management interfaces to separate DATA and MANAGEMENT traffic there will be no left for outside interface to build VPN tunnel. In case we use private IPs for management interfaces we will not be able to publish any changes from FMC in case VPN tunnel will be down.

I would like to ask you what is the best practice to follow in such scenario.

Also I would like to ask you, in case we use public IPs for management interface, is there a way to secure this interface which will be facing public internet? (like limit access only from certain IPs, or deny ICMP, etc...)

Thanks a lot for any valuable information on these topics!

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-19-2024 07:12 AM

FYI version 7.4 added support for this feature.

High Availability/Scalability

Manage threat defense high availability pairs using a data interface.

7.4.0

7.4.0

Threat defense high availability now supports using a regular data interface for communication with the management center. Previously, only standalone devices supported this feature.

See: Using the Threat Defense Data Interface for Management

View solution in original post

5 Replies 5

Go to solution
MHM Cisco World
VIP
VIP

‎08-19-2024 06:25 AM

FTD HA active/standby or cluster ?

MHM

0 Helpful

Go to solution
kamensky@kronovision.sk
Level 1
Level 1
In response to MHM Cisco World

‎08-19-2024 06:27 AM

HA active/ standby

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to kamensky@kronovision.sk

‎08-19-2024 07:00 AM - edited ‎08-19-2024 11:54 AM

MHM

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-19-2024 07:12 AM

FYI version 7.4 added support for this feature.

High Availability/Scalability

Manage threat defense high availability pairs using a data interface.

7.4.0

7.4.0

Threat defense high availability now supports using a regular data interface for communication with the management center. Previously, only standalone devices supported this feature.

See: Using the Threat Defense Data Interface for Management

Go to solution
kamensky@kronovision.sk
Level 1
Level 1
In response to Marvin Rhoads

‎08-19-2024 11:36 AM

Thanks a lot for info, tested, working.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card