Hi everyone,
I've been thinking of sharing my current struggle about S2S redundancy setup for our remote site in FMC, any help hugely appreciated!
We have a setup of two FPR FTD firewall pairs, both managed over FMC, one local and one for our remote site's equipment + running S2S VPN between them. Additionally, we wish to have a 4G router located at the remote site that would take over / establish a new S2S tunnel with local FTD in case the provider's connection for our remote site is down and FTD pair unreachable. Picture of the concept in attachment. This would be intended only for necessary management access for equipment without any enormous amount of data transaction.
We have a similar concept in production with use of ASA firewalls, two outside interfaces at the local part of the network, using static S2S primary VPN between ASA firewalls and dynamic S2S that creates the tunnel with 4G router in case the primary tunnel is down. This uses IP SLA tracking and dynamic route mechanisms both at router's side and ASA for the failover.
I'm not that much familiar with what is possible to do in the FMC and if this is even possible to replicate, or preferably simplify. Does anyone have any experience that can share and advice how proceed with the configuration steps in the FMC?
Running FMC and FTD 7.0.4 (FPR1140 and 1120 pairs), router C1121-4PLTEP with security license and P-LTEAP18-GL module for micro SIM card.