Solved: FMC+FTD standalone - Adding a new FTD for HA

morabusa · ‎12-09-2021

I currently have in service a virtual FMC and a physical Firepower appliance working in standalone. We have got a new Firepower (same model), and now we would like to create a HA group with both firewalls. I have read the Cisco documentation related to HA, and it looks like it is just necessary to have both devices (same model and version) registered in the FMC without any pending change, and then it is possible to create the HA group for both firewalls, but I cannot find anything related to adding a new firewall in HA, when there is a standalone firewall currently in service.

I am just wondering if I should copy the whole current firewall configuration to the new one, and then creating the new HA group, or if it is enough to only add basic interfaces & routing configuration in the new device. Plus, if you know about any extra considerations I should keep in mind when adding a new HA group for an existing in-service firewall, please let me know it.

Thanks.

Marvin Rhoads · ‎12-10-2021

Just the basic bootstrap, registration and connected interfaces you plan to use is needed.

Plan to make the change during a maintenance window with downtime advertised. The impact should be brief as the units sync and Snort restarts on the Active member.

View solution in original post

Marvin Rhoads · ‎12-10-2021

Just the basic bootstrap, registration and connected interfaces you plan to use is needed.

Plan to make the change during a maintenance window with downtime advertised. The impact should be brief as the units sync and Snort restarts on the Active member.