11-09-2023 07:06 PM - edited 11-09-2023 07:07 PM
Hi, To connect FPR3130 in HA, how many interfaces do we need to be configured
Is 1 gig interface good enough or do we require two separate 1 gig interfaces, for stateful failover
11-10-2023 04:35 AM
Only rarely do I see a customer using two interfaces per device. 98-99% of the deployments I see use a single interface for both failover and state.
For the official Cisco recommendation, they say "All other models—1 GB interface is large enough for a combined failover and state link." (meaning all models except 4100/4200 and 9400 series).
11-10-2023 05:16 AM
This note was put into documentation when 3100 didn't exist yet. From my experience with multiple Firepowers 4150/4145 the 1Gbps statelink is definitely not enough. If the link is 1Gbps and conn rate is high, the state replication creates a bottleneck for the entire system. So, I'd highly recommend 10Gbps statelink on FP3100. Failover and state can share the same link, but we always use two links to never have a concern that state replication can affect transmission of hellos.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide