Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
268
Views
2
Helpful
2
Replies

FPR3130 HA connectivity

arpitsharmanec
Level 1
Level 1

‎11-09-2023 07:06 PM - edited ‎11-09-2023 07:07 PM

Hi, To connect FPR3130 in HA, how many interfaces do we need to be configured

Is 1 gig interface good enough or do we require two separate 1 gig interfaces, for stateful failover

0 Helpful
2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

‎11-10-2023 04:35 AM

Only rarely do I see a customer using two interfaces per device. 98-99% of the deployments I see use a single interface for both failover and state.

For the official Cisco recommendation, they say "All other models—1 GB interface is large enough for a combined failover and state link." (meaning all models except 4100/4200 and 9400 series).

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/740/management-center-device-config-74/high-availability.html#ID-2107-0000004d

tvotna
Spotlight
Spotlight
In response to Marvin Rhoads

‎11-10-2023 05:16 AM

This note was put into documentation when 3100 didn't exist yet. From my experience with multiple Firepowers 4150/4145 the 1Gbps statelink is definitely not enough. If the link is 1Gbps and conn rate is high, the state replication creates a bottleneck for the entire system. So, I'd highly recommend 10Gbps statelink on FP3100. Failover and state can share the same link, but we always use two links to never have a concern that state replication can affect transmission of hellos.

 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card