08-07-2024 05:38 AM - edited 08-07-2024 05:39 AM
Hello,
We have two FTDs (FPR1140) in an HA pair managed via FMC. Currently, the inside interface is simply one port on each device linking back to a switch. It has been this way for several years -- so the inside interface is referenced everywhere throughout the config (rules, routes, interface zones, groups, etc.) Now, I would now like to aggregate two ports on each device, making a new inside interface, which will link back to two Nexus switches via VPC. What are the ramifications of doing this, if any? With how finicky FTDs are, I can just see it in my mind that all sorts of stuff may break. Do any other changes have to be made if I name the port channel "inside" like the current single interface?
Any information is appreciated. Thanks!
08-07-2024 07:04 AM
08-07-2024 07:34 AM - edited 08-07-2024 07:35 AM
Thank you... But ultimately, it's not entirely clear to me what this entails. The link you supplied notes:
Q. How to migrate from a single port to a Port-Channel?
This change requires a Maintenance Window (MW) and is intrusive. Once you migrate from a single interface to Port-Channel all configuration related to the single interface is disassociated from it. Once you create the Port-Channel there is a need to re-associate the same configuration with the newly configured Port-Channel, for example, NAT, Routing, VPN, and so on. For FTD there is a note in this document: Configure an EtherChannel
The subsequent linked page notes:
Before you begin
Note
What does "clear any configuration that refers to the interface" mean? Does it mean literally removing the rules, NATS, etc. that reference the name from the config? Does the infer it is removed from FMC? Or does it simply mean the running config on the FTD... Meaning, once I delete the physical "inside" interface... the config is removed from the FTD... then I can create an etherchannel with the name "inside" and re-deploy the existing config from FMC without any modifications? (I think its the later, based on what all of this says, but it's still unclear to me... and when this is done, I am not in the position for a startling surprise.)
Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide