Re: FTD Dual ISP Loadbalancing - Page 2

Piyush_Sharma · ‎07-24-2018

Hi,

Please suggest any way to Dual ISP load-balancing on Cisco FTD running Version 6.2.3.3.

Herald Sison · ‎06-02-2022

Is there a remedy for this one sir? I have tried configuring 2 site to site vpn for each outisde interfaces but still only 1 interface gets connected. The weird thing is that ASA from the other peer of the S2S VPN can ping all subnets of the FTD but on the FTD only 1 interace can ping thr ASA and the other interface got an RTO.

Jack G · ‎08-31-2023

So, if one has two default routes (one for each ISP) with the same Metric field value of 1, the firewall won't attempt to load balance at all? I'm not sure how the firewall determines which default route to use if both are 1.

Marvin Rhoads · ‎08-31-2023

If you have provider-independent network and two ISP routers you can have two equal cost default routes on a given interface. In that case, your FTD will dynamically hash traffic based on source and destination address and port to balance it across the two routes. (The method is not configurable.)

ECMP is also now supported and you can read more about that feature in the configuration guides.

Jack G · ‎08-31-2023

Yes, ECMP and path monitoring does appear to be the way to go. Wondering what's left before an FTD can be considered "SD-WAN"

Marvin Rhoads · ‎08-31-2023

Stay tuned for release 7.4 which adds some more advanced path monitoring features.

7.2 already added a bunch:

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/720/management-center-device-config-72/routing-policy-based.html