07-24-2018 10:51 AM - edited 02-21-2020 08:00 AM
Hi,
Please suggest any way to Dual ISP load-balancing on Cisco FTD running Version 6.2.3.3.
06-02-2022 09:26 AM - edited 06-02-2022 09:33 AM
Is there a remedy for this one sir? I have tried configuring 2 site to site vpn for each outisde interfaces but still only 1 interface gets connected. The weird thing is that ASA from the other peer of the S2S VPN can ping all subnets of the FTD but on the FTD only 1 interace can ping thr ASA and the other interface got an RTO.
08-31-2023 08:15 AM - edited 08-31-2023 08:19 AM
So, if one has two default routes (one for each ISP) with the same Metric field value of 1, the firewall won't attempt to load balance at all? I'm not sure how the firewall determines which default route to use if both are 1.
08-31-2023 08:40 AM
If you have provider-independent network and two ISP routers you can have two equal cost default routes on a given interface. In that case, your FTD will dynamically hash traffic based on source and destination address and port to balance it across the two routes. (The method is not configurable.)
ECMP is also now supported and you can read more about that feature in the configuration guides.
08-31-2023 09:02 AM
Yes, ECMP and path monitoring does appear to be the way to go. Wondering what's left before an FTD can be considered "SD-WAN"
08-31-2023 09:18 AM
Stay tuned for release 7.4 which adds some more advanced path monitoring features.
7.2 already added a bunch:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide