Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
358
Views
1
Helpful
1
Replies

FTD HA Reconfiguration via FMC

Go to solution
baxseliyevrahim
Level 1
Level 1

‎12-09-2025 12:55 AM

Hi dear Communities,I have configured Cisco FTD HA configuration on EVE-NG,

As I understand Standby ip in Monitored Interface is important to work HA properly.But I have question If we have 2 or 3 ISP Provider how many Failure Limit should uje?HA Monitored Interface.JPG

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Cristian Matei
VIP Alumni
VIP Alumni

‎12-09-2025 03:47 AM

Hi,

   You decide via your configuration, upon which number of failed interfaces you'll perform failover. If you have three ISP's and your let's say primary ISP fails on the Active device, do you want to failover? If yes, set the your interface failover policy accordingly, so that failover happens upon any one monitored link failure. 

   If you think from perspective of the three ISP's, you might want to failover upon 2 of your ISP's failing, however this means you'll set your failover policy to be triggered upon 2 interface failures. What if your LAN / INSIDE link fails, it means you will no longer perform failover now, which clearly will result in network downtime.

    So, in general, unless you have redundant physical paths towards any zone of your network (WAN / LAN / DMZ), you would generally set the failover policy to 1 interface failure.

Thanks,

Cristian.

 

 

View solution in original post

1 Reply 1

Go to solution
Cristian Matei
VIP Alumni
VIP Alumni

‎12-09-2025 03:47 AM

Hi,

   You decide via your configuration, upon which number of failed interfaces you'll perform failover. If you have three ISP's and your let's say primary ISP fails on the Active device, do you want to failover? If yes, set the your interface failover policy accordingly, so that failover happens upon any one monitored link failure. 

   If you think from perspective of the three ISP's, you might want to failover upon 2 of your ISP's failing, however this means you'll set your failover policy to be triggered upon 2 interface failures. What if your LAN / INSIDE link fails, it means you will no longer perform failover now, which clearly will result in network downtime.

    So, in general, unless you have redundant physical paths towards any zone of your network (WAN / LAN / DMZ), you would generally set the failover policy to 1 interface failure.

Thanks,

Cristian.

 

 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card