05-04-2021 03:29 AM
Hi all,
We plan to implement IPSec VTI on FTD2120 on HA Pair.
As I can see, IPSec VTI is not supported on cluster:
Does anybody know if there are some similar restrictions in HA Pair installation?
05-04-2021 03:43 AM
The documentation states "Support for both Firepower Management Center and FTD HA environments", but it's not clear if they are referring to Policy Based and Routed Based VPN, but I assume both as the section of the document describes both.
The documentation would normally state whether there is a limitation, so I'd see no reason why you could not setup a static VTI to an Active/Standby HA pair.
HTH
12-18-2022 09:21 PM
Hi Noxiosus,
Are you able to implement VTI on FTD HA pair, I am also looking for the same.
Rajan
12-19-2022 01:45 AM - edited 12-19-2022 01:46 AM
Yes it is supported on an HA pair.
A cluster is not an HA pair but rather a set of FTD devices (2-16) operating as one logical device (all active). Contrast that with an HA pair where only one device is active while the other is standby at all times.
12-19-2022 01:51 AM
Thanks Marvin.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide