I have 2 ASA with SFR, both the ASA are configured with HA so the config on SFR needs to be same. I dont see any option on HA so I believe need to do config manually on both identical. I have added both the SFR in firepower management console and then added both of them into a single group. Is there a way I can do all the config on the group and then it gets applied to both of them?
Sure - that's one of the main advantages to using groups in FMC. When you deploy your policies, deploy them to the group. That way each module in the HA pair is configured to behave the same.
thanks, but what about other configuration like assigning zones, creating objects or configuring external authentication servers. I believe these has to be done manually and the groups in FMC can only come handy when doing policies work.
You are correct, about pushing IPS, or Access Control policies. But in terms of changes of security zones, or objects those rather be manually. Just keep good documentation on those changes. My 2 cents
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
