Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1137
Views
20
Helpful
4
Replies

HA Firepower 2130

Go to solution
Pedro Coelho
Level 1
Level 1

‎06-08-2022 06:18 AM

I have set up HA on my firewalls and both the primary and secondary are in active and I can't change this state

1 Accepted Solution

Accepted Solutions

Go to solution
Sheraz.Salim
VIP Alumni
VIP Alumni
In response to Pedro Coelho

‎06-08-2022 11:51 AM - edited ‎06-08-2022 11:52 AM

For HA to work both unit must have same model and same software plus same physical module on each chassis. The best practice is to use the same ports on same units instead of mixing the ports with each individual etc.

 

for sfp port is your sfp is compatiable and is working? have you tired these sfps on different set of hardware to confirm they are working. also could you see the light is coming out from the fiber cable etc.

 

as mentioned earlier check on FTD "show failover" or "show failover | i host", "show failover history" to see if each unit see each other. how these FTD are managed on FMC or standalone in HA pair.

 

 

 

 

please do not forget to rate.

View solution in original post

4 Replies 4

Go to solution
Rob Ingram
VIP
VIP

‎06-08-2022 06:23 AM

@Pedro Coelho 

Have you setup the interfaces in the correct VLANs? check the switch configuration

Can the firewalls communicate with each other?

Have you setup the HA and state links? and connected together correctly?

 

Run "show failover history" and "show failover" and provide the output

 

Follow this guide

https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212699-configure-ftd-high-availability-on-firep.html

 

 

 

 

 

Go to solution
Pedro Coelho
Level 1
Level 1
In response to Rob Ingram

‎06-08-2022 06:31 AM - edited ‎06-08-2022 06:33 AM

I am trying to make a direct connection between the firewalls, with the spf ports

And i use different ports for different links

0 Helpful

Go to solution
Sheraz.Salim
VIP Alumni
VIP Alumni
In response to Pedro Coelho

‎06-08-2022 11:51 AM - edited ‎06-08-2022 11:52 AM

For HA to work both unit must have same model and same software plus same physical module on each chassis. The best practice is to use the same ports on same units instead of mixing the ports with each individual etc.

 

for sfp port is your sfp is compatiable and is working? have you tired these sfps on different set of hardware to confirm they are working. also could you see the light is coming out from the fiber cable etc.

 

as mentioned earlier check on FTD "show failover" or "show failover | i host", "show failover history" to see if each unit see each other. how these FTD are managed on FMC or standalone in HA pair.

 

 

 

 

please do not forget to rate.

Go to solution
MHM Cisco World
VIP
VIP

‎06-08-2022 08:48 AM

only reboot the secondary,

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card