01-23-2024 01:51 AM
Hi,
We have a greenfield project in which we are implementing FTD.
Let’s assume I have configured
Active : 192.168.75.10
standby : 192.168.75.11
FTD will connect to the SDWAN cedge devices (HA).
connectivity is as below:
SDWAN edge router (HA)—> FTD —> Core Switch —> internal servers
We will configure static route on firewall to reach SDWAN device.
And reverse traffic will reach to primary firewall which is 192.168.75.10
Now my question is during failover when standby firewall will be active. how the reverse traffic will reach to secondary firewall (192.168.75.12)?
Solved! Go to Solution.
01-23-2024 02:00 AM
SDWAN router need to have static route to active FW IP
the FW IP is swap when fail over and hence always the SDWAN point to active FW
MHM
01-23-2024 02:47 AM
@KayaaKashyap yes, the primary unit IP address can be consider as VIP that will always be available regardless of which unit is active.
01-23-2024 01:57 AM
@KayaaKashyap both FTD's (Active/Standby) inside and outside interfaces need to be plugged into a switch and in the same VLAN. Upon failover of the Active (Primary) firewall, the Standby (Secondary) firewall will become active and the firewalls will swap IP addresses. So 192.168.75.10 will be the Active IP address regardless of whether the which firewall is passing traffic.
01-23-2024 02:00 AM
SDWAN router need to have static route to active FW IP
the FW IP is swap when fail over and hence always the SDWAN point to active FW
MHM
01-23-2024 02:01 AM
NOTE:- if you run IGP only the active participate in igp, the standby dont have any role.
MHM
01-23-2024 02:39 AM
This is helpful. Many thanks.
So we can say Primary IP of firewall works as VIP in FTD HA, right?
Please share if you have supportive document?
01-23-2024 02:47 AM
@KayaaKashyap yes, the primary unit IP address can be consider as VIP that will always be available regardless of which unit is active.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide