Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
463
Views
3
Helpful
5
Replies

HA on FTD

Go to solution
KayaaKashyap
Level 1
Level 1

‎01-23-2024 01:51 AM

Hi,

We have a greenfield project in which we are implementing FTD.

Let’s assume I have configured

Active : 192.168.75.10

standby : 192.168.75.11

FTD will connect to the SDWAN cedge devices (HA).

connectivity is as below:

SDWAN edge router (HA)—> FTD —> Core Switch —> internal servers

We will configure static route on firewall to reach SDWAN device.

And reverse traffic will reach to primary firewall which is 192.168.75.10

Now my question is during failover when standby firewall will be active. how the reverse traffic will reach to secondary firewall (192.168.75.12)?

 

 

 

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
MHM Cisco World
VIP
VIP

‎01-23-2024 02:00 AM

SDWAN router need to have static route to active FW IP 
the FW IP is swap when fail over and hence always the SDWAN point to active FW 
MHM

View solution in original post

5 Replies 5

Go to solution
Rob Ingram
VIP
VIP

‎01-23-2024 01:57 AM

@KayaaKashyap both FTD's (Active/Standby) inside and outside interfaces need to be plugged into a switch and in the same VLAN. Upon failover of the Active (Primary) firewall, the Standby (Secondary) firewall will become active and the firewalls will swap IP addresses. So 192.168.75.10 will be the Active IP address regardless of whether the which firewall is passing traffic.

Go to solution
MHM Cisco World
VIP
VIP

‎01-23-2024 02:00 AM

SDWAN router need to have static route to active FW IP 
the FW IP is swap when fail over and hence always the SDWAN point to active FW 
MHM

Go to solution
MHM Cisco World
VIP
VIP
In response to MHM Cisco World

‎01-23-2024 02:01 AM

NOTE:- if you run IGP only the active participate in igp, the standby dont have any role.
MHM

0 Helpful

Go to solution
KayaaKashyap
Level 1
Level 1
In response to MHM Cisco World

‎01-23-2024 02:39 AM

This is helpful. Many thanks.

So we can say Primary IP of firewall works as VIP in FTD HA, right?

Please share if you have supportive document?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card