Re: Help setting up additional FTD

Nandan Mathure · ‎02-09-2018

Hello!

Currently we have a existing FPR2110 and all the network is operational. For some reason we do not want the HA setup but want the addtional new FPR2110 firewall to be setup exactly like the existing one.

Also note existing firewall is being managed by FDM.

New firewall FPR2110 will be setup using FMC VM and this will be exact replica of exisiting FPR2110 configuration except for management IP.

So I have following plan in mind.

My Questions are:

1. For initial setup of FPR2110 (FTD Image) what will be IP address information that will work with FMC?

IPv4 Address: 10.10.8.10

Mask: 255.255.255.0

Ipv4 Gateway: data-interface (default value in all the guides but I am not willing to connect it in the network eth1/2)

So what will be the gateway here? will it be existing firewall with IP 10.10.8.1

2. Is it possible to configure the firewall just using management interface and FMC?

In this case what would be IP addressing information and gw?

3. If it it necessary to connect a data-interface default of eth1/2 to inside network? How do I assign IP address to inside and outside interfaces using the command line?(any commands/link to command guide would be useful)

Dennis Mink · ‎02-11-2018

these units are HA stateful. you need a deicated or shared failover link between the two and when the primary fails the secondary will take over the primary IP and MAC. the will need dedicate management IP's of course

https://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config-guide-v61/firepower_threat_defense_high_availability.html#ID-2107-00000060

Please remember to rate useful posts, by clicking on the stars below.