Re: High availability with ASA Firepower

abhvyas · ‎09-26-2017

Hi Experts,

One of my customer is running an existing ASA5515-X box as standalone.

Now customer wants make setup in HA by adding another ASA5515-FPWR-K9 with existing ASA5515-X firewall.

I am curious: if its possible to run an ASA Firewall (without firepower services) in HA with another firewall running with Firepower services.

If this setup is not possible, can we disable firepower functionality (by removing SSD from ASA-FPWR) on ASA5515-FPWR-K9? and then run it in HA with existing ASA5515-X.

Just to add upgrading existing ASA5515-X with firepower is not an option here.

Looking for your support.

Thanks

csco12589127 · ‎10-09-2017

Hello !

I think you can add the second ASA without any problem, but you will not be able to use IPS, because your current ASA does not have it. We are talking about Failover. Just configure Failover and uninstall IPS from the second chasis.

Pranay Prasoon · ‎10-09-2017

Hi Abhishek,

Yes you can do that. The only requirement to have a HA is same hardware and same software. So just make sure that after un-installation of firepower you have rest of the criteria matches.

Thanks

AndreaTornaghi · ‎11-10-2017

Hi Abhishek,

you can do that, but you should disable the monitoring on sw-module otherwise you can run in a failover process without reason.

Another thing, you can disable FP redirection directly from service-policy without removing the SSD.

Thanks