cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
860
Views
0
Helpful
3
Replies

High availability with ASA Firepower

abhvyas
Cisco Employee
Cisco Employee

Hi Experts,

One of my customer is running an existing ASA5515-X box as standalone.

Now customer wants make setup in HA by adding another ASA5515-FPWR-K9 with existing ASA5515-X firewall.

I am curious: if its possible to run an ASA Firewall (without firepower services) in HA with another firewall running with Firepower services.

If this setup is not possible, can we disable firepower functionality (by removing SSD from ASA-FPWR) on ASA5515-FPWR-K9? and then run it in HA with existing ASA5515-X.

Just to add upgrading existing ASA5515-X with firepower is not an option here.

Looking for your support.

Thanks

3 Replies 3

csco12589127
Beginner
Beginner

Hello !

I think you can add the second ASA without any problem, but you will not be able to use IPS, because your current ASA does not have it. We are talking about Failover. Just configure Failover and uninstall IPS from the second chasis.

Pranay Prasoon
Participant
Participant

Hi Abhishek,

Yes you can do that. The only requirement to have a HA is same hardware and same software. So just make sure that after un-installation of firepower you have rest of the criteria matches.

Thanks

AndreaTornaghi
Beginner
Beginner

Hi Abhishek,

you can do that, but you should disable the monitoring on sw-module otherwise you can run in a failover process without reason.

Another thing, you can disable FP redirection directly from service-policy without removing the SSD.

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: