Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3731
Views
15
Helpful
4
Replies

How to Configure BFD on FTD Firewall using FMC

Go to solution
ronbuchalski
Level 1
Level 1

‎10-17-2022 03:36 PM

I have an HA pair of FTD 2140 firewalls, running 7.0.1. They are managed by an FMC running 7.0.4. The firewall is running BGP with its upstream and downstream neighbors. I would like to enable BFD between the HA firewall and the upstream and downstream neighbors, to improve fault detection and BGP failover/convergence.

I see where to enable BFD for each BGP neighbor, but there is a note next to the check box that says a FlexConfig is required in order to use BFD. I have searched and have found no information on how to configure a FlexConfig to enable BFD.

Any help is appreciated.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
tebogo.pholo1
Level 1
Level 1

‎11-16-2022 01:25 PM - edited ‎11-16-2022 01:26 PM

Here are the configs i applied on the FMC under Objects - Flexconfig object 

bfd-template single-hop TEMPLATE1
interval both 300 multiplier 3
echo

interface Port-channel3.858 (Interface facing BGP peer)
bfd template TEMPLATE1

Once done attach them to your firewall under device flexconfig and enable BFD on BGP.

Deploy the configs and all will be fine

View solution in original post

4 Replies 4

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎10-18-2022 12:17 AM - edited ‎10-18-2022 12:18 AM

Never used BFD in FTD, not sure below link help you..but check the below bug:

https://bst.cisco.com/bugsearch/bug/CSCvi56636

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
ronbuchalski
Level 1
Level 1
In response to balaji.bandi

‎10-18-2022 09:32 AM

It looks like that feature request may actually be what added the checkbox in FMC web GUI, under BGP Neighbor configuration, to enable BFD.  But that's where it says that FlexConfig is used to actually configure BFD on the FTD, and then the checkbox is what links BFD to BGP.

So, I still need some help on configuring FlexConfig to make the BFD configuration on the FTD.

0 Helpful

Go to solution
tebogo.pholo1
Level 1
Level 1

‎11-16-2022 01:25 PM - edited ‎11-16-2022 01:26 PM

Here are the configs i applied on the FMC under Objects - Flexconfig object 

bfd-template single-hop TEMPLATE1
interval both 300 multiplier 3
echo

interface Port-channel3.858 (Interface facing BGP peer)
bfd template TEMPLATE1

Once done attach them to your firewall under device flexconfig and enable BFD on BGP.

Deploy the configs and all will be fine

Go to solution
ronbuchalski
Level 1
Level 1
In response to tebogo.pholo1

‎11-17-2022 02:28 PM

Thank you for that information.  I ended up opening a case with Cisco TAC, and they provided the same response that you did.  We implemented it and it is working great.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card