Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
505
Views
0
Helpful
4
Replies

Install FMCv and NGIPSv but unable to add HA

JCHY
Level 1
Level 1

‎05-24-2023 02:06 AM

Hi Guys, I just installed FMCv 6.7 and started a 90 days trial license.

FMCv was downloaded from:

https://software.cisco.com/download/home/286259687/type/286271056/release/6.7.0

I wanted to simulate having a pair of NGIPS in HA so I installed two instances of Firepower NGIPS 6.7 downloaded from:

https://software.cisco.com/download/home/286259690/type/286271056/release/6.7.0

I managed to add them both to the FMC, both have been deployed and health is ok. But when I try to add HA, I do not see either nodes as option regardless if I choose FirePower or FTD. The active peer and standby peer is greyed out and I'm unable to select anything. Screenshot provided.

Does anyone know what is the issue, or is the NGIPS just incapable of HA?

Preview file
84 KB
0 Helpful
4 Replies 4

Sheraz.Salim
VIP
VIP

‎05-24-2023 02:20 AM

Cisco FTD high availability configuration has some basic requirements to be met before they can be configured for failover as under. 

  • Be it same model
  • Have the same number and type of interfaces
  • Have to be in same firewall mode (routed or transparent)
  • Have same version of software
  • Be in same domain or group on FMC (FirePower management console)
  • Have same NTP configuration
  • Fully deployed on FMC with no uncommitted changes
  • Not have DHCP or PPPoE configuration on any of the interfaces
  • FTD devices in HA must have same license
  • HA configuration requires two smart license entitlements one for each device in the pair 
  • FTD supports active standby mode 
  • Latency must be less than 10ms, no more than 250ms
  • HA is only supported for 2 FTD devices 
please do not forget to rate.
0 Helpful

MHM Cisco World
VIP
VIP

‎05-24-2023 02:22 AM - edited ‎05-24-2023 04:59 AM

Screenshot (473).pnginstance is support HA only in inter-chassis not intra-chassis 

0 Helpful

Sheraz.Salim
VIP
VIP

‎05-24-2023 02:24 AM - edited ‎05-24-2023 02:29 AM

Just had a look into your screen shot. You suppose to click on Firepower Thread Defence where as you putting firepower that why its not working

 

1234.PNG

 

78888.PNG

please do not forget to rate.
0 Helpful

JCHY
Level 1
Level 1
In response to Sheraz.Salim

‎05-24-2023 02:55 AM

Hi Sheraz, I have already tried that, it doesn't work either.

That was stated in my original post "I do not see either nodes as option regardless if I choose FirePower or FTD"

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card