01-16-2020 12:46 AM - edited 02-21-2020 09:50 AM
Hello,
I'm trying to understand the different modes to access FDM of a FTD 6.5 failover cluster running on two ISA 3000 devices:
Which is not working is:
I need your help:
How can I connect to both nodes (e.g. for updates) without wiring the management port?
Any help is appreciated!
01-17-2020 01:30 AM - edited 01-17-2020 01:30 AM
When making any configuration changes on an FTD HA pair (including upgrades or patches) you need only log into the Active unit.
In the case of upgrades, I believe you need to log into the management interface on the secondary unit (thus it must be wired).
01-17-2020 05:49 AM
Thanks for your reply. What I don't understand yet is how this fits together with the documentation:
Quote: "... One way to configure Management/Diagnostic is to not wire the physical port to a network. Instead, configure the Management IP address only, and configure it to use the data interfaces as the gateway for obtaining updates from the internet. ..."
01-17-2020 07:37 AM
You MIGHT be able to get it to work that way but it's more confusing since you will need to log into the primary IP address you've enabled for management (meaning on the active unit), perform the necessary tasks, change which unit is active, perform tasks on the other unit, etc.
In my experience it's easier to just have the management interfaces connected with unique always reachable addresses.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide