Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2102
Views
0
Helpful
3
Replies

Maximum number of FMC objects and object overrides.

JeremyMaynard7191
Level 1
Level 1

‎01-20-2023 12:26 PM

I have over 1,200 firewalls to be managed and I can't find any documentation on the max number of network objects that can be created in FMC.  I also need to know how many times a network object can be overridden.  Any ideas?

0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎01-21-2023 06:57 AM

To manage 1200 FTD - you need sure the cluster FMC requirement since  FMC 4600 is the model is top in FMC and does support a maximum of 750 Sensors.

Looks your requirement is very big to suggest contacting a cisco partner for better outcomes and proper planning.

as per the Object concerns,  I do not see any Limitation here, since FMC most of the information is stored in the SQL Database. ( we are not sure what kind of Object size you looking  to deploy)

Read the latest release notes and improvements done in FMC's latest version.

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/roadmap/management-center-new-features-by-release.html

Also, look at distributed deployment :

https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config-guide-v70/policy_management.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-23-2023 05:03 AM

1200 Firewalls cannot be managed by a single FMC. An HA pair of FMCs does not change that limitation.

As @balaji.bandi mentioned, you would be strongly advised to work with Cisco and/or your partner account team to develop a properly sized solution. It would probably involve orchestration and possibly geographic  distribution to make things run smoothly as a whole.

0 Helpful

JeremyMaynard7191
Level 1
Level 1

‎01-25-2023 04:57 AM

For anyone needing this information, as well as how many routes a Firepower 1010 will support, here was the answer I got from the engineers:  

1. What is the max number of routes the 1010 model will support?

5k Generic routes.   Maximum 5 VRFs with 1,000 routes per VRF.   This is true for the 1120, which the 1010 should be the same.  I am confirming this.

2. What is the max number of network objects the FMC 4600 and 1600 models will allow to be created? 

The limit here is actually not on the FMC, but the number of ACE for the FTD sensors.   In the 1010s situation, the 1010 will support 15,000 ACE running FTD code and thus the sensor limitation would be around the same for objects.

If we look at the 1120, it jumps to 125,000 ACE lines.

3. How many times can a network object be overridden?

There is no true limit here.    We can integrate CSDAC which can automatically update objects on the fly.  

Note:  I am running version 7.1 on both the FMC and FTD's.  

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card