Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1627
Views
5
Helpful
5
Replies

Multi Instance FTD Config

Go to solution
Secure_M10
Level 1
Level 1

‎04-13-2020 07:12 AM

I am trying to deploy Multi Instance in 2 Firepower 4100 boxes and have a few questions regarding that :

 

1. Can i use one physical interface say Eth1/2 as mgmt for 2 logical FTDs and assign the same interface to both instances for ftd mgmt purpose ?

2. Can the same physical interface say Eth1/8 be used as Fail/State Link for both logical devices? i.e. same interface can be assigned to both separate FTD Instances.

 

Thanks

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to Secure_M10

‎04-15-2020 03:44 PM

If you want to use 1 interface for HA and use it against 2 different instances, you must create sub interfaces using vlan. You won't be able to attach a HA to an instance already attached to another instance.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎04-13-2020 07:47 PM

Hi

 

Yes you can share mgmt interface between instances.

 

For failover interface, you can also share them. Create a vlan to differentiate the failover link for each instances.

 

Here a doc showing the different use-cases: https://www.ciscolive.com/c/dam/r/ciscolive/apjc/docs/2019/pdf/BRKSEC-3035.pdf

 

Check Slides 53 and 61


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Go to solution
Secure_M10
Level 1
Level 1
In response to Francesco Molino

‎04-14-2020 01:19 AM

Thank you for the link.. it is very helpful.
However.. is it possible to use only one interface as a State/HA link by tagging it as data-sharing ? is VLAN config necessary ?
0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to Secure_M10

‎04-14-2020 04:56 AM

Not sure I got your last question. You want 1 interface for Data and HA Link? This is not possible.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
Secure_M10
Level 1
Level 1
In response to Francesco Molino

‎04-15-2020 02:31 AM

Not one interface for both ..i meant is it necessary to tag VLANs for HA link interface.
Can it be done by selecting that interface as data sharing and then assigning to both instances as it can be done with mgmt interface
0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to Secure_M10

‎04-15-2020 03:44 PM

If you want to use 1 interface for HA and use it against 2 different instances, you must create sub interfaces using vlan. You won't be able to attach a HA to an instance already attached to another instance.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card