Need help on Cisco Firepower 9300 with 2 SM-56

AKK · ‎06-11-2020

Hi All,

My customer has procured Cisco Firepower 9300 with two SM-56. Now we need to deploy a Single Logical device in 9300 Chassis which can use both the SM module as customer has requirement of approx 100 Gbps throughput.

I tried but not able to select both the SM module while deploying Logical device. I can select only single SM not both.

Also while creating resource profile, I can create profile only for Single SM resource I cannot combi

Firepower 9300 Chassis version: 2.6

Firepower Image version : 6.5 (to be deployed as Logical Device)

Please guide what to be done.

Marvin Rhoads · ‎06-12-2020

A given FTD instance runs on only one security module.

If you need more throughput you need to deploy multiple instances (one per SM) and cluster them.

AKK · ‎06-18-2020

Hi Marvin,

Thanks for the info..

I have two more query.

1) Can I create HA between Firewall Cluster of-Chassis-1 and Firewall Cluster of Chassis-2 ? If answer is no how I can I achieve Chassis hardware level redundancy between both the FTD 9300-Chassis ?

2) There is no document available on Cisco.com for inter-chassis cluster with HA deployment they have only for Intra-chassis example. Please help if you have any links.

Marvin Rhoads · ‎06-18-2020

You do not make two separate clusters that then make an HA pair of clusters. You can create a single cluster that spans more than one chassis

Reference this guide for detailed instructions:

https://www.cisco.com/c/en/us/td/docs/security/firepower/660/configuration/guide/fpmc-config-guide-v66/clustering_for_the_firepower_threat_defense.html#concept_1A91437675A54925A158E85D2BEC4D42

Also see confirmation in the Cisco Live Europe presentation BRKSEC-2020.