NGIPS high availability

manvik · ‎02-14-2020

hi guys,

slight confusion on Cisco NGIPS high availability and clustering.

My devices are Firepower 4125 with fxos and planning to run FTD on it.
Total 4 devices - 2 in DC and 2 in DR
Can i do Active-Passive failover with devices
some documentations mentioned, HA not possible for NGIPS devices only clustering. Is that truuuuuuuue?
How many devices can be added to cluster?
Is it like FXOS can be clustered, but not FTD ???

Can someone please help in sorting out the confusions.

Muhammad Awais Khan · ‎02-14-2020

Hi,

You can configure Active/Standby Failover with your 4125. The document mentioned that HA is not supported when you configured clustering but without clustering you can configure active/standby Failover.

Configuraiton guide 6.5 for active/standby failover:

https://www.cisco.com/c/en/us/td/docs/security/firepower/650/configuration/guide/fpmc-config-guide-v65/high_availability_for_firepower_threat_defense.html

But if you want to have clustering or active/active you can still do that. Firepower 4100 series—Supported for up to 6 units using inter-chassis clustering.

So to answer your question, FTD supports active/standby configuraiton and clustering also but both cannot be mixed.

Muhammad Awais Khan · ‎02-14-2020

just to add to my prevous response, within the clustering there is HA support in a way that both appliances interfaces are active and if one went down other device's link will remain active