Cisco Community
English
Register
We're here for you! LEARN about free offerings and business continuity best practices during the COVID-19 pandemic
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

344
Views
5
Helpful
2
Replies
Highlighted
charleseapen
Beginner
Beginner
‎02-14-2020 01:30 AM
‎02-14-2020 01:30 AM

NGIPS high availability

hi guys,

slight confusion on Cisco NGIPS high availability and clustering.

  1. My devices are Firepower 4125 with fxos and planning to run FTD on it.
  2. Total 4 devices - 2 in DC and 2 in DR
  3. Can i do Active-Passive failover with devices
  4. some documentations mentioned, HA not possible for NGIPS devices only clustering. Is that truuuuuuuue?
  5. How many devices can be added to cluster?
  6. Is it like FXOS can be clustered, but not FTD ???

 

Can someone please help in sorting out the confusions.

 

Labels:
Everyone's tags (6)
0 Helpful
Reply
2 REPLIES 2
Highlighted
Muhammad Awais Khan
Rising star
Rising star
‎02-14-2020 01:59 AM
‎02-14-2020 01:59 AM

Re: NGIPS high availability

Hi,

 

You can configure Active/Standby Failover with your 4125. The document mentioned that HA is not supported when you configured clustering but without clustering you can configure active/standby Failover.

 

Configuraiton guide 6.5 for active/standby failover:

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/650/configuration/guide/fpmc-config-guide-v65/high_availability_for_firepower_threat_defense.html

 

 

But if you want to have clustering or active/active you can still do that. Firepower 4100 series—Supported for up to 6 units using inter-chassis clustering. 

 

So to answer your question, FTD supports active/standby configuraiton and clustering also but both cannot be mixed.

Reply
Highlighted
Muhammad Awais Khan
Rising star
Rising star
‎02-14-2020 02:20 AM
‎02-14-2020 02:20 AM

Re: NGIPS high availability

just to add to my prevous response, within the clustering there is HA support in a way that both appliances interfaces are active and if one went down other device's link will remain active

0 Helpful
Reply
Latest Contents
FMC
Created by MassB on 06-01-2020 03:47 AM
1
0
1
0
HIDoes anyone know if there is an easier way than the belowQ. I check connection events for IOC's when requested and sometimes i have to check many url's which i am presently doing one url at a time and is very time consuming, is there a way to check mult... view more
How to: Cisco Identity Services Engine TC-NAC Integration wi...
Created by pavagupt on 05-30-2020 02:05 AM
0
0
0
0
HI   Introduction             Cisco Identity Services Engine (ISE) gives you intelligent Integrated protection through intent-based policy and compliance solution. Cisco ISE supports TC-NAC inte... view more
How to Integrate Cisco Identity Services Engine with IBM Maa...
Created by pavagupt on 05-29-2020 12:45 AM
0
10
0
10
HI   Introduction Cisco Identity Services Engine (ISE) gives you intelligent Integrated protection through intent-based policy and compliance solution. ISE supports external MDM vendor integration to help the customers to look for compliance of a dev... view more
AMP4E - Cisco Threat Response and ESA Integration
Created by bremarqu on 05-27-2020 09:16 AM
0
0
0
0
Hello, This video provides the steps to configure the Cisco Threat Response (CTR) and ESA Integration.   This is live on the portal:https://video.cisco.com/video/6159336218001   And on YouTube:https://www.youtube.com/watch?v=UCKIdx5rdFg   ... view more
Migrate from C170 to C190
Created by fhk_license on 05-26-2020 02:24 AM
3
0
3
0
I need to migrate from C170 to C190 and have already match to the same Firmware Version. I have a question. Is there any method that can export and import the configuration file instead of form cluster ?
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad