cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3366
Views
0
Helpful
11
Replies

Question for design an put firepower between campus core switch and nexus5672UP

boonsue_pat
Level 1
Level 1

Can I deploy firepower (FTD 6.2) between campus core switch and nexus5672UP ?

Are there any problem if I deploy like this ?

1 Accepted Solution

Accepted Solutions

Hi,

If you place FTD 2130 as your DC firewall, this only have max 4.75 Gbps of throughput, so before deploying please make sure this will not slow down your network DC traffic because your upstream and downstream devices are highly capable when compare to 2130.  

Cisco Firepower Threat Defense (FTD) Performance Specifications and Feature

https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/datasheet-c78-736661.html

 

HTH

Abheesh

View solution in original post

11 Replies 11

boonsue_pat
Level 1
Level 1
 

Hi,

You can deploy FTD in two modes Routed or Transparent. If you are planing to deploy with  less network changes option, then transparent with inline pair interface is best suite. So there will not be any routing changes, your L3 links will be same from Core to 5K. In routed mode there will be L3 links between Core to FTD & FTD to 5K.

Both the way you can deploy.

 

HTH

Abheesh

 

 

Hi,

 

        Thanks you for your assistance. I would like to verify that if I deploy in active/standby mode the link that from firepower to campus core and from firepower nexus5672 do I have to cross connect as the diagram I attach or

I have to connect link-1 [campus_core-A to FTD-A and FTD-A to Nexus5672-A] ?

Link-2 campus_core-B to FTD-B and FTD-B to Nexus5672-B ?

 

 

What model FTD you have..?

Is your core in VSS..?

If you plan to deploy in active/standby scenario then you need to connect link-1 [campus_core-A to FTD-A and FTD-A to Nexus5672-A]  because if you do a cross connect in active/standby scenario, secondary(standby) firewall will not forward traffic it receives. 

 

HTH

Abheesh

 

Hi,

        So sorry that I do not tell you that I have Firepower 2130 , but I have catalyst 9400 with sup1 without stackwise license I have to use VRRP or HSRP, but at the nexus5672UP side I config vPC so Do I have connect the network diagram as attach ?

Hi,

If you place FTD 2130 as your DC firewall, this only have max 4.75 Gbps of throughput, so before deploying please make sure this will not slow down your network DC traffic because your upstream and downstream devices are highly capable when compare to 2130.  

 

HTH

Abheesh

Hi,

If you place FTD 2130 as your DC firewall, this only have max 4.75 Gbps of throughput, so before deploying please make sure this will not slow down your network DC traffic because your upstream and downstream devices are highly capable when compare to 2130.  

Cisco Firepower Threat Defense (FTD) Performance Specifications and Feature

https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/datasheet-c78-736661.html

 

HTH

Abheesh

Hi,

       Because the actual traffic between campus and data center is not exceed the 4.75 Gbps throughput ? The failover traffic can use as 8 Gbps, Right ? Is it require to match the bandwidth of data link ?

 

Hi,
Cisco recommends that the bandwidth of the stateful failover link should at least match the bandwidth of the
data interfaces.
https://www.cisco.com/c/en/us/td/docs/security/firepower/601/configuration/guide/fpmc-config-guide-v601/fpmc-config-guide-v601_chapter_01100110.pdf

HTH
Abheesh

Hi Abheesh Thank you for your kindly suggestion.

For one more question if my data traffic is 10Gbps can I use etherchannel bundle interface to config for stateful failover but my switch is 2960X that eight port in bundle is active so my failover link is 8 Gbps. Can I do I and do it have any concern ?

Review Cisco Networking for a $25 gift card