11-07-2018 07:27 AM - edited 03-12-2019 07:04 AM
Can I deploy firepower (FTD 6.2) between campus core switch and nexus5672UP ?
Are there any problem if I deploy like this ?
Solved! Go to Solution.
11-07-2018 11:24 AM
Hi,
If you place FTD 2130 as your DC firewall, this only have max 4.75 Gbps of throughput, so before deploying please make sure this will not slow down your network DC traffic because your upstream and downstream devices are highly capable when compare to 2130.
Cisco Firepower Threat Defense (FTD) Performance Specifications and Feature
https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/datasheet-c78-736661.html
HTH
Abheesh
11-07-2018 07:45 AM
11-07-2018 08:17 AM
Hi,
You can deploy FTD in two modes Routed or Transparent. If you are planing to deploy with less network changes option, then transparent with inline pair interface is best suite. So there will not be any routing changes, your L3 links will be same from Core to 5K. In routed mode there will be L3 links between Core to FTD & FTD to 5K.
Both the way you can deploy.
HTH
Abheesh
11-07-2018 08:39 AM
Hi,
Thanks you for your assistance. I would like to verify that if I deploy in active/standby mode the link that from firepower to campus core and from firepower nexus5672 do I have to cross connect as the diagram I attach or
I have to connect link-1 [campus_core-A to FTD-A and FTD-A to Nexus5672-A] ?
Link-2 campus_core-B to FTD-B and FTD-B to Nexus5672-B ?
11-07-2018 08:51 AM - edited 11-07-2018 09:11 AM
What model FTD you have..?
Is your core in VSS..?
If you plan to deploy in active/standby scenario then you need to connect link-1 [campus_core-A to FTD-A and FTD-A to Nexus5672-A] because if you do a cross connect in active/standby scenario, secondary(standby) firewall will not forward traffic it receives.
HTH
Abheesh
11-07-2018 09:34 AM
11-07-2018 11:23 AM
Hi,
If you place FTD 2130 as your DC firewall, this only have max 4.75 Gbps of throughput, so before deploying please make sure this will not slow down your network DC traffic because your upstream and downstream devices are highly capable when compare to 2130.
HTH
Abheesh
11-07-2018 11:24 AM
Hi,
If you place FTD 2130 as your DC firewall, this only have max 4.75 Gbps of throughput, so before deploying please make sure this will not slow down your network DC traffic because your upstream and downstream devices are highly capable when compare to 2130.
Cisco Firepower Threat Defense (FTD) Performance Specifications and Feature
https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/datasheet-c78-736661.html
HTH
Abheesh
11-07-2018 06:16 PM
Hi,
Because the actual traffic between campus and data center is not exceed the 4.75 Gbps throughput ? The failover traffic can use as 8 Gbps, Right ? Is it require to match the bandwidth of data link ?
11-07-2018 08:49 PM
11-07-2018 11:06 PM
Hi Abheesh Thank you for your kindly suggestion.
11-07-2018 10:09 AM
For one more question if my data traffic is 10Gbps can I use etherchannel bundle interface to config for stateful failover but my switch is 2960X that eight port in bundle is active so my failover link is 8 Gbps. Can I do I and do it have any concern ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide