cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
267
Views
0
Helpful
1
Replies

Registeration of SFR on Firesight Defense Centre Cisco SFR on ASA 5525X When in HA!!

shrinad146
Level 1
Level 1

Dear All, 

we are having two cisco ASA 5525x  with fire power serevices in Active Standby HA. Hence we want to use SFR services so do we need to register both the SFr modules with two different management ip addresses  on cisco firesight defence centre or just registering the active asa with sfr installed and configured replicates the configuration when we do a failover manually or if the automitic failover occurs???

Need suggestions as we have installed SFr and made a trust between Defense centre and sfr software bundle through sfr's mgmt ip on active SFR, but just installed the SFR bundle on standby ASA with no basic configuration and no trust made between Defense centre and sfr software bundle, but during failover on the standby ASA , traffic is not able to pass !!!

Please suggest on this!!!

Thanks & Regards,

Shrinad

1 Reply 1

jan.nielsen
Level 7
Level 7

You need to configure both SFR modules, with different management addresses and register both to your defense centre, and then use the same SFR policies on both modules in your defense centre. When your ASA does a failover it will then use the module in the ASA it failed over to. There is NO replication between the two SFR modules by the modules themselves, this is done via the defense centre.

Review Cisco Networking for a $25 gift card