Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1776
Views
10
Helpful
7
Replies

Running BGP on FTD 4110 and 2140 firewalls managed by FMC

Go to solution
ABaker94985
Spotlight
Spotlight

‎02-01-2022 11:52 AM

We have an internal initiative to get external BGP up and running; however, we won't have the routers available until next FY. We're looking at using the FTDs to get a summary route from the peers, but I have some concerns. We recently tried to configure two instances of EIGRP with the 4110's, which wasn't supported. We also were not successful with the TAC in getting EIGRP and OSPF redistributed in both directions. I have some questions about BGP on the FTDs:

1) Is this stable?

2) Can you run BGP to two different ISPs (obviously with two different ASNs) on two different interfaces simultaneously?

3) When doing #2, are there problems with NATing, e.g. same public IP for a host on two different public interfaces but the same internal interface? Are there problems with asymmetrical routing with traffic going out to one ISP but returning on another ISP connected to a different interface?

4) Are there any other limitations or considerations?

The FTDs and FMC are either running or will soon be running 7.0.1.

 

Thanks, all. 

1 Accepted Solution

Accepted Solutions

Go to solution
ABaker94985
Spotlight
Spotlight
In response to ABaker94985

‎02-08-2022 02:01 PM

Someone came up with some money to purchase routers. I'm still not sure what the issues would be with BGP on the Firepowers, but I'll close this down for now. 

View solution in original post

7 Replies 7

Go to solution
MHM Cisco World
VIP
VIP

‎02-01-2022 12:05 PM

can you draw the topology?

0 Helpful

Go to solution
ABaker94985
Spotlight
Spotlight
In response to MHM Cisco World

‎02-03-2022 06:44 AM

 
 

Here is the layout. Thank you.

Preview file
36 KB
0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to ABaker94985

‎02-03-2022 09:30 AM

so you both the Outer SW can not support BGP ?

0 Helpful

Go to solution
ABaker94985
Spotlight
Spotlight
In response to MHM Cisco World

‎02-03-2022 10:34 AM - edited ‎02-04-2022 06:07 AM

Negative, the switches don't support BGP. We'll be purchasing L3 switches or routers next FY, but until then, we don't have any hardware on hand we can use. That's what's driving us to use BGP on the Firepowers, but I'm not 100% confident we won't have some issues.

 

0 Helpful

Go to solution
ABaker94985
Spotlight
Spotlight
In response to ABaker94985

‎02-08-2022 02:01 PM

Someone came up with some money to purchase routers. I'm still not sure what the issues would be with BGP on the Firepowers, but I'll close this down for now. 

Go to solution
MHM Cisco World
VIP
VIP
In response to ABaker94985

‎02-08-2022 05:01 PM - edited ‎02-08-2022 05:15 PM

We by connect both ISP to one router and then connect this router to both FTD remove the chance of asymmetric flow, asymmetric flow meaning the FTD receive return traffic and drop it. 
some feature as TCP-bypass use for this case but still there is chance for drop. 
with one router connect, the FTD have one point to internet and router have one point to internal subnet.
if the FTD failed then the router will shift this traffic to other FTD. 

0 Helpful

Go to solution
ABaker94985
Spotlight
Spotlight
In response to MHM Cisco World

‎02-09-2022 06:21 AM

I agree this makes the most sense to do, so I'm glad we're able to move forward with this solution. Thank you for your time.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card