Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1314
Views
0
Helpful
5
Replies

SM56 and NM (4 x 40G) module support on Firepower 9300?

Sumanta Ghosh
Level 1
Level 1

‎08-25-2021 04:26 AM

Hello Experts,

 

Existing FPR 9300 has below modules:-

 

SM24 with ASA SW and on-board 8 x 10GE optical ports. Can we add 2 x SM56 and 2 x FPR9K-NM-4X40G to same FPR 9300 chassis? Will it support that much backplane bandwidth with 40G modules? How much firewall throughput we can get in the firewall module SM56?

 

Can we put them into existing ASA cluster running on SM24 or we will have "2 x new firewalls" with 2 SM56? We have Nexus 3548-X switches for firewall clustering as per Cisco documentation.

 

 

Regards,

Sumanta.

 

0 Helpful
5 Replies 5

Sumanta Ghosh
Level 1
Level 1

‎08-26-2021 01:19 AM

Hi @Marvin Rhoads 

 

Can you please assist?

 

 

Regards,

Sumanta.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-28-2021 07:43 AM

You can add different module types in a chassis, but all modules in a given cluster must be identical.

So the new modules could only be used for new logical devices or device instances.

Please reference BRKSEC-3032 from Cisco Live for many more details.

0 Helpful

Sumanta Ghosh
Level 1
Level 1
In response to Marvin Rhoads

‎08-28-2021 09:16 AM

Hi Marvin,

 

Thanks. In existing chassis, 1 x SM-24 module is used, but during clustering, it also added "empty" modules in the cluster. So, do I need to reset everything and start from scratch? I guess only ASA config can be backed up and restored. The PDF does not describe ASA clustering in details.

Also, back plane physical connections are not explained much.

 

Regards,

Sumanta.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Sumanta Ghosh

‎08-28-2021 08:31 PM

I'm not positive about the empty modules in the existing ASA cluster.You may need to backup the ASA config and start again with bootstrap. I'd recommend consulting with a Cisco TSA (technical solutions architect) or TAC first though as this is a pretty unusual use case.

Also, what FXOS release are you running? It was only with 2.6+ that we can mix logical devices in a chassis.

https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/fxos261/release/notes/fxos261_rn.html#id_113895

You might also find BRKSEC-3035 useful:

https://www.ciscolive.com/global/on-demand-library.html?search=brksec-3035#/session/1542224329879001ro1t

 

0 Helpful

Sumanta Ghosh
Level 1
Level 1
In response to Marvin Rhoads

‎08-29-2021 11:20 PM

Hi Marvin,

 

Thanks. Only issue is SM24 is end of sale, so we can't purchase anymore. Let me see what I find in the docs you shared.

FX-OS we can always upgrade.

 

Regards,

Sumanta.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card