Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1701
Views
0
Helpful
1
Replies

SourceFIRE module clustering?

mythosmc1
Level 1
Level 1

‎06-02-2015 08:27 PM - edited ‎03-12-2019 05:41 AM

If I am running two ASAs in cluster mode, is there any special configuration I need to do on the sfr modules ?

Does the pair of clustered ASAs forward traffic to both sfr modules?

The documentation is very vague on the topic of sourcefire clustering, all it really says is "keep consistent policies on the sfr modules and dont use zones for your rules"

 

Is there any additional licenses required? i.e I have 2x control + protect however only 1 AMP / URL license

Does that mean only one of the SFR modules can process Malware and URL filtering?

 

Any help would be greatly appreciated

 

thanks

 

Labels:
0 Helpful
1 Reply 1

miculp
Cisco Employee
Cisco Employee

‎06-03-2015 09:36 PM

Modules are cluster-unaware. They will operate as if they are sitting in a standalone firewall so you'll need to configure your class mappings accordingly.

Zones work perfectly fine in clusters, HA pairs, standalone firewalls. Have at it.

 

You will need one license for each module, so yes, only one of your modules will have Malware and URL filtering.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card