Re: Virtual FMC questions

S891 · ‎01-23-2020

Hi ,

I have mid size network for which I am planning to buy virtual FMCs as the physical FMC1000 that we have is going to be EOS soon. I have a pair of 4110s at edge and one 2110 for testing. I am going to add a pair of 4115 in the DC. I do not have IPS monitoring on any of the Firepower.

My first question is if I get two SF-FMC-VMW-10-K9 for this setup do I run into the risk of performance and capacity? The reason I am getting two of these is because I want to share the load as I have read virtual FMCs can be sluggish if they receive slightly large volume of traffic.

The second question I had was regarding the 250 GB limit on the virtual FMC. Now I am not sure the 250 GB limit is also related to any time period. Also I am not sure what happens when the 250 GB limit is reached.

Without the IPS, I will have mainly connection events and I am hoping that two virtual FMCs can handle the load.

I hope my questions make sense and I can get some helpful responses and suggestions.

Rob Ingram · ‎01-23-2020

Hi,
Unfortunately HA is NOT available on Virtual FMC in the current version of FMC, so you could not run them as a pair. You'd have to run them independantly, which is less than ideal. I would reconsider purchasing physcial appliances.

HTH

HTH

S891 · ‎01-23-2020

Yes, I am aware of this limitation of HA. I was planning to have one vFMC manage the 4115 and the other vFMC to manage 4110 and 2110. Running on vmware we can also do snapshot and recover.

S891 · ‎04-14-2021

Just an update to the last year post. HA is now available for virtual FMC. I see this feature is available in ver 6.7.