Hello,

We have a pair of 2110 FTDs running version 7.4.2.1 in HA mode, currently connected to a dedicated fiber internet connection at datacenter A. I'm considering adding a cheaper secondary internet connection to set up a site-to-site VPN between datacenter A and B. However, this new provider uses PPPoE, and it seems that configuring an interface for PPPoE on the FTD in HA mode isn't possible.

My plan was to bypass the ISP's modem and connect directly to the FTD, but this doesn't seem feasible. Instead, I'm thinking of connecting the FTD to a DMZ port, then from another DMZ port back to the ISP modem, configuring the FTD port to use the network settings from the modem.

Are there any major concerns with keeping the modem in play? I can disable some functionalities and harden the device, but as long as the FTD's policies are robust, there shouldn't be any additional inherent risks, right? 

Thanks for any feedback or suggestions.