Domain Issues with multiple Firewalls

gcook0001 · ‎03-09-2023

I have three FTD firewalls setup. Two in high availablitiy mode for our data center and a standalone for our office space which is in a different location. The locations are connected via VPLS. All the firewalls have the same subnets on them and are spanned across the VPLS. Here is the issue I am having. I have a vlan VLAN10 (10) with subnet 192.168.1.0/24. The active firewall in the pair has an interface with IP address 192.168.1.1, the standby 192.168.1.2, and the standalone has an IP address of 192.168.1.3.

DHCP assigns IP addresses with the default gateway set to 192.168.1.1 which works fine and the when the Windows computer connects it shows the network as the domain network "mydomain". If set a static IP address to the system but set the gateway to 192.168.1.3 then the network just shows as private network. I am trying to figure out why when I set the gateway to use 192.168.1.3 it doesn't show as connected to the domain.

balaji.bandi · ‎03-09-2023

not sure what is the issue here - but let's clarify HA setup :

>show high-availability config    <<-- show you which one is active.

If you have an HA setup always Primary will be Active and Standby will be hot standby wait for Primary to fail so hot standby will become Primary that time.

So you need to use always use active firewall IP

for reference :

https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212699-configure-ftd-high-availability-on-firep.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

gcook0001 · ‎03-10-2023

Thanks for the response. I was able to resolve the issue. I didn't realize the test system I was using was not on the domain.

The issue was not with the HA pair but with the HA pair and the stand alone firewall.