It's all about failover.
We are running a couple of FirePower 4150 appliances at two different locations. They are not in cluster mode.
On top we run ASA code in Multiple Context Mode and with 20 Transparent Contexts. Active/Standby.
Port-Channel 1 is used for Zone Traffic Inside and Outside (Subinterfaces, ie. Po1.2048 and Po1.3048)
Port-Channel 2 is used for Failover (2 Subinterfaces STATE and LAN)
Port-Channel 3 is used for Management Access
If I run "show failover" I see: "admin Interface management (10.9.200.34): Normal (Monitored)".
No other interface is monitored.
I guess it would make sense to monitor Port-Channel 1 as well.
1. The FirePower appliance does not communicate to its mate, so Port-Channel 1 must be monitored on the ASA (Subinterface). Correct?
2. Does it make sense to monitor more than 1 Subinterface of Port-Channel 1?
3. I often read, that only the Inside Interface should be monitored. Why not Outside as well? (on our ASA-5555 VPN Gateways we do so.)
4. Does it even make sense to monitor Port-Channels for failover, as they provide redundancy anyway?
Any input is highly appreciated. Many Thanks.