Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
629
Views
1
Helpful
2
Replies

FMC Design

dcanady55
Level 1
Level 1

‎02-16-2023 11:51 AM

Hello,

Currently, we are running a single FMCv with one FTD located at each of our data centers pointed to it. We will be introducing a secondary FTD setup in HA mode soon. We had an issue this past month that flushed out some design flaws in our setup. Our FMC wasn't available during this last outage, and our backup datacenter is really designed for major DR issues, not HA. This got me thinking about creating another FMC in our backup datacenter and pointing the soon-to-be-two FTDs to this FMC. I'm not a server guy and was told it's not really feasible to spin up portions of our VM environment in case of future events like this one, but I can get another FMCv at this location. Ultimately, our overall failover design needs to be more automated and designed better, but until we can get to that place, I think this is my best route. Besides having two places to manage my FTDs, are there any real negative drawbacks to this solution?

Thanks

Labels:
0 Helpful
2 Replies 2

Rob Ingram
VIP
VIP

‎02-16-2023 12:00 PM

@dcanady55 are you saying have 2 separate FMCs (not an HA pair) each managing the local FTD's? If so, obviously you'd gain the independant mgmt, so you can still manage the local FTD in case of loss of connectivity to the other DC, but you'd be duplicating the configuration, unless you automate the configuration. You'd not have visibility of all the FTDs in one pane of glass.

How about using the cloud delivered FMC to manage all the FTDs? Each DC would have independant (hopefully) access to the cloud for mgmt and not rely on connectivity to the other DC. You'd also not have to manage the VM and perform upgrades etc. https://secure.cisco.com/secure-firewall/docs/cloud-delivered-firewall-management-center

 

dcanady55
Level 1
Level 1
In response to Rob Ingram

‎02-16-2023 12:37 PM

Hi Rob,

"are you saying have 2 separate FMCs (not an HA pair) each managing the local FTD's?" Yes. I did read a little bit about FMC's in HA but wasn't sure if those FMCs had to be in the same subnet or even within the same VM Cluster for it to function properly. I didn't know about the cloud SAAS FMC and will check that out. Thanks.

0 Helpful
Customers Also Viewed These Support Documents