02-16-2023 11:51 AM
Hello,
Currently, we are running a single FMCv with one FTD located at each of our data centers pointed to it. We will be introducing a secondary FTD setup in HA mode soon. We had an issue this past month that flushed out some design flaws in our setup. Our FMC wasn't available during this last outage, and our backup datacenter is really designed for major DR issues, not HA. This got me thinking about creating another FMC in our backup datacenter and pointing the soon-to-be-two FTDs to this FMC. I'm not a server guy and was told it's not really feasible to spin up portions of our VM environment in case of future events like this one, but I can get another FMCv at this location. Ultimately, our overall failover design needs to be more automated and designed better, but until we can get to that place, I think this is my best route. Besides having two places to manage my FTDs, are there any real negative drawbacks to this solution?
Thanks
02-16-2023 12:00 PM
@dcanady55 are you saying have 2 separate FMCs (not an HA pair) each managing the local FTD's? If so, obviously you'd gain the independant mgmt, so you can still manage the local FTD in case of loss of connectivity to the other DC, but you'd be duplicating the configuration, unless you automate the configuration. You'd not have visibility of all the FTDs in one pane of glass.
How about using the cloud delivered FMC to manage all the FTDs? Each DC would have independant (hopefully) access to the cloud for mgmt and not rely on connectivity to the other DC. You'd also not have to manage the VM and perform upgrades etc. https://secure.cisco.com/secure-firewall/docs/cloud-delivered-firewall-management-center
02-16-2023 12:37 PM
Hi Rob,
"are you saying have 2 separate FMCs (not an HA pair) each managing the local FTD's?" Yes. I did read a little bit about FMC's in HA but wasn't sure if those FMCs had to be in the same subnet or even within the same VM Cluster for it to function properly. I didn't know about the cloud SAAS FMC and will check that out. Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide