For the past year or so we have started using solely FTD devices, managed via FMC, for some of our main sites. In one of those sites we want to accommodate site-to-site VPN failover via the the pair of FTDs on site (2140). Unfortunately this feature only became available on version 6.7, which was released in November 2020.
Does any of you have experience and any feedback in using 6.7 in production environments? Are there any risk that I should consider versus 6.6?
Any feedback that can help in making a more informant decision is very welcome!
Thanks in advance!
Which VPN feature are you referring to VTI or IKEv2 multi-peer?
Is this FTD going to be dedicated VPN appliance or your main firewall as well?
If dedicated VPN appliance I'd consider using 6.7 especially if that version only has the feature you require. I've not had any major issues, but obviously different organisations using other features may have experienced issues. Your mileage may vary.
Beware that 6.7 is a short-term release of FTD.
Thanks for your reply. The pair of FTD on the site is our main firewall and our VPN appliance. We have two ISPs on the site configured to failover, but currently we use site-to-site VPN only on one. We want to be able to do so for both ISPs fo redundancy.
It sounds like you are referring to IKEv2 multi-peer, which allows you to create backup peers for Site-to-Site VPNs. This was released in 6.6.
6.6.1 is the current cisco recommended version, so if multi-peer is the feature you require and you are concerned with 6.7 go with 6.6.1.
I have completely missed this! I will have a look further and test.
Thanks for pointing it out.