Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1027
Views
5
Helpful
4
Replies

Would you put FTD and FMC 6.7 in a busy production environment???

AlexPi
Level 1
Level 1

‎03-10-2021 02:06 AM - edited ‎03-10-2021 02:07 AM

Hello All,

 

For the past year or so we have started using solely FTD devices, managed via FMC, for some of our main sites. In one of those sites we want to accommodate site-to-site VPN failover via the the pair of FTDs on site (2140). Unfortunately this feature only became available on version 6.7, which was released in November 2020. 

 

Does any of you have experience and any feedback in using 6.7 in production environments? Are there any risk that I should consider versus 6.6?

 

Any feedback that can help in making a more informant decision is very welcome!

 

Thanks in advance!

------------------------------------------------------------------
If this was helpful, please vote as helpful by clicking on the star icon below.
-------------------------------------
Labels:
0 Helpful
4 Replies 4

Rob Ingram
VIP
VIP

‎03-10-2021 02:37 AM

Hi @AlexPi 

Which VPN feature are you referring to VTI or IKEv2 multi-peer?

Is this FTD going to be dedicated VPN appliance or your main firewall as well?

If dedicated VPN appliance I'd consider using 6.7 especially if that version only has the feature you require. I've not had any major issues, but obviously different organisations using other features may have experienced issues. Your mileage may vary.

Beware that 6.7 is a short-term release of FTD.

HTH

0 Helpful

AlexPi
Level 1
Level 1

‎03-10-2021 04:07 AM

Hello Rob,

 

Thanks for your reply. The pair of FTD on the site is our main firewall and our VPN appliance. We have two ISPs on the site configured to failover, but currently we use site-to-site VPN only on one. We want to be able to do so for both ISPs fo redundancy.

------------------------------------------------------------------
If this was helpful, please vote as helpful by clicking on the star icon below.
-------------------------------------
0 Helpful

Rob Ingram
VIP
VIP

‎03-10-2021 04:22 AM

@AlexPi 

It sounds like you are referring to IKEv2 multi-peer, which allows you to create backup peers for Site-to-Site VPNs. This was released in 6.6.

https://www.cisco.com/c/en/us/td/docs/security/firepower/660/relnotes/firepower-release-notes-660/features.html

 

6.6.1 is the current cisco recommended version, so if multi-peer is the feature you require and you are concerned with 6.7 go with 6.6.1.

AlexPi
Level 1
Level 1
In response to Rob Ingram

‎03-10-2021 08:27 AM

Hello Rob,

I have completely missed this! I will have a look further and test. 

Thanks for pointing it out.

------------------------------------------------------------------
If this was helpful, please vote as helpful by clicking on the star icon below.
-------------------------------------
0 Helpful
Customers Also Viewed These Support Documents