I would like to ask how can we manage muliple ISP connection and Partner Connections in Cisco 2100 Firepower Firewall
1- Mulitple context
2- Zone base firewall
3- policy base routing/ flex-config
Thanks for your repsonse
If you are using FTD code in FPR2100, then you don't have option for multi-context/multi-instance.
For failover, you can do IP SLA. For load balancing, you can achieve only equal cost milulti-path load balancing if you define multiple static routes across single interface.
Alternatively you have also option to do PBR. For partner traffic segregation, you can rely on zones base interfaces and policies.
So in summary, options you have with FTD code are:
PBR, IP SLA ( if failover required), Equal cost multi-path and zone base policies
Thanks awais for your reply.
Could you confirm the following for IPSEC VPN License requirment for FIREWPOWER 2140 ?
if we have this License,Threat, Malware and URL License with 3 years subscription. this licence includes flex vpn license for ipsec vpn or should we purchase flex-vpn License seperately. thanks
There is no seperated license required for ipsec site-to-site VPN, only seperate license required for any connect Remote Access VPN
Regarding Flexvpn, it is supported on Cisco IOS Routers not on ASA/FTD firewalls.