01-15-2021 04:44 AM
Hi,
I've got 2 4507er as vss-bundle and two ftd 2120 (running as ha-Pair) should be connectet as Firewall into direction of the internet. The ports on the 4507er should be used as routing ports with one IP-address.
Is it possible to run hsrp on them, so that they seem to be one interface out of the sight of the firewall
Best Regards
Michael
Solved! Go to Solution.
01-15-2021 05:25 AM
Hello
@michael.busch67 wrote:
Hi,
The ports on the 4507er should be used as routing ports with one IP-address.
Create a L3 svi on the 4507 for this vlan, Create it L2 equivalent and assign the two FW ports to this vlan
01-15-2021 04:53 AM
why do you need HSRP here ?
if they deployed HA with VSS - Look at the below document :
https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/clustering/ftd-cluster-solution.html
01-15-2021 05:25 AM
Hello
@michael.busch67 wrote:
Hi,
The ports on the 4507er should be used as routing ports with one IP-address.
Create a L3 svi on the 4507 for this vlan, Create it L2 equivalent and assign the two FW ports to this vlan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide