Showing results for 
Search instead for 
Did you mean: 

Firepower design between campus and datacenter


For more question so I will provide you more information design Firepower 2130 , and proposed catalyst 9400 with sup1 that design to use VRRP or HSRP, but at the nexus5672UP side design for vPC and I design to connect the network diagram as attach ? I would like to connect the diagram as I attach because I have only 4 port 10G for each firepower (I can not propose stackwise license and addition network module for firepower because the budget is limited)

For the 4 port 10G I use as follow.
2 port for inside and outside, 1 port for failover and 1 port for stateful failover.

If my customer do not have much traffic and from the firewall throughput is 4.75 Gbps, Can I design stateful failover link for 5 Gbps and failover link 5 Gbps with etherchannel port


Please see my diagram below. For the firepower if one interface down the secondary unit will active immediately right ?

So I think the diagram should below recommend please.

1 Comment

Link Failover will only sync link status, would use very low bandwidth, Statefull also will only sync Connection info with standby unit. 10G is more then enough for both together. 

Single 10G for both Stateful and link Failover is sufficient, for redundant purpose you can use PortChannel. 


I don't think you'll be able use allocation 5Gbps per Stateful or Failover using PortChannel. 

Content for Community-Ad