Firepower design between campus and datacenter

boonsue_pat · ‎11-08-2018

For more question so I will provide you more information design Firepower 2130 , and proposed catalyst 9400 with sup1 that design to use VRRP or HSRP, but at the nexus5672UP side design for vPC and I design to connect the network diagram as attach ? I would like to connect the diagram as I attach because I have only 4 port 10G for each firepower (I can not propose stackwise license and addition network module for firepower because the budget is limited)

For the 4 port 10G I use as follow.
2 port for inside and outside, 1 port for failover and 1 port for stateful failover.

If my customer do not have much traffic and from the firewall throughput is 4.75 Gbps, Can I design stateful failover link for 5 Gbps and failover link 5 Gbps with etherchannel port

Please see my diagram below. For the firepower if one interface down the secondary unit will active immediately right ?

So I think the diagram should below recommend please.

k.nandakumar · ‎11-08-2018

Link Failover will only sync link status, would use very low bandwidth, Statefull also will only sync Connection info with standby unit. 10G is more then enough for both together.

Single 10G for both Stateful and link Failover is sufficient, for redundant purpose you can use PortChannel.

I don't think you'll be able use allocation 5Gbps per Stateful or Failover using PortChannel.

Firepower design between campus and datacenter

AnyConnect Certificate Based Authentication.

Getting past intermittent/unexplained 802.1x problems on Windows 7

Insights About Multiple Vulnerabilities in Cisco Discovery Protocol Implementations (CDPwn)