Solved: Re: Firepower Sensor distribute deployment

Jing Hong Li · ‎12-19-2017

I would like to deploy a FMC at HQ site, and with firepower sensor(firepower appliance, asa with firepower service, ftd) deploy at remote site, is there some prerequisite to meet this deployment requirement ? such as:

1.HQ site and remote site minimum bandwidth

2.HQ site and remote site minimum RTT, delay, and jitter

3.need QoS policy to guarantee the FMC and sensor traffic ?

Thanks!

Bogdan Nita · ‎12-19-2017

1. 256 kbps for policy push.

2. I wasn't able to find a guideline. It shouldn't be that important, as long as the values are reasonable for tcp traffic.

3. Yes, if you want to be able to push the polices in a timely fashion, the other necessary downloads can be scheduled.

https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212043-Guidelines-for-Downloading-Data-from-the.pdf

View solution in original post

Marvin Rhoads · ‎12-19-2017

Bandwidth up from sensor to the managing FMC can vary greatly. Event reporting will consume, on average, 700 bytes/event. So that's 5600 bits x your anticipated number of events per second (EPS).

Since the EPS rate can vary by orders of magnitude among customers (and even across sensor deployment at a given customer), you need to do the math on that bit yourself.

View solution in original post

Bogdan Nita · ‎12-19-2017

1. 256 kbps for policy push.

2. I wasn't able to find a guideline. It shouldn't be that important, as long as the values are reasonable for tcp traffic.

3. Yes, if you want to be able to push the polices in a timely fashion, the other necessary downloads can be scheduled.

https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212043-Guidelines-for-Downloading-Data-from-the.pdf

Jing Hong Li · ‎12-19-2017

Thanks for reply and the doc.

And according this doc，It is download direction bandwidth from FMC to managed device，but how about upload direction bandwidth from managed device to FMC ? As I know there will be some event data, host info will sent to FMC from managed device.

Best Regards,

Marvin Rhoads · ‎12-19-2017

Bandwidth up from sensor to the managing FMC can vary greatly. Event reporting will consume, on average, 700 bytes/event. So that's 5600 bits x your anticipated number of events per second (EPS).

Since the EPS rate can vary by orders of magnitude among customers (and even across sensor deployment at a given customer), you need to do the math on that bit yourself.

Jing Hong Li · ‎12-21-2017

thanks Bogdan and Marvin.

bstewart · ‎03-23-2018

Firepower Appliance and ASA+Firepower can both be deployed at remote sites. FTD wasn't designed to do that very well, so you'll need to either have a separate management connection (like an extra DSL or 3G/4G wireless connection) or an alternate router or firewall that can do NAT in parallel to your ASA, because otherwise you need the connection from the FTD management port to the FMC to set up NAT, but you can't use that until the NAT is set up. (That's not a problem for the ASA+FP configuration, because you can use the ASA CLI to set up NAT, so any connection to the console or the outside port can be used to reach that.)