One of the Cisco Firepower Threat Defense (FTD) units in HA cluster experienced multiple failures related to hard drive malfunction which required rebuilding unit from scratch. Here are some of the pain points I had to go through to get new appliance back online and clustered. Formatting the drive failed …
Tag: 4100
After initial setup, I ran into an issue where Firepower Chassis Manager (FCM) GUI access was unavailable due to a bad password. SSH access worked fine. This can be fixed through the command line interface. Login to CLI 4110-1-A# scope security Confirm admin user exists 4110-1-A /security # show local-user User Name …
I’ll briefly touch on FTD Active/Standby setup as it greatly overlaps with the standard ASA Active/Standby configuration. For any Clustering related configuration check this link. Once both devices are individually added to FMC as described here you will need to create High Availability Pair under Devices > Add… > Add …
In Part 3 we add FTD cluster to the Firepower Management Center (FMC). Before adding devices to FMC make sure cluster is formed otherwise FMC can not distinguish between Master and Slave. You can refresh on it from Part1 and Part2. Also, since FTD relies on the Cisco Smart Licenses …
Now once Network side is configured we can move on to FTD setup. Deep dive here with CiscoLive presentation on clustering setup. Start with CCL configuration. By default, CCL uses PO 48 so start by adding physical interfaces to it on Firepower Chassis Manager (FCM) > Interfaces tab. Add physical …