Cisco FirePOWER 7000 Manual Download | Manualshive

Page: 1 / 18

background image

7000 and 8000 Series Device High Availability

The following topics describe how to configure high availability for Firepower 7000 Series and 8000 Series
devices in the Firepower System:

•

About 7000 and 8000 Series Device High Availability, on page 1

•

Establishing Device High Availability, on page 6

•

Editing Device High Availability, on page 7

•

Configuring Individual Devices in a High-Availability Pair, on page 7

•

Configuring Individual Device Stacks in a High-Availability Pair, on page 8

•

Configuring Interfaces on a Device in a High-Availability Pair, on page 8

•

Switching the Active Peer in a Device High-Availability Pair, on page 9

•

Placing a High-Availability Peer into Maintenance Mode, on page 10

•

Replacing a Device in a Stack in a High-Availability Pair, on page 10

•

Device High Availability State Sharing, on page 11

•

Device High Availability State Sharing Statistics for Troubleshooting, on page 14

•

Separating Device High-Availability Pairs, on page 17

About 7000 and 8000 Series Device High Availability

With 7000 and 8000 Series device high availability, you can establish redundancy of networking functionality
and configuration data between two peer devices or two peer device stacks.

You achieve configuration redundancy by configuring two peer devices or two peer device stacks into a
high-availability pair to act as a single logical system for policy deploys, system updates, and registration.
The system automatically synchronizes other configuration data.

Static routes, non-SFRP IP addresses, and routing priorities are not synchronized between the peer devices
or peer device stacks. Each peer device or peer device stack maintains its own routing intelligence.

Note

Related Topics

SFRP

Advanced Virtual Switch Settings

7000 and 8000 Series Device High Availability

1

1
2
3
...
»

Summary of Contents for FirePOWER 7000

Page 1: ...ility State Sharing on page 11 Device High Availability State Sharing Statistics for Troubleshooting on page 14 Separating Device High Availability Pairs on page 17 About 7000 and 8000 Series Device High Availability With 7000 and 8000 Series device high availability you can establish redundancy of networking functionality and configuration data between two peer devices or two peer device stacks Y...

Page 2: ...r 8290 with another 8290 None one or all devices in either stack might have a malware storage pack Do not attempt to install a hard drive that was not supplied by Cisco in your device Installing an unsupported hard drive may damage the device Malware storage pack kits are available for purchase only from Cisco and are for use only with 8000 Series devices Contact Support if you require assistance ...

Page 3: ...hanges to the members of a high availability pair at the same time Deploy either succeeds or fails for both peers The Firepower Management Center deploys to the active device if that succeeds then changes are deployed to the standby When you deploy resource demands may result in a small number of packets dropping without inspection Additionally deploying some configurations restarts the Snort proc...

Page 4: ...ts Inline Deployment Redundancy Because an inline set has no control over the routing of the packets being passed through it it must always be active in a deployment Therefore redundancy relies on external systems to route traffic correctly You can configure redundant inline sets with or without 7000 or 8000 Series device high availability To deploy redundant inline sets you configure the network ...

Page 5: ...pletes the high availability pair and sets it to a normal status After you establish a high availability pair the system treats the peer devices or stacks as a single device on the Device Management page Device high availability pairs display the High Availability icon in the appliance list Any configuration changes you make are synchronized between the paired devices The Device Management page di...

Page 6: ...s in a high availability pair must belong to the same domain Before you begin Confirm that all requirements are met see Device High Availability Requirements on page 2 Procedure Step 1 Choose Devices Device Management Step 2 From the Add drop down menu choose Add High Availability Step 3 Enter a Name Step 4 Under Device Type choose Firepower Step 5 Assign roles for the devices or stacks a Choose t...

Page 7: ...ns on the High Availability page to make changes to the high availability pair configuration as you would a single device configuration Configuring Individual Devices in a High Availability Pair Access Supported Domains Supported Devices Classic License Smart License Admin Network Admin Leaf only 7000 8000 Series Control N A After you establish a 7000 or 8000 Series device high availability pair y...

Page 8: ... 8 Procedure Step 1 Choose Devices Device Management Step 2 Next to the device high availability pair where you want to edit the configuration click the edit icon In a multidomain deployment if you are not in a leaf domain the system prompts you to switch Step 3 Click the Stacks tab Step 4 From the Selected Device drop down list choose the stack you want to modify Step 5 Next to the General sectio...

Page 9: ...modify Step 5 Configure interfaces as you would on an individual device Related Topics Virtual Router Configuration Switching the Active Peer in a Device High Availability Pair Access Supported Domains Supported Devices Classic License Smart License Admin Network Admin Any 7000 8000 Series Control N A After you establish a 7000 or 8000 Series device high availability pair you can manually switch t...

Page 10: ...es Device Management Step 2 Next to the peer you want to place in maintenance mode click the toggle maintenance mode icon Step 3 Click Yes to confirm maintenance mode What to do next When maintenance is complete click the toggle maintenance mode icon again to bring the peer out of maintenance mode Replacing a Device in a Stack in a High Availability Pair Access Supported Domains Supported Devices ...

Page 11: ...t configure and enable HA link interfaces on both devices or the primary stacked devices in the high availability pair before you can configure high availability state sharing Firepower 82xx Family and 83xx Family devices require a 10G HA link while other model devices require a 1G HA link You must disable state sharing before you can modify the HA link interfaces If paired devices fail over the s...

Page 12: ...h state sharing the system immediately blocks the connection on the peer device or stack as well When establishing state sharing for a high availability pair you can configure the following options Enabled Click the check box to enable state sharing Clear the check box to disable state sharing Minimum Flow Lifetime Specify the minimum time in milliseconds for a session before the system sends any ...

Page 13: ...avior for more information Caution Procedure Step 1 Configure HA link interfaces for each device in the device high availability pair see Configuring HA Link Interfaces Step 2 Choose Devices Device Management Step 3 Next to the device high availability pair you want to edit click the edit icon In a multidomain deployment if you are not in a leaf domain the system prompts you to switch Step 4 In th...

Page 14: ...r of packets sent by the peer device During active use the values may not match but should be close Because the number of messages received should be close and incrementing at the same rate as the number of messages sent by the peer the number of packets received should have the same behavior For troubleshooting you should view both the packets received and the messages sent compare the rate of in...

Page 15: ...ent to the peer This data are useful in comparison to the number of messages received During active use the values may not match but should be close The number of bytes received on the peer should be close to but not more than this value Contact Support if the total bytes received is not incrementing at about the same rate as the bytes sent Tx Errors Tx errors are the number of memory allocation f...

Page 16: ...figuration in the State Sharing section of the High Availability page The HA link interface that is being used and its current link state Detailed synchronization statistics for troubleshooting issues The state sharing statistics are primarily counters for different aspects of the high availability synchronization traffic sent and received along with some other error counters In addition you can v...

Page 17: ...rations active in which case the standby peer resumes normal operation The standby peer always loses the configuration of passive interfaces Any peer in maintenance mode resumes normal operation Procedure Step 1 Choose Devices Device Management Step 2 Next to the high availability pair you want to break click the Break HA icon Step 3 Optionally check the check box to remove the interface configura...

Page 18: ...7000 and 8000 Series Device High Availability 18 7000 and 8000 Series Device High Availability Separating Device High Availability Pairs ...

Reviews:

No comments

Related manuals for FirePOWER 7000

CyBlock Mini Appliance

Brand: Wavecrest Pages: 3

Brand: Plextor Pages: 70

Brand: Watchguard Pages: 2

Brand: 3Com Pages: 154

FortiBridge-1000

Brand: Fortinet Pages: 2

Proventia Management SiteProtector SP2001

Brand: IBM Pages: 57

Brand: Nexcom Pages: 81

Brand: Nexcom Pages: 84

Brand: NETGEAR Pages: 2

Firebox SOHO 6 Wireless

Brand: Watchguard Pages: 10

Brand: Watchguard Pages: 2

PR 2080TI/12 4U

Brand: DECRYPTUM Pages: 32

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands