how to Design DR Site FTD firewall

ShareefKooliyodan0444 · ‎03-25-2024

Hello Guys

Kindly check attached scenario and please advice how i can design and configure DR site ftd firewall

Do I required separate fmc for DR site FTD ? if not required how I will register DR site ftd in Head office fmc ?

Can I manage DR site ftd from Head office fmc ?if I can manage how I will create nat and access policy for this site separately ?

MHM Cisco World · ‎03-25-2024

the FMC can mgmt many FTD, each FTD in different site and each FTD have it config NAT and ACL, you can config NAT and then deploy it for FTD in DR.

note:- there is no attachment

MHM

ShareefKooliyodan0444 · ‎03-25-2024

Thank you , Kindly find my scenario is attached , can you share if you have any sample configuration doc or video ?

MHM Cisco World · ‎03-26-2024

sure
1. Cisco FTD Overview and Features (youtube.com)

this series of video how you config FTD

For position of FMC it can in DR (separate fmc) or fmc in head office, fmc will mgmt both ftd.

If the fmc in Head office then config acl and NAT and deploy to ftd in DR.

MHM

Rob Ingram · ‎03-26-2024

@ShareefKooliyodan0444 based on your diagram you probably want to take into consideration having FMC High Availability when the DC site is down, as the DR site currently has no way to manage the DR firewall. You can deploy a secondary FMC in the DR and promote in the event the DC site goes down. https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/admin/720/management-center-admin-72/system-ha.html

Alternatively if both sites have internet access you could consider using the Cloud FMC (cdFMC) which would have reachability to both sites.

Whether using an on premise FMC or cdFMC, both the DC and DR FTDs can share the same policies so you'd have a consistent configuration deployed at both sites.