Cisco Cisco FirePOWER Appliance 7115
Version 5.3
Sourcefire 3D System User Guide
263
Managing Devices
Clustering Devices
Chapter 5
stack becomes similarly compromised, the system does not fail over and enters a
degraded state. The system also does not fail over when one of the devices or
device stacks is in maintenance mode. Note that disconnecting the stacking cable
from an active stack sends that stack into maintenance mode. Shutting down the
secondary device in an active stack also sends that stack into maintenance mode.
Applying Policies and Updates
When you apply policies, you apply them to the device cluster instead of the
individual devices or stacks. If the policy fails, the system does not apply it to
either device or stack. The policy first applies to the active device or stack and
then the backup, so that the cluster always has one peer handling network traffic.
Clustered devices receive updates as a single entity rather than individual devices
Clustered devices receive updates as a single entity rather than individual devices
or stacks. When the update is started, the system first applies it to the backup
device or stack, which goes into maintenance mode until any necessary
processes restart and the device begins processing traffic again. The system then
applies the update to the active device or stack, which follows the same process.
Achieving Redundancy Without Clustering Devices
In most cases, you can achieve Layer 3 redundancy without clustering devices by
using the Sourcefire Redundancy Protocol (SFRP). SFRP allows devices to act as
redundant gateways for specified IP addresses. With network redundancy, you
configure two devices or stacks to provide identical network connections,
ensuring connectivity for other hosts on the network. For more information about
SFRP, see
You determine how to configure device high availability depending on your
Sourcefire 3D System deployment: passive, inline, routed, or switched. You can
also deploy your system in multiple roles at once. Of the four deployment types,
only passive deployments require that you cluster devices or stacks to provide
redundancy. You can establish network redundancy for the other deployment
types with or without device clusters. The following sections provide a brief
overview of high availability in each deployment type.
Passive Deployment Redundancy
Passive interfaces are generally connected to tap ports on central switches,
which allows them to analyze all of the traffic flowing across the switch. If
multiple devices are connected to the same tap feed, the system generates
events from each of the devices. When clustered, devices act as either active or
backup, which allows the system to analyze traffic even in the event of a system
failure while also preventing duplicate events.
Inline Deployment Redundancy
Because an inline set has no control over the routing of the packets being passed
through it, it must always be active in a deployment. Therefore, redundancy relies
on external systems to route traffic correctly. You can configure redundant inline
sets with or without device clusters.