Cisco Cisco FirePOWER Appliance 8250
6-6
FireSIGHT System User Guide
Chapter 6 Managing Devices
Configuring High Availability
To ensure continuity of operations, both Defense Centers in a high availability pair must have Internet
access; see
access; see
. For specific features, the primary Defense Center
contacts the Internet, then shares information with the secondary during the synchronization process.
Therefore, if the primary fails, you should promote the secondary to Active as described in
Therefore, if the primary fails, you should promote the secondary to Active as described in
For more information on which configurations are shared or not shared between members of a high
availability pair, see:
availability pair, see:
•
•
•
•
•
•
•
Shared Configurations
License:
Any
Supported Defense Centers:
DC1000, DC1500, DC3000, DC3500
Defense Centers in a high availability pair share the following information:
•
user account attributes, authentication configurations, and custom user roles
•
authentication objects for user accounts and user awareness, as well as the users and groups that are
available to user conditions in access control rules
available to user conditions in access control rules
•
custom dashboards
•
custom workflows and tables
•
device attributes, such as the device’s host name, where events generated by the device are stored,
and the group in which the device resides
and the group in which the device resides
•
intrusion policies and their associated rule states
•
file policies
•
access control policies and their associated rules
•
local rules
•
custom intrusion rule classifications
•
variable values and user-defined variables
•
network discovery policies
•
user-defined application protocol detectors and the applications they detect
•
activated custom fingerprints
•
host attributes
•
network discovery user feedback, including notes and host criticality; the deletion of hosts,
applications, and networks from the network map; and the deactivation or modification of
vulnerabilities
applications, and networks from the network map; and the deactivation or modification of
vulnerabilities
•
correlation policies and rules, compliance white lists, and traffic profiles