Cisco Cisco Firepower Management Center 4000
6-8
FireSIGHT System User Guide
Chapter 6 Managing Devices
Configuring High Availability
Licenses
License:
Any
Supported Defense Centers:
DC1000, DC1500, DC3000, DC3500
Defense Centers in a high availability pair do not share licenses. You must add equivalent licenses to
each member of the pair. For more information, see
each member of the pair. For more information, see
.
URL Filtering and Security Intelligence
License:
URL Filtering or Protection
Supported Devices:
Series 3, virtual, X-Series, ASA FirePOWER
Supported Defense Centers:
DC1000, DC1500, DC3000, DC3500
URL filtering and Security Intelligence configurations and information are synchronized between
Defense Centers in a high availability deployment. However, only the primary Defense Center
downloads URL category and reputation data and for updates to Security Intelligence feeds.
Defense Centers in a high availability deployment. However, only the primary Defense Center
downloads URL category and reputation data and for updates to Security Intelligence feeds.
If the primary Defense Center fails, not only must you make sure that the secondary Defense Center can
access the URL filtering cloud and any configured feed sites, but you must also use the web interface on
the secondary Defense Center to promote it to Active. For information, see
access the URL filtering cloud and any configured feed sites, but you must also use the web interface on
the secondary Defense Center to promote it to Active. For information, see
Cloud Connections and Malware Information
License:
Any or Malware
Supported Devices:
Series 3, virtual, X-Series, ASA FirePOWER
Supported Defense Centers:
DC1000, DC1500, DC3000, DC3500
Although they share file policies and related configurations, Defense Centers in a high availability pair
share neither Collective Security Intelligence Cloud connections nor malware dispositions. To ensure
continuity of operations, and to ensure that detected files’ malware dispositions are the same on both
Defense Centers, both primary and secondary Defense Centers must have access to the cloud. For more
information, see
share neither Collective Security Intelligence Cloud connections nor malware dispositions. To ensure
continuity of operations, and to ensure that detected files’ malware dispositions are the same on both
Defense Centers, both primary and secondary Defense Centers must have access to the cloud. For more
information, see
.
User Agents
License:
FireSIGHT
Supported Defense Centers:
DC1000, DC1500, DC3000, DC3500
User Agents can connect to up to five Defense Centers at a time. You should connect agents to the
primary Defense Center. If the primary Defense Center fails, you must make sure that any agents can
communicate with the secondary Defense Center. See
primary Defense Center. If the primary Defense Center fails, you must make sure that any agents can
communicate with the secondary Defense Center. See
for
more information.
Guidelines for Implementing High Availability
License:
Any
Supported Defense Centers:
DC1000, DC1500, DC3000, DC3500
To take advantage of high availability, you must follow the guidelines in the following sections.