Monday, April 6, 2020

Firepower multi-instance experience

Let's not get into rant about Firepower, we all know that...

On paper multi-instance tech looks rather good - full separation with independent upgrades, resource allocation and so on. I would have two FTD instances on 4000 series (two HW boxes, active/passive HA between instances), basically one external and one internal firewall. They will be managed by the same staff, but are serving different purpose and splitting them makes sense to me (currently they are two different physical FWs). They can be merged in case there are strong points against multi instance approach and going classic HW active/passive HA.

What I'm worried in case of multi-instance is more or less reliability - instances are rather new feature and are run by docker, which may not come with direct performance penalty, but that's one more layer of complexity and technology that may go wrong. And it's not like FP is free from issues even without counting this...

Feel free to share any experience with FP multi-instance deployments - stability, reliability, etc.



No comments:

Post a Comment