Create a Threat Defense Cluster
You can easily deploy the cluster from the Firepower 4100/9300 chassis supervisor. All initial configuration is automatically generated for each unit.
For clustering on multiple chassis, you must configure each chassis separately. Deploy the cluster on one chassis; you can then copy the bootstrap configuration from the first chassis to the next chassis for ease of deployment.
In a Firepower 9300 chassis, you must enable clustering for all 3 module slots, or for container instances, a container instance in each slot, even if you do not have a module installed. If you do not configure all 3 modules, the cluster will not come up.
Before you begin
-
Download the application image you want to use for the logical device from Cisco.com, and then upload that image to the Firepower 4100/9300 chassis.
-
For container instances, if you do not want to use the default profile, add a resource profile according to Add a Resource Profile for Container Instances.
-
For container instances, before you can install a container instance for the first time, you must reinitialize the security module/engine so that the disk has the correct formatting. An existing logical device will be deleted and then reinstalled as a new device, losing any local application configuration. If you are replacing a native instance with container instances, you will need to delete the native instance in any case. You cannot automatically migrate a native instance to a container instance.
-
Gather the following information:
-
Management interface ID, IP addresses, and network mask
-
Gateway IP address
-
management center IP address and/or NAT ID of your choosing
-
DNS server IP address
-
Threat Defense hostname and domain name
-
Procedure
Configure interfaces. |