1.3 High Availability & Clustering Flashcards
What is the main purpose of High Availability (HA) in Firepower?
To ensure network continuity by having a standby firewall take over if the active one fails.
What is the primary difference between Active/Standby and Active/Active HA modes?
Active/Standby has one active and one passive device, while Active/Active distributes traffic between multiple contexts.
What is the Cluster Control Link (CCL) used for in Firepower Clustering?
It synchronizes session state, configuration, and data flow information between clustered devices.
How does intra-chassis clustering communicate between firewall instances?
It uses the backplane of the chassis instead of a separate physical link.
What is the key difference between Multi-Instance mode and Clustering?
Multi-Instance creates independent firewall instances, while Clustering combines multiple devices into a single firewall.
What is the advantage of using Multi-Instance mode?
It allows multiple firewalls to run independently on the same hardware, increasing flexibility and efficiency.
What is the role of a Port-Channel (EtherChannel) in Firepower?
It aggregates multiple physical links into a single logical link for redundancy and increased bandwidth.
Why is EtherChannel important in High Availability deployments?
It provides link redundancy so traffic continues flowing if one link fails.
Which Firepower feature allows multiple security modules within a chassis to act as one firewall?
Intra-Chassis Clustering.
What is the main limitation of hardware bypass ports in Firepower?
They are only supported in Inline Sets and cannot be used in HA or Clustering modes.
What is the primary difference between Active/Active and Active/Standby HA?
Active/Active distributes traffic between multiple firewalls, while Active/Standby has only one active firewall at a time.
What is the role of security contexts in Active/Active HA?
Each context has its own routing and traffic processing rules, allowing firewalls to process traffic independently.
Which HA mode is best for environments requiring redundancy but not traffic load balancing?
Active/Standby HA, as it ensures failover without distributing traffic.
How does Firepower distribute traffic in Active/Active mode?
Traffic is assigned to different firewall units based on security contexts, ensuring even distribution across devices.
What is the main difference between Inter-Chassis and Intra-Chassis Clustering?
Inter-Chassis Clustering combines multiple physical Firepower appliances, while Intra-Chassis Clustering groups multiple security modules within a single chassis.
How does Intra-Chassis Clustering synchronize information between members?
It uses the chassis backplane instead of a separate physical link like the CCL.
Which clustering type allows multiple independent Firepower units to act as a single firewall?
Inter-Chassis Clustering.
Which clustering type operates entirely within a single Firepower chassis?
Intra-Chassis Clustering.
What is a key limitation of Intra-Chassis Clustering?
It is limited to the resources available within a single chassis and cannot expand across multiple appliances.
