The stacked configuration is supported for Firepower 8140, Firepower 8200 family, Firepower 8300 family devices.
For the 83xx
up to four Firepower 8350s
up to four
a Firepower 8360 (a primary device with 40G capacity and a
an AMP8360 (a
primary device with 40G capacity and a secondary device)
a Firepower 8370 (a primary device with 40G capacity and two
an AMP8370 (a
primary device with 40G capacity and two secondary devices)
a Firepower 8390 (a primary device with 40G capacity and three
an AMP8390 (a
primary device with 40G capacity and three secondary devices)
For more information about stacked configurations, see the Cisco Firepower 8000 Series Getting Started Guide. For more information about the malware storage pack, see the Firepower System Malware
Storage Pack Guide. Firepower System Malware
Storage Pack Guide.
Do not attempt to install a hard drive that was not supplied by Cisco in your device. Installing an unsupported hard drive may damage the device. Malware storage pack kits are available for purchase only from Cisco, and are for use only with 8000 Series devices. Contact Support if you require assistance with the malware storage pack. See the Firepower System Malware
Storage Pack Guide for more information.
When you establish a stacked configuration, you combine the
resources of each stacked device into a single, shared configuration.
You designate one device as the
primary device, where you configure the interfaces for the
entire stack. You designate the other devices as
secondary. Secondary devices must not be currently sensing
any traffic and must not have link on any interface.
Connect the primary device to the network segment you want to analyze in the same way you would configure a single device. Connect the secondary devices to the primary device using the stacked device cabling instructions found in the Cisco Firepower 8000 Series Getting Started Guide.
All devices in the stacked configuration must have the same hardware, run the same software version, and have the same licenses. If the devices are targeted by NAT policies, both the primary and secondary device must have the same NAT policy. You must deploy updates to the entire stack from the Firepower Management
Center. If an update fails on one or more devices in the stack, the stack enters a mixed-version state. You cannot deploy policies to or update a stack in a mixed-version state. To correct this state, you can break the stack or remove individual devices with different versions, update the individual devices, then reestablish the stacked configuration. After you stack the devices, you can change the licenses only for the entire stack at once.
After you establish the stacked configuration, the devices act
like a single, shared configuration. If the primary device fails, no traffic is
passed to the secondary devices. Health alerts are generated indicating that
the stacking heartbeat has failed on the secondary devices.
If the secondary device in a stack fails, inline sets with
configurable bypass enabled go into bypass mode on the primary device. For all
other configurations, the system continues to load balance traffic to the
failed secondary device. In either case, a health alert is generated to
indicate loss of link.
You can use a device stack as you would a single device in your deployment, with a few exceptions. If you have 7000 or 8000 Series devices in a high-availability pair, you cannot stack a device high-availability pair or a device in a high-availability pair. You also cannot configure NAT on a device stack.
If you use eStreamer to stream event data from stacked devices
to an external client application, collect the data from each device and ensure
that you configure each device identically. The eStreamer settings are not
automatically synchronized between stacked devices.
In a multidomain
deployment, you can only stack devices that belong to the same domain.