Cisco Firepower - Automating Cellular Failover

Показать описание

In this video, we'll take a look at some Python automation I wrote recently to automatically monitor an internet connection & inject a failover route upon detecting a failure.

Links / Follow me elsewhere:

If this video was helpful to you, please consider subscribing & sharing! Thank you!

Thanks for watching!
- Matt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Chapters:
0:00 - Overview of the Project

Firewall Configuration:
2:28 - FDM Interface Config
3:45 - Security Zone Config
4:25 - NAT Policy
5:16 - Static Route Config

Firewall Automation:
6:55 - Script Options & Parameters
8:10 - Overview of Path Monitoring Script
8:55 - Overview of FirePower Script
10:25 - Testing the Failover Automation
11:40 - Test Validation
12:24 - Testing Fail-Back

Standard Disclaimer: Any comments / opinions here are my own, and do not represent my current or former employers.

Рекомендации по теме

Комментарии

Cool idea! I'm thinking about quiting my adsl connection as a backup and switch to cellular. So this can come in very handy. Thanks for sharing!

jaapkamstra

Oh ok. This is neat. You can probably do this also with the cellular phone service Visible and a LTE router too.

TuPhonezFree

I wonder if you could achieve failover using IP SLA option built into the FDM?

lilseezy

What device are you using to monitor the connection on a loop? are you using a raspberry pi. Also how are you running it on a loop to check the connection?

Braddeman

Which version of ios you have? Have not option for SLA.
Thank you!
Great job!

dimitrigural

Hi. Great video and I watched the one about Google Fi with the Netgear LB1121 POE unit. I recently purchased that unit along with Google Fi data service and a POE switch to setup failover cellular internet service in case my home internet connection gets flaky (as it sometimes does since the pandemic hit) as I am trying to build a startup livestreaming business for my livelihood. With your very helpful video, I was able to setup the LB1121 and activate it with Google Fi (and disable T-Mobile in the Netgear dashboard per your demonstration). But as it pertains to setting up this modem as a failover for my home internet connection, while I do have an unmanaged switch with POE, I don't have networking knowledge and what you described is Greek to me. Any chance you might be open to setting this up for me remotely and could provide an estimate for your time for that? Thank you for your consideration. Best regards, Mike

MikeGrayeb

Hi all i was able to set up dual ipsla with 2 isp

Big

Cisco Firepower - Automating Cellular Failover

Cisco Firepower - Automating Cellular Failover

Pluralsight Course - Automating Cisco ASA and Firepower Policies Using APIs

The Cisco Firepower 4100 | Product Specification | Firepower 4100 Product Video | 3D view

Cisco Firepower 1010 Unboxing and First Look

Cisco Firepower with CML lab demos // Get started with Firewalls today

Cisco ASA5506-X with Firepower Services - Partner version

Cisco Security NGFW Overview & Updates

Smart Licensing Overview

cisco asa + cisco firepower

Firepower 6.7 Release Demonstration (Part 6 of 9) - Health Monitoring

Cisco Firepower Next Generation Firewall 6.6 Basics Lab v1.5 - Trailer

Cisco Catalyst Center Automation 2-min. Demonstration

Cisco Secure Workload: Agentless with Firepower Threat Defence

4. Cisco Firepower Threat Defense: Firepower Device Manager (DHCP Server)

Cisco Firepower 1000 Series NGFW

CIsco FIrepower NGFW NAT 4

Security Stack Change Management Demo with Cisco Firepower

Cisco ASA5506-X with Firepower Services - Customer version

Cisco Firepower: AMP Unity! Integration with Cisco Secure Endpoint

Cisco Firepower vs Fortinet FortiGate: But which is preferable?

Cisco XDR Automation: Building a Workflow

Cisco Enterprise NFV Branch Design

Cisco and Rockwell Automation

We use 66 different box sizes from a WIC module right up to an ASR9000 chassis. #cisco