X I humbly apologize for such a long break, and thus missing a reply to this.... You can run clustering with a SINGLE chassis and multiple FPR. Its called intra-chassis cluster. Covered here for example: www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212698-configure-ftd-clustering-on-fp9300-intr.html

@@NathanStapp no worries whatsoever, thank you very much for your help!

Mandaar, the pupose of copying the Config from FW1 to FW2 is to bootstrap the configuration (save you time so you dont have to type EVERYTHING again). What probably doesn't seem to make sense (but actually does when you think about it) is the fields that you have to populate are fields that are IMPOSSIBLE for the machine to determine for you. Passwords are obfuscated, so those cannot be exported and copied, hostnames are unique so the machine cannot divine what it is supposed to be, chassis # cant be determined because this might be chassis 4, or 5, or 6 up to 16 in the cluster...., IP cannot be determined from an existing ip in config. The rest of the fields that are empty, like search domain is because it is optional, and I did not populate that on the first box :)

@@NathanStapp ah got it.....much informative, Thank you :) :)

Navdeep, No you cannot. Firepower Device Manager (FDM) is only for local management of a firepower device. Local management cannot be used if you are part of a cluster, as the cluster must be managed by the same manager which means a remote manager. In this case Firepower Management Center (FMC). Thanks for the question!

Hey there! The 2.4(1.222) that you see above @ 00:01:10 is the FXOS version, (which supports FTD/FMC 6.3). 00:07:15 is where you will find the FTD version is 6.3. However to directly answer your question, YES the instructions above apply to FTD 6.3. Let me know if you have anymore questions!

Hi nathan how u solve the issue discovery failed due to internal error while registering ftd to fmc iam facing same issue

@@smithandro6124 My apologies for such a long time before response. This can be caused by many issues and the simplest way to start troubleshooting this would be to view "sam.log". This will likely give you a plain english reason for the failure.

I don't have one drawn out because this video only focused on the clustering of the firewalls. To be honest, after publication, I realized I probably should have shown the switch ether-channel configuration or linked to another video that prescriptively went into that configuration.

@@NathanStapp in case I have 2 direction data outside and inside. Do I must configure Portchannel 10 for outside and port channel 20 for inside. and when is a NGIPS, is in iline pair comnfigure in FMC?

Harwinder, I apologize for such a long wait before response. I have a newborn in the house! :) As always the specific model device, code version, and intent are important in any answer, based on what you have told be I give the following information. Anyways, there are two types of VPN's and which one you needs changes the requirements. For Site-2-Site VPN's you can cluster OR HA, however the mechanics should be understood when you do this, I would recommend reading the "Guidelines and limitations" here: www.cisco.com/c/en/us/td/docs/security/firepower/650/configuration/guide/fpmc-config-guide-v65/firepower_threat_defense_site_to_site_vpns.html. For Remote access VPN's (RAVPN's) only HA is supported, this is documented here under guidelines and limitations: www.cisco.com/c/en/us/td/docs/security/firepower/650/configuration/guide/fpmc-config-guide-v65/firepower_threat_defense_remote_access_vpns.html#reference_xby_dml_wy. Hope this helps!

happy to help! Ill be posting more relatively soon!