The documentation might get you a bit confused, but after have a chat with Cisco TAC they shed some light…..Unfortunately this design is not supported, so if you are migrating from a Old Cisco ASA platform it’s time to redesign and avoid redundant interfaces. So i had to move those interfaces to port-channel, so the trade-off was the failover if the principal switch died.
And here is the bug reported
Redundant interfaces are not supported on all FXOS platforms
“Firepower Management Center Configuration Guide, Version 6.1”
Chapter: Interfaces for Firepower Threat DefenseInformation related to Redundant interfaces should be changed
Redundant interfaces are not supported on the Firepower 9300
Redundant interfaces are not supported on the Firepower 9300, 4100, 2100Conditions:
Currently Redundant interfaces are not supported on all FXOS Platforms
After re-image FPR2110 from FTD to ASA9.8.2, the chassis (FXOS) mgmt interface UI become unaccesible giving the following error “Forbidden- you don’t have permission to access / on this server”.
In a nutshell, i could access FXOS via SSH and ASA (SSH & HTTPS) but the FXOS Chassis Management was broken. After spend some time, the only way to get this sorted was upgrade for the version 9.9.x
After upgrade, everything was working again.