active/active ASA with firepower

[Dieselboy]

Came across something else new today and I'm trying to find out what is the proper supported operation:

ASA 5545 pair with firepower services (9.12 code)
Firepower modules in both ASAs with licenses
Two ASA contexts (plus 1 system context)
Each context runs on single ASA in Active/Active

What happens during failover of a context? I do not know.

The Firepower ACP would need to be applied to both firepower modules so that it was ready and waiting for a failover while the other context is actively using the firepower module (sending it traffic). However my brief look at FMC appears to have 2 firepower devices, one for context 1 and the other for context 2.

I located this relevant guide about ASA and multi context but it doesnt quite go over the exact configured scenario I've seen [1]. I'm wondering if it's not supported, and firepower is taken out-of-path during failover, or whether it supports virtual ACP / contexts.

This is not FTD.

I found a web blog which suggests it will work normally [2] and says "The Firepower appliances, when running the ASA image, come with a 10 context license. Additional licenses can be used to add more contexts. Refer to Cisco's documentation to see which licenses are supported on each model."

Does the forum have experience with this at all?


[1] - https://www.cisco.com/c/en/us/td/docs/security/asa/asa912/configuration/general/asa-912-general-config/ha-contexts.html#ID-2171-00000922

[2] - https://networkdirection.net/articles/firewalls/asamultiplecontextmode/