The effect of a single-instance FMC failure

alandean — Wed, 22 Apr 2020 18:22:26 GMT

I hvae a new FMC 6.6 VM and 2 new 4115 NGFWs. In determining whether to use high availability for FMC, what is the effect of a failed single instance FMC?

The 6.6 FMC documentation only mentions you lose event data if you only have one FMC and it fails.

Event data streams from managed devices to both Firepower Management Centers in the high availability pair. If one Firepower Management Center fails, you can monitor your network without interruption using the other Firepower Management Center.

https://www.cisco.com/c/en/us/td/docs/security/firepower/660/configuration/guide/fpmc-config-guide-v66/firepower_management_center_high_availability.html?bookSearch=true

An older thread mentions the same thing.

https://community.cisco.com/t5/network-security/fmc-6-0-down-what-happens-with-the-logging/m-p/2857651

Will my inspection and decryption on the 4115s still work normally if a single-instance FMC goes down?

And is there an issue with just restoring a FMC VM from a snapshot?

Thanks in advance.

Re: The effect of a single-instance FMC failure

Rob Ingram — Wed, 22 Apr 2020 19:55:12 GMT

Hi,
If you only have 1 FMC you won't get central logging whilst the FMC is down, you won't be able to perform cloud lookups (AMP) and if you using user identity integration you will not receive updated ip/username bindings.

VM snapshots are not supported, nor is HA on virtual appliances.

HTH

topic The effect of a single-instance FMC failure in Network Security

The effect of a single-instance FMC failure

Re: The effect of a single-instance FMC failure