09-07-2021 06:10 AM
Hello,
Is there any "easy" way/recommended/best practices how to change IP address of FMC with two Cisco Firepower devices in HA setup? I know that we have to break the HA and to re-configure the network interfaces and routing. Is there any procedure on how to achieve this with minimaal disruption?
Thanks & Regards,
Sam
09-07-2021 07:05 AM
Since its Manangment not have any Service interuption - (Hope you are not doing any config change on FTD ?)
check the below :
https://ciscotom.com/2021/01/31/cisco-firepower-change-ftd-ha-management-ip-addresses-for-the-fmc/
09-07-2021 07:47 AM
Hi Balaji,
Thanks for your reply. I'm only changing the IP address of FMC. In the link you have posted they are changing the IP addresses of HA FTD's being administered by FMC. In my case I would like to change the IP address of FMC instance itself. I have read that I have to break-down the HA setup and because of I have to add the FTD's again to the FMC with the new IP address and then configuring the network interfaces and routing etc (except the Policies and NATs).
Thanks & Regards,
Sam
09-09-2021 08:42 AM
I may have given different information, FMC changing IP you can do, Make sure FTD register back with new IP address.
Since IP change of FMC, do it at console.
09-29-2021 11:44 AM
Your migration is probably already done but in case anybody else runs into this refer to https://www.cisco.com/c/en/us/td/docs/security/firepower/670/configuration/guide/fpmc-config-guide-v67/firepower_management_center_high_availability.html#id_21249
After changing the ip address of FMC you will need to edit the ip address in the HA configuration as well for FMCs to re-sync again.
09-09-2021 07:52 AM
What is the version of the FMC and FTD ? i did some FMC management ip change, after ip change from the FMC CLI the sftunnel goes down for couple of minutes 7-15 min and the contact re-established automatically with the FTD's.
For the best practices open a TAC ticket just in case.
--
Don't forget to rate helpful posts.
09-09-2021 08:14 AM
09-09-2021 09:49 AM
I did it for version 6.3 6.4 6.6 and 6.7, the FTD's re-register automatically with the new FMC ip after couple of minutes.
FYI in version 6.7 Cisco introduced the command configure manager edit for this purpose.
To re-mention the TAC is always the best choice in operations like this.
--
Don't forget to rate helpful posts.
09-09-2021 10:32 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide