cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2818
Views
5
Helpful
8
Replies

Changing FMC's IP address in H/A setup

IamSamSaul
Level 1
Level 1

Hello,

 

Is there any "easy" way/recommended/best practices how to change IP address of FMC with two Cisco Firepower devices in HA setup? I know that we have to break the HA and to re-configure the network interfaces and routing. Is there any procedure on how to achieve this with minimaal disruption? 

 

Thanks & Regards,

Sam

8 Replies 8

balaji.bandi
Hall of Fame
Hall of Fame

Since its Manangment not have any Service interuption -  (Hope you are not doing any config change on FTD ?)

 

check the below :

 

https://ciscotom.com/2021/01/31/cisco-firepower-change-ftd-ha-management-ip-addresses-for-the-fmc/

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi Balaji,

 

Thanks for your reply. I'm only changing the IP address of FMC. In the link you have posted they are changing the IP addresses of HA FTD's being administered by FMC. In my case I would like to change the IP address of FMC instance itself. I have read that I have to break-down the HA setup and because of I have to add the FTD's again to the FMC with the new IP address and then configuring the network interfaces and routing etc (except the Policies and NATs).

 

Thanks & Regards,

Sam

I may have given different information, FMC changing IP you can do, Make sure FTD register back with new IP address.

 

Since IP change of FMC, do it at console.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Your migration is probably already done but in case anybody else runs into this refer to https://www.cisco.com/c/en/us/td/docs/security/firepower/670/configuration/guide/fpmc-config-guide-v67/firepower_management_center_high_availability.html#id_21249 

 

After changing the ip address of FMC you will need to edit the ip address in the HA configuration as well for FMCs to re-sync again.

Amine ZAKARIA
Spotlight
Spotlight

@IamSamSaul ,

 

What is the version of the FMC and FTD ? i did some FMC management ip change, after ip change from the FMC CLI the sftunnel goes down for couple of minutes 7-15 min and the contact re-established automatically with the FTD's. 

For the best practices open a TAC ticket just in case.

 

--

Don't forget to rate helpful posts.

Thanks for your reply.

Both FMC and FTD are 6.5.x.

@IamSamSaul ,

 

I did it for version 6.3 6.4 6.6 and 6.7, the FTD's re-register automatically with the new FMC ip after couple of minutes.

 

FYI in version 6.7 Cisco introduced the command configure manager edit for this purpose.

 

To re-mention the TAC is always the best choice in operations like this.

 

--

Don't forget to rate helpful posts.

 

 

Hi Amine,

Thanks for your reply.

As you mentioned I'll engage Cisco TAC to be on the safe side.

Regards,

Sam
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: