Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5539
Views
10
Helpful
3
Replies

Backing up a Virtual FMC

matty-boy
Level 1
Level 1

‎03-12-2019 07:50 AM - edited ‎02-21-2020 08:56 AM

Hi guys,

One of our customers has a virtual FMC running on VMWare.

I had assumed that the best method for backing up the FMC would be to take VMWare snapshots.

However, I've just read this: https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/fmcv/fpmc-virtual/fpmc-virtual-vmware.html#id_82728

Which states the following:-

###################################################

Limitations

The following limitations exist when deploying for VMware:

  • Cisco Firepower Management Center Virtual appliances do not have serial numbers. The System > Configuration page will show either Noneor Not Specified depending on the virtual platform.

  • Cloning a virtual machine is not supported.

  • Restoring a virtual machine with snapshot is not supported.

  • Restoring a backup is not supported.

  • VMware Workstation, Player, Server, and Fusion do not recognize OVF packaging and are not supported.

###################################################

 

So this suggests that restoring from a snapshot is not supported. Does it just not work, or can it cause some kind of corruption (I don't see how) or what?

 

Without the ability to use snapshots, if the VM or host was to have some sort of catastrophic failure, the only option would be to re-install it from fresh, apply any patches and VDB to match what was running before and then restore from an FMC application backup. This would take much longer than a snapshot restore. :(

 

Anyone got any thoughts on this?

 

Thanks,

Matt.

1 person had this problem
Labels:
0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-13-2019 08:12 AM

Snapshots can break running systems with underlying databases. This is also true for ISE. If you shutdown the server and snapshot it while it's quiescent, it should be OK.

Just my suggestion - not TAC-approved or an official Cisco position.

NeWGuy1109
Level 1
Level 1
In response to Marvin Rhoads

‎11-21-2019 02:52 AM

Hello, Just trying to understand the statement...
FMC snapshots can only be taken after shutting down the FMC ? also, wudnt snapshot work in case of a single FMC restoration ?
Thanks
0 Helpful

nspasov
Cisco Employee
Cisco Employee

‎11-21-2019 07:06 PM

Snapshots are not supported and definitely not recommended. I have personally tested this before and you run into a lot of issues especially if the snapshot was taken before any configuration changes/updates were made. 

The best thing to do here is to utilize the supported backup/restore or move to an H/A solution which at the moment requires hardware appliances. 

Thank you for rating helpful posts!

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card