cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

243
Views
5
Helpful
4
Replies
Beginner

Firepower Management Center

Hi,

Can i safely shut down the FMC server? I have two Firepower devices connected to this server. Is there a description of what data they exchange other than policies upon request?

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Hall of Fame Master

Re: Firepower Management Center

It depends on what features you are using.

The managed devices will continue to pass traffic but some things (like URL lookups for non-cached URLs and sending files to the AMP cloud for dynamic analysis) happen via FMC. Also, the periodic (every hour or so) Security Intelligence updates are being pushed from FMC to the managed devices.

Of course the FMC is also the most common destination for any logged connection and intrusion events so it being offline will mean they cannot be synced from the managed devices. Some will be queued on the managed devices pending synchronization but that's limited.

I would not normally recommend shutting down the FMC in a production environment without an approved maintenance window. I would certainly never take it offline and leave it that way.

4 REPLIES 4
Beginner

Re: Firepower Management Center

Hi,

 

You can simply login in fmc and go to  system configuration and click on process  you will get option to shutdown FMC 

Beginner

Re: Firepower Management Center

I know how do this. I need to know how safe it is to do on prod.
Beginner

Re: Firepower Management Center

You need to elaborate, what do you mean by 'is it safe'?

Highlighted
Hall of Fame Master

Re: Firepower Management Center

It depends on what features you are using.

The managed devices will continue to pass traffic but some things (like URL lookups for non-cached URLs and sending files to the AMP cloud for dynamic analysis) happen via FMC. Also, the periodic (every hour or so) Security Intelligence updates are being pushed from FMC to the managed devices.

Of course the FMC is also the most common destination for any logged connection and intrusion events so it being offline will mean they cannot be synced from the managed devices. Some will be queued on the managed devices pending synchronization but that's limited.

I would not normally recommend shutting down the FMC in a production environment without an approved maintenance window. I would certainly never take it offline and leave it that way.