cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


4642
Views
10
Helpful
7
Replies
Beginner

Backing up config, FTD and vFMC.

 

 

Hi.

I am most of the way through implementing an ASA 5508-x, controlled by a vFMC. Both are running 6.2.2.0 of the FTD and FMC software.

Since the configuration is quite complex, and I would hate to have to do it all again from scratch, I figured that backing it up would be a good idea. When I go to  System>Tools>Backup/restore, I see options for "Firepower Management Backup"and "Managed Device Backup."This seems logical; one backs up the vFMC, the other the ASA 5508-x.

Going to "Firepower Management Backup", I was indeed able to create and pull down a 270Mb .TAR file. Looks good!

When I go to "Managed device backup" however, I am greeted with a blank box of "managed devices", and cannot kick off a backup.
Capture.JPG

So, Questions:

1. Should the managed ASA 5508x be listed here as a managed device that I can backup?
2. If not, if the configuration and other data required to restore the ASA 5508x included in the "firepower management backup".

I want to be in a position where I can restore both the FTD and vFMC in the event of a catastrophic hardware failure. Probably better to sort this out now as opposed to when a device catches fire or gets stolen or something.


 

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Master

Re: Backing up config, FTD and vFMC.

Managed device backups are only for classic Firepower appliances - not for ASA firepower service modules or FTD appliances.

 

Your FMC backup has all the policies and other settings for your ASA 5508 running FTD. To recover from scratch (say a hardware failure requiring RMA), you would have to at least bootstrap FTD on the ASA with the proper FTD software revision and then register it to your FMC and then redeploy all the policies to it.

7 REPLIES 7
Hall of Fame Master

Re: Backing up config, FTD and vFMC.

Managed device backups are only for classic Firepower appliances - not for ASA firepower service modules or FTD appliances.

 

Your FMC backup has all the policies and other settings for your ASA 5508 running FTD. To recover from scratch (say a hardware failure requiring RMA), you would have to at least bootstrap FTD on the ASA with the proper FTD software revision and then register it to your FMC and then redeploy all the policies to it.

Beginner

Re: Backing up config, FTD and vFMC.

Hello, I have the same problem with the ASA5525, I can not perform the Backup!!
Hall of Fame Master

Re: Backing up config, FTD and vFMC.

@fperalta11 as I noted on my 10-17-2017 reply, the FMC backup feature is not for ASA firepower service modules.

 

This limitation is documented in the FMC Configuration Guide as follows:

 

"You cannot create or restore backup files for NGIPSv, Firepower Threat Defense physical or virtual managed devices or ASA FirePOWER modules. To back up event data, perform a backup of the managing Firepower Management Center."

 

Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/backup_and_restore.html#concept_DF40AA6939E34B249A51AEA910226342

Re: Backing up config, FTD and vFMC.

Hello Marvin.

 

First of all, thank you for all your effort with the Firepower. You are doing a great job!

 

Anyhow, is there a possibility to recreate a configuration/policies/etc from the managed device in the case of the FMC failure (given that there is no FMC backup :) )? (almost) All data is still on the device, right?

 

Thanks

 

Hall of Fame Master

Re: Backing up config, FTD and vFMC.

You're welcome spopravak@mds.rs

 

You're right the configuration is indeed all there on the managed device. Unfortunately it cannot be retrieved in any usable way to restore to a rebuilt FMC.

Highlighted
Hall of Fame Master

Re: Backing up config, FTD and vFMC.

Note that version 6.3 added the capability to backup managed FTD devices from FMC.

Beginner

Re: Backing up config, FTD and vFMC.

Hi Marvin,

I dont really understand the use case for backing up FTD devices if we still would need the FMC to restore the backup

Unless this is for a case where we lose FMC, all created policy and have no backup

Any other advantages to having FTD device backups?