Thank you Marvin for your clarification.

As for the management Center (FireSight), I don't see any documentation on HA. Does it not have HA capability? I ask because NCS (Cisco Prime) has the HA capability.

Thanks in advance.

Alex

Thanks again Marvin.

Marvin,

I still have my 2 ASAs in the lab along with the FireSight management. I'm afraid to register my FireSight management.  My question is if I registered the FireSight management license in my lab, will it be a problem when I bring it into production? What is the best option as far as moving the FireSight into production? Re-deploy the downloaded OVF from Cisco or captured the LAB OS and re-deploy in production? By the way, I am using VMware.

Thanks

[@alex.vue@DOC]  ,

Re the lab-production question, I wouldn't say there's any one answer that's right for every situation.

The license key that a given FireSIGHT / FirePOWER Management Center uses is derived from a combination of the model type and the VM's MAC address. So if you snapshot or vMotion the VM onto another ESXi host, the MAC address (and thus the license key) generally will transfer with it.

I'm not a VMware expert by any stretch but I know that an ESXi server dynamically generates MAC addresses for its VMs when they're created. If you import them as a fait accompli I believe it lets the MAC address stand as long as there's no conflict with one it already has allocated to another VM. 

What license are you using in the lab? You have to have a Management Center license active in order to deploy policies. If you don't have one redeemed yet then it's a moot point. Since the Management Center license is perpetual it is no harm to redeem it as soon as you are ready to use it - in lab or production. If worse came to worse and you blew it up somehow, you could always request it be rehosted by the Cisco licensing team. They're generally OK with that if it's for a legitimate reason.

Marvin,

First of all, thanks for taking your time to reply on this matter.

I dug through Cisco Guide and documentation and found this:

http://www.cisco.com/c/en/us/td/docs/security/firesight/541/virtual-install-guide/FireSIGHT-Virtual-Installation-Guide/V-Intro.html#97125

Guidelines and Limitations

The following limitations exist when deploying virtual Defense Center or devices on VMware:

• vMotion is not supported.
• Cloning a virtual machine is not supported.
• Restoring a virtual machine with a snapshot is not supported.
• Restoring a backup is not supported.

So I guess there is no HA capability available for virtual?

Will the configured policies stay on the ASA even if the FireSIGHT virtual appliance fail?

My assumption is FireSIGHT is similar to Cisco Prime Infrastructure where it pushes configs to the managed device?

Thanks,

Alex

They are a bit paranoid about the vMotion/cloning/snapshot issues. I expect that will change going forward but you're correct in citing that as the current official line.

With respect to policies - yes - if the management Center goes away or offline or is otherwise unreachable, all deployed policies remain in place and enforcing rules as configured on the managed devices. Events are stored locally on the sensor (up to its capacity) and then synced to the FMC once it is again reachable.