cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
1703
Views
6
Helpful
5
Replies
Beginner

Virtual Firepower Management Centre High Availability?

Hi,

What options (if any) are there for Virtual (VMWARE) Firepower Management Centre High Availability?

I notice in the 6.1 release notes that only physical appliances are listed and the menu isn't available in my lab virtual appliance.

- I'm looking to deploy in a Layer 3 Data Centre topology, i.e vmotion probably isn't an option.

Thanks in Advance,

Nick

1 ACCEPTED SOLUTION

Accepted Solutions
Rising star

vMotion would be an option if

vMotion would be an option if you had a l2 interconnect (although its not officially supported, it works fine)

I would recommend a DR plan.

Install a 2nd vFMC and keep the version aligned to your active vFMC. If your primary fails, import your backup into your cold standby FMC (dont backup event data or this prpcess will take > 30 minutes. Spin up your SVI to get the same network as in your other dc up and you should be done.

Let me know if that answers your wuestion

5 REPLIES 5
Cisco Employee

Hi There,

Hi There,

HA for virtual FMC isn't supported, You would need to go for physical appliance.

Thanks

Yogesh

Rate if helps.

Enthusiast

Re: Hi There,

I really find it a little puzzling that the FMC virtual does not have an HA option or even a Pri/Sec option. I mean even the ISE appliances can do this! I Feel you should be able to add multiple managers to the SFRs/FTDs and have another FMC just sitting waiting and you can promote it to primary. 

 

Rising star

vMotion would be an option if

vMotion would be an option if you had a l2 interconnect (although its not officially supported, it works fine)

I would recommend a DR plan.

Install a 2nd vFMC and keep the version aligned to your active vFMC. If your primary fails, import your backup into your cold standby FMC (dont backup event data or this prpcess will take > 30 minutes. Spin up your SVI to get the same network as in your other dc up and you should be done.

Let me know if that answers your wuestion

Beginner

Re: vMotion would be an option if

What is a DR solution? I'm looking for a solution that would work for HA across 2 subnets in remote locations. Would ESXi work in that case?

Highlighted
Hall of Fame Master

Re: vMotion would be an option if

For Disaster Recovery of Firepower Management Center you need to either:

 

a. Use hardware appliances that support HA, or

b. Do a backup/restore scheme outside the context of Firepower itself. If the subnet does not exist in the remote location, you won't be able to easily restore as device registration etc. will be broken.

c. Manage the DR site appliances with an FMC at the DR site. (Of course this would not address any appliances at other sites.)

 

Note that most features continue to work fine in the absence of the FMC.

CreatePlease to create content
Content for Community-Ad

Spotlight awards-March 2019