05-12-2022 12:41 PM
We are converting an active/standby ASA pair to FTD. We decommissioned the old standby and set it up as the new FTD primary, managed through FMC. Once we tested that for a while, we have wiped the old ASA primary and have installed the same version of the FTD image on it (and brought FXOS to the same version too). It is registered to the FMC also, and we are ready to set up the HA pair. This doesn't wipe anything from the existing FTD primary, does it? It's in production use. I wanted to ask before trying it.
05-12-2022 12:48 PM
@spfister336 no, during configuration, the primary unit's policies are synchronized to the secondary unit.
05-12-2022 12:52 PM
OK, thank you.... we're trying this kind of late in the day and I didn't want to deal with any surprises.
05-12-2022 02:21 PM
Everything seemed to go OK with the HA setup, but I wasn't sure where to get the MAC addresses for the virtual MAC address step, so I haven't put anything in yet. Where do I get those?
05-12-2022 02:59 PM
You can add your own MAC as an example shown below :
Note: some notes mentioned well to have, some have different, I have 2 different setups one with MAC (which cisco suggested the way I deployed) and one without any MAC configured, (done before we took over and test) both working as expected.
More information can be found in the link provided by other posts.
05-13-2022 06:32 AM
Do I just make up MAC addresses?
05-13-2022 08:17 AM
You can as long as the format is good and are not being used in the Network already
I have seen people using the Same MAC address as the existing ASA on the FTD so there is no downtime with respect to ARP cache and mac address table entries
05-13-2022 12:28 PM
You do not need to make up MAC addresses. If you do not provide "user defined" MAC then the FTDs will generate their own.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide