Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6321
Views
21
Helpful
6
Replies

Affect on FTD traffic during Firepower Management Center restart

Go to solution
rgnelson
Level 1
Level 1

‎01-23-2018 04:16 PM - edited ‎02-21-2020 07:12 AM

We're running a pair of ASA5516's with FTD in a failover pair, in transparent mode. The whole config was pressed into service very quickly..... but is working well. We have to restart the Management Center but we made no notes as to what happens to traffic while Management center is restarting. I've gone through the docs and its jut not clear. 

 

Will traffic continue to flow on FTD while the management center restarts? Or is this the kind of question that depends on many configuration settings? 

 

 

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-24-2018 11:10 PM

Generally speaking the impact is negligible. Any managed devices stay online and continue to enforce the current policy deployed to them.

 

Some URL lookups or File (AMP) checks may be affected if you are using those features. IPS features should not be affected except of course no Security Intelligence updates will be available until the FMC restart completes.

View solution in original post

6 Replies 6

Go to solution
vaibhav.parlekar1
Level 1
Level 1

‎01-23-2018 08:45 PM

I think your firewall should continue working with the last deployed policies by the FMC. the reboot of the FMC should not impact the traffic flowing through the firewall.

 

Vaibhav

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-24-2018 11:10 PM

Generally speaking the impact is negligible. Any managed devices stay online and continue to enforce the current policy deployed to them.

 

Some URL lookups or File (AMP) checks may be affected if you are using those features. IPS features should not be affected except of course no Security Intelligence updates will be available until the FMC restart completes.

Go to solution
rgnelson
Level 1
Level 1
In response to Marvin Rhoads

‎01-25-2018 06:40 AM

Thank you both for the sanity check, exactly what I was looking for!

0 Helpful

Go to solution
a.mechoulam
Level 1
Level 1
In response to Marvin Rhoads

‎06-28-2022 10:46 AM

Hi, let go a little further on the question:

If the deployment implies AD integration (Realms) PxGrid with ISE and microsegmentation, some rules chequeing AD groups, other checking source SGT. I asume that the responsable of collecting, manteining and distributing all this info to the sensors is the FMC.

So, if the FMC is not available any of these rules would work? 

 

Thanks.

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to a.mechoulam

‎06-28-2022 11:12 AM

@a.mechoulam bindings are sent from ISE to the FMC, which in turn sends them to the FTD. If the FMC is offline during a restart, no new IP/SGT bindings will be learnt by the FTD, however the FTD will store the existing bindings for a period (from memory 24 hours) - therefore the rules should continue to work.

Go to solution
a.mechoulam
Level 1
Level 1
In response to Rob Ingram

‎06-28-2022 12:08 PM

Hi Rob, excellent!!!!!

Thank you very much!!!!

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card