Solved: Re: Best Way to RMA/Replace Multiple FTD Boxes

Lucas Phelps · ‎05-10-2018

Due to the Intel clocking bug that affected multiple Cisco products, I've got to replace and RMA 20+ Cisco 5506 FirePower Threat Defense Appliance appliances.

I'd like for the devices to get the exact same configuration as the one that is getting RMA'd, in the easiest and fastest way possible.

Any tips or guidance on how to go about this?

Thank you!

Marvin Rhoads · ‎05-17-2018

@Lucas Phelps - Unfortunately not at this time.

Cisco does allow for configuration of those bits via API so it can be scripted. That's not a trivial exercise for most of us old school network engineers. We can only hope that they make this simpler moving forward.

View solution in original post

Marvin Rhoads · ‎05-11-2018

Deregister the device(s) being replaced from FMC.

Install the new one and run through basic setup to bootstrap the device.

Then register it to FMC, associate it with the same policies and deploy.

Lucas Phelps · ‎05-16-2018

For each device I add into FMC, I have to setup my interfaces, Bridge Group Virtual interfaces, IP addresses, security zones on those interfaces, etc.

Is there any way to preserve that for each device and apply it to the new hardware?

Marvin Rhoads · ‎05-17-2018

@Lucas Phelps - Unfortunately not at this time.

Cisco does allow for configuration of those bits via API so it can be scripted. That's not a trivial exercise for most of us old school network engineers. We can only hope that they make this simpler moving forward.

Lucas Phelps · ‎05-18-2018

It probably wouldn't be that big of a deal, if I wasn't dealing with so many RMAs. Thanks for the reply