Copy a Configuration to Another Device

serge.besse · ‎06-28-2023

Hello,

I had several firepower registered on my FMCv.
after a crash of my server, I decided to install a new one.
when i try to register my firepowers on the new fmc i lose the configurations on the ftd.

how to register ftd to new FMC without losing my configurations?
How to repatriate the configurations on my FMC?

Marvin Rhoads · ‎06-29-2023

You cannot restore the running configuration on a Firepower service module to a new FMC. If you had a backup of the old FMC, restoring it would also include the policies and settings for any managed devices.

MHM Cisco World · ‎06-29-2023

https://www.speaknetworks.com/backup-restore-firepower-management-center/

He not migrate ftd from one to other'

I think his fmc failed because of server crashes' so he can re install fmc in other server and use backup to restore all config.

@Marvin Rhoads am I right' or there is something missing me?

Thanks

MHM

Marvin Rhoads · ‎06-29-2023

Yes - if a backup is available it can be restored on a new server and the managed Firepower service modules will reconnect without losing configuration.

However if an FMC backup is not available, then the devices will need to be reconfigured from scratch on the new FMC.

Aref Alsouqi · ‎06-29-2023

I've never tried this, but I think in the device management page on the FMC, under General tab there are two icons with an up and a down arrows. I think one of them would allow you to parse the FTD configs and import into the FMC, but not really sure about this. @Marvin Rhoads, have you ever used that button?

Marvin Rhoads · ‎06-29-2023

I had not ever tried that @Aref Alsouqi . Good idea - it looks promising for FTD (but is not support for Firepower service modules).

Aref Alsouqi · ‎06-29-2023

Thanks for trying that @Marvin Rhoads . Hopefully that will work for @serge.besse .

serge.besse · ‎06-29-2023

Thank you.

I will try if I register the device ftd without automatic deployment. Because, when I register the ftd, the configuration is deleted by the new fmc.

Have you a solution for me?

Aref Alsouqi · ‎06-30-2023

Please try to register the FTD with the new FMC, and then go to the device management page and try to the down side arrow in the General tab.

Marvin Rhoads · ‎06-30-2023

It looks like that feature is designed to copy config to a NEW device - not discover an existing one. Here's the online help for the button:

Copy a Configuration to Another Device

When a new device is deployed in the network you can easily copy configurations and policies from a pre-configured device, instead of manually reconfiguring the new device.

Before you begin

Confirm that:

The source and destination threat defense devices are the same model and are running the same version of the software.
The source is either a standalone Secure Firewall Threat Defense device or a Secure Firewall Threat Defense high availability pair.
The destination device is a standalone threat defense device.
The source and detsination threat defense devices have the same number of physical interfaces.
The source and destination threat defense devices are in the same firewall mode - routed or transparent.
The source and destination threat defense devices are in the same security certifications compliance mode.
The source and destination threat defense devices are in the same domain.
Configuration deployment is not in progress on either the source or the destination threat defense devices.

Procedure

Step 1	Choose Devices > Device Management.
Step 2	Next to the device you want to modify, click Edit. In a multidomain deployment, if you are not in a leaf domain, the system prompts you to switch.
Step 3	Click Device.
Step 4	In the General section, do one of the following: Click Get Device Configuration to copy device configuration from another device to the new device. On the Get Device Configuration page, select the source device in the Select Device drop-down list. Click Push Device Configuration to copy device configuration from the current device to the new device. On the Push Device Configuration page, select the the destination to which configuration is to be copied in the Target Device drop-down list.
Step 5	(Optional) Check Include shared policies configuration check box to copy policies. Shared policies like AC policy, NAT, Platform Settings and FlexConfig policies can be shared across multiple devices.
Step 6	Click OK. You can monitor the status of the copy device configuration task on Tasks in the Message Center.

When the copy device configuration task is initiated, it erases the configuration on the target device and copies the configuration of the source device to the destination device.

Warning

When you have completed the copy device configuration task, you cannot revert the target device to its original configuration.

MHM Cisco World · ‎06-30-2023

Friends, He is ask if FTD config will erase if he register to new FMC,
and I think Yes
he need to backup config and add to new FMC before register FTD to it.

Aref Alsouqi · ‎06-30-2023

I don't believe the FTD will lose its configs just becuase it is registered to a new FMC, would it? But anyway, my suggestion won't work after @Marvin Rhoads kindly shared the help guide of those buttons.

Change FMCv server without erase ftd configuration

Copy a Configuration to Another Device

Before you begin

Procedure