cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1573
Views
0
Helpful
3
Replies

Cisco ASA with FirePower - HA/failover to standby FMC

Mohammed Islam
Level 1
Level 1

Hi,

 

I have an ASA with FirePower and also have 2 x FMC in a HA configuration (over a layer 3).  My question is, how does the ASA FirePower senor know how to failover to the secondary FMC in the event the primary FMC dies?  Since the initial configuration on the ASA FirePower sensor only one FMC management IP is added/allowed.

 

Any advise would be great.

Thanks.

3 Replies 3

Francesco Molino
VIP Alumni
VIP Alumni
Hi

Normally, when configuring HA FMC, your sensor should get a config with the 2nd FMC that will be used when primary fails.
If it's not working, then you might need to go back to your sensor, remove the registration and re-do it.
There was a link I already shared I believe in this forum. Here is the link with a quick and clear explanation:
https://dependencyhell.net/2017/07/10/FMC-HA.html

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Thank you for your reply. So to clarify;
FMC's are in HA already.
Once the ASA FirePower sensor is added with the primary FMC's IP, it should also receive config for the secondary FMC?
If so, is there anyway to verify that from the console or is failing the primary FMC the only way to verify?

If you issue sftunnel-status you should see the 2 fmc ip.
Or you can issue show managers. Not sure if you see when issuing this last command but with the first one you will see it.


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Review Cisco Networking for a $25 gift card