Cisco FMC: Replace FP 2110 with 2140

judo · ‎09-23-2020

Hello community,

I have 2 FirePower 2110 in HA (active, standby) running FTD image (6.4.x.x) that are being managed by FMCv for VmWare also running the same software version.

I understand that “The more you have the firewall doing, the lower the performance, usually”. But I am planning on replace the 2110s with 2140s to increase the throughput.

Troughput 2110 ---- > 2.3 Gbps

Troughput 2140 ---- > 9 Gbps

Could anyone please advise me on what is the correct procedure to replace the 2110s with 2140s with a minimal downtime or point me towards some documentation or guidelines?

Thanks everyone for your attention. I’m looking forward to your answers.

Juan

balaji.bandi · ‎09-23-2020

Since it is FTD to FTD Migration is is easy.

configure the basic setup, you can back up and restore config. either offline or using FMC

and verify all configured imported without any errors. check the IP address (if any not matched, like production)

Connect to Switch with (Switch ports in shutdown mode)

in the maintenance window, shutdown the old FTD ports, and enable the new FTD port and conduct Live testings.

Keep the OLD KIT until the new kit perform as expected, then decommission.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

judo · ‎09-25-2020

Thank you very much for quick response.

I can imagine that the software version of the out-of-the-box devices will not match the FMC software version currently in use (6.4.x.x).

In the case they are in a different major version, which should be the right procedure to upgrade the new devices?

Add the device as you mentioned and then use FMC to upgrade the new devices or reimage them?

Again, thank you very much