Cisco FMCv Outage while Running Firepower 1120 HA - HA Status?

Agung1007 · ‎10-25-2023

Hi Team,

Kindly need your suggestion/help if anyone experienced like this

In my office,

we've FMCv and Manage 2 Appliance Firepower 1120 with HA configuration

But,

last week, Our HDD server (that hosting FMCv), is corrupt

Fortunately,

there's no impact on the Data Plane to the Firepower HA.

After we Re-install the FMCv (using latest backup that doesnt have Firepower HA Configuration),

the Firepower/FTD appliances is automatically connected, but the appliances in FMC "not configured" as HA (as expected):

but when i ssh on FTD CLI (on FTD-01 & FTD-02),

looks like the Failover still active/Running:

*Left : FTD-01, Right : FTD-02

My question is:

- How we can "sync" for FMCv so that FTD-01 <> FTD-02, displayed as HA in FMCv GUI ? from the screenshot above, there's out-of-sync from FMCv GUI and FTD CLI

- do we need to "Break HA" in FTD CLI, and re-configure the HA in FMCv GUI ?

- If we Sync/Break HA, it caused Network Outage/Disrupt Data Plane?

Note:

we running FMCv & FTD 7.0.5

Thanks in advance!

Regards.

Marvin Rhoads · ‎10-26-2023

Most likely you will have to break HA and rebuild. This will cause some disruption to dataplane traffic while the HA is recreated. I would expect outage to be 5-10 minutes.

It would be best to do this under TAC guidance. So, if you have a support contract, please open a case.

Agung1007 · ‎10-29-2023

Ok got it,
you are correct,
in summary we need to "rebuild" the HA Connection in FTD/FMC

the issue is already solved,

I try to take this procedure/solution for the case :

Solution:
- Login to FTD by CLI (FTD-01 & FTD-02)
- Suspend HA on each FTD, by CLI
- Delete Device FTD-01 & FTD-02 on FMCv GUI
- Disable HA on Each FTD, by CLI
- Add Manager/FMCv on Each FTD
- Create HA on FMC (as usual)