Hi Marvin,

Thanks for the feedback, you mean I cannot register the sensor to 2 primary FMC right? Is there's any way to this because I do have 2 different model of FMC that is why I thought it can be possibly cold standby?

thanks

You're welcome.

Correct - you cannot register the sensor to 2 primary FMC.

You'd be better off having in place a good backup scheme and disaster recovery plan for the active FMC. 

Hi Marvin, thanks for the great feedback. What I can do is in the event of failover, I need to manually failover all sensors to the cold standby FMC right? But if I register it, the current config of the sensors will be lost right so I need to make sure whatever config in the primary FMC it should be manually replicated to the cold standby one?

What you describe is possible but I wouldn't recommend it.

If your FMC is covered by Smartnet your should be able to get a replacement unit next business day. Get the new one in, bootstrap it and bring the patch level, SRU and VDB up to date. Then restore your backup to it. Restart your sftunnels and you should be good to go.

The sensors will continue to run just fine and enforce policy while the FMC is down. The worst that might happen is that the local queue of events might start to overwrite (depending on how many events you're logging) and you'd lose the historical record of some connections. Of course you can't make policy changes while the FMC is offline; but it's not often we do that in a steady-state production environment.

hi @Marvin Rhoads, i just thought about this. I am backing up the FMC configuration and restoring it to the other FMC appliance, how about the current licenses? What will happen to sensors will it still run even though it doesn't have licenses?

thanks

The sensors will continue to run. You will not be able to modify policies that require licensed features until you rectify the FMC licenses.

For Classic licenses you would rehost them to the new FMC.

Smart licenses you would deregister the old FMC and then once the new one is registered in your portal it should be able to allocate the available licenses from your Smart account.

In both cases you should make sure your devices get assigned the licenses they require.

Hi @Marvin Rhoads, thank you very much for the help. Just last two questions :), does IP address of the old FMC will be included in the restoration of config to the new FMC?

In addition, I can also restore the configuration of the sensors using FMC after I restore the FMC config right so that I will be not re-configuring a lot during the process? super thank you.

I don't believe the bootstrapping settings (IP address, gateway etc.) are overwritten when restoring from backup. That applies to both your FMC as well as sensors.

The sensors should not lose their configuration just because the original FMC was replaced with one from a backup. The registration address and key remain the same.