cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1755
Views
5
Helpful
5
Replies

Firepower Backup

HimeshGohil
Level 1
Level 1

Hi, our setup is;

ASA 5555-x active passive HA pair

Firepower module installed

Using FMC for FP management

 

My question is, what is the best way to backup FP specifically for an upgrade project where I can easily restore FP if I have issues with the upgrade.

 

My reading so far has led me to understand that if I backup the FMC, I will backup the policies and some config but I need to re-create some of the config. If that's the case, what should I be prepared to configure?

 

Is there a way to backup FP using the cli?

 

Thanks

H

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

An ASA Firepower services module has minimal local configuration on it. Basically only the items you setup during installation (IP address, gateway, hostname, manager (FMC) address and key etc.). Everything else is on the managing FMC.

View solution in original post

5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

You can use backup and restore :

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/630/asa-fp-services/asafps-local-mgmt-config-guide-v63/using_backup_and_restore.html

 

if you like to restore, you need just management IP of FP module where device can reachable to restore.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi Balaji, thank you for the suggesrtion.

 

The instructions you've sent look like the process to backup using ASDM. We don't have FP configured with ASDM and instead use Firepower Management Console. FP can't be managed by both thus I need assistance specific to backing up FP where we have the FMC

 

Thanks

Himesh

I may be posted wrong Link, but the process is same, you config basic config, and retore using FMC

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Marvin Rhoads
Hall of Fame
Hall of Fame

An ASA Firepower services module has minimal local configuration on it. Basically only the items you setup during installation (IP address, gateway, hostname, manager (FMC) address and key etc.). Everything else is on the managing FMC.

Thankyou Marvin.

So if I were to take a backup using the FMC and an issues causes us to loose the FP module I would then need to;

Remove the FP module from the ASA

Install a new FP module taking it up to the same software version that the backup was taken from

Configure the FP module with IP add, gateway, hostname, FMC address, user accounts, DNS, Hosts, ntp

Connect/re-add the module to FMC

Restore backup from the FMC

Review Cisco Networking for a $25 gift card