FMC and Management port of both firewalls is on the same LAN.  FMC is virtual on a UCS that is currently way under utilized.  I'm seeing that the only statistic that is high on the FMC statistics page is that Memory is at 80%.  Can I simply add more memory since it was an OVF deployment?

You can shutdown the server, add memory to the VM and restart but I was thinking more about CPU and storage IOPS. If it has the recommended 8 GB you may get some incremental improvement by going up to 12 or 16 GB but a deployment would not normally be a memory-intensive process.

I agree.  But CPU is fine and storage has a long way to go before I am pushing IOPS.  It's a Nimble / Cisco Smartstack.

Are you running 6.2.1 with the 2110s?

I haven't done any production deployments of those and there may be a not yet publicly-documented bug. I know 6.2.2. is about to be released - I'd reach out to the TAC to see if they can shed some light.

Yes, 6.2.1.  I will open a case.

what did you find out ?

i am seeing the same thing on a pair of 2120 with a vFMC running 6.2.1.

when navigating in the FMC it is very slow especially when you go want to use Connection/events. deployents takes 5-10min

Just did my first production 2110s last week. In this case we ran 6.2.2.

I found deployments to take about 1 minute. I recommend upgrading to 6.2.2. to see if that helps. Even if it doesn't, there are many bug fixes there for other things.

Hi Marvin,

I have installed a pair of 2110 (in HA) and running FMC 6.2.2 code.

The FMC is taking about 8 to 11 minutes each deploy.

I checked the FMC health and everything is ok.

*** This environment isn't in production, no data passing through interfaces.

Hi all,

May i know if you are using the hard appliance or virtual FMC?

Because i tried upgrading my FMCv to 6.2.2 but still experience slow deployment timing on FTD 5506X

Standalone deployment takes around 4mins and HA deployments takes around 8 mins.

For anyone searching on this. Here is the result of my TAC Case - I have TWO Firepower 2110 devices in HA running on most recent code:

Hello,

I reviewed the troubleshoot file and I was not able to find any issue.

As I explained in my previous email this time depends on the bandwidth and the Policy (rules, sensors and so on). I do not consider this time - 7 minutes for deploy as a problem.

Please let me know if you have any other concerns or questions.

Business day hours:  Mon - Fri - 8AM - 5PM (EST)

Kind Regards,

XXXXXXXXXXX

Cisco Firewall TAC engineer

I haven't deployed to 2110's but I agree that 7 minutes is excessive. I'd push back on the TAC and request escalation to get another pair of eyes on it.

Right now I am working with a couple of vFTD instances and an FMC VM (all on the same ESXi host which is running exclusively SSD storage) and deployments complete in about 1-1/2 minutes.

You had indicated this is a new deployment with minimal policies. Are they in production at this point? I ask because I'm wondering if them being in an HA pair is affecting the time.

Is there any possibility of network issues between your FMC and the appliances? You might grab a tcpdump or spanned capture during deployment and see if Wireshark shows any tcp retransmissions or such.