cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
980
Views
0
Helpful
4
Replies

Firepower Hardware Upgrade

Mike Wagner
Level 1
Level 1

Hi Everyone,

We're currently running a pair of routed FTD 4410 units in a HA-Pair.  We've purchased two new 3140 units to replace the 4110's. 

With regards to swapping the units out, here is what I'm thinking:

  • Add new units to FMC
  • Assign ACP to new primary unit
  • Create temporary interface names, IPs, and routes on the new primary
  • Create HA pair with new units
  • Decommission old HA pair
  • Rename new interfaces and IPs to the same as the old units
  • Move cables

Any thoughts?  Anything I'm missing?

 

Thanks in advance!

4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

Backup FMC / FTD backup out of the box

Instead, Build New FMC Offline with current version and SAME IP address and Restore backup from OLD to NEW Offline.

Bring down OLD FMC and Bring up new FMC test make sure you have FTD HA access here.

try pushing simple Policy and test it.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

I would approach this with the following steps.

1. Rack mount the FTDs
2. Connect the FTD mgmt interface to the network
3. Connect the FTD failover and state interfaces between the FTDs
4. Configure the FTD mgmt interface with new IGMPSN
5. Add the FTDs to the FMC
6. Add the FTDs in a failover pair
7. Configure / restore backup to the Primary FTD
8. Verify configuration on the new FTD setup
9. Configure the data interfaces in shutdown
10. Connect the data interfaces to the network (if there are available ports on the switch)
11. Shutdown interfaces on the old FTDs enable interfaces on the new FTDs
12. Test

--
Please remember to select a correct answer and rate helpful posts

Marius,

Thank you!  So, it's ok to restore using a backup from a different FTD model?  I'm assuming as long as the code version is the same, it's ok?  Also, is it ok to do this all in the same FMC?  We only have one FMC, and it's virtual.

Thanks,

-Mike

 

there is one problem with restoring from an FTD backup, and that is that the management interface configuration and manager configuration (configure manager add ...) will also be restored.  So if you opt for this method you would need to decommission the FTD that you are restoring from first. 

It should be fine to do this on the same FMC as long as you are not connecting the data interfaces to the network yet.

--
Please remember to select a correct answer and rate helpful posts
Review Cisco Networking for a $25 gift card