Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1113
Views
0
Helpful
3
Replies

Firepower Management Restore

keithcclark71
Level 3
Level 3

‎06-27-2022 04:27 AM - edited ‎06-27-2022 04:30 AM

I just wanted to update on my recent need to restore Firepower Management Center after failed patch upgrade due to interruption of that upgrade process.

 

I rebuilt the Virtual machine and booted a new FMC vmdk. I then restored from backup I had in place to an SMB windows share. The result was 100% recovery and part of that restore was Licenses allocated from smart license portal , SSL external and Internal CA certs were all restored and Remote User VPN, Identity policies to AD etc. I was worried on the certificates not being recovered and remote user VPN but they were. Make sure you have a backup as I have a ton of ACL outbound restrictions written . You do not want to have a complex config and then find yourself in my situation with a crashed FMC, thank god for backups and thank you all for the help. 

0 Helpful
3 Replies 3

Eric R. Jones
Level 4
Level 4

‎06-27-2022 01:50 PM

Hello, we do a regular backup of our FMC to an NFS shares routinely remove the older versions to keep about 3 weeks worth of backups or the most recent version since you can't restore 7.0 to a 7.1 platform. Our FMC is also a VM type. So reading your post it sounds like you.

1. Backed up the FMC and FTD to a remote location

2. Had a failure

3. Blew away the problem FMC VM

4. Created a new bare metal FMC VM

5. Restored a most recent backup to the new FMC VM

6. Restarted that VM and it was up and running without the need to:

    a. Get new certs and import them e.g. CA certs from 3rd party

    b. Re-register your managed devices, e.g. FTD Firewalls and VPNs (I think your FTD is both FW and VPN right?)

    c. Re-register your FMC with smart license either on prem or via Cisco 

 

 

0 Helpful

keithcclark71
Level 3
Level 3
In response to Eric R. Jones

‎06-27-2022 02:28 PM

Hey Eric yes you are spot on. This was only a single headend deployment but my config was complex in that I have sub interfaced, QOS, certs configured for VPN access using smart card 2fa etc This restore I am happy to say was 100%y. No need to reregister the new built FMC or un manager the FTD and readd everything was intact from the restore!!! FMCv 6.6.5

 

I also was able to patch to 6.6.5.2 off new restore which initially another peer logged in and rebooted the FMC causing the corruption during this patch. Lesson tell your peers time window of patch and tell them to check in with you before they do anything

0 Helpful

Eric R. Jones
Level 4
Level 4
In response to keithcclark71

‎06-27-2022 02:44 PM

That's my default, always ask before typing, should be a common courtesy and enforced by  punishment when violated.

You must spend one day in the wiring closet making it look pretty.

thanks for the information I'll add that to my collection.

ej

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card