11-19-2017 03:30 AM - edited 02-21-2020 06:46 AM
Hi ,
I am using FMC 6.2 on VMware platform integrated with 2 Cisco ASA's 5555-x working as Active/Passive.
Due to hardware refreshment process we are planning to upgrade VM hardware of FMC.
Importing the complete vmdk file to new hardware will be sufficient to up and run setup without hassle.
What are the other things that need to keep in mind.
Please help.
Thanks,
Pankaj
11-19-2017 03:55 AM - edited 11-19-2017 03:56 AM
It may not work. It definitely is not supported (see below). The closest supported method would be to backup the configuration and import into a new appliance with the exact same version and patch level.
See the following, taken from the Configuration Guide:
The following limitations exist when deploying Firepower NGIPSv for VMware:
11-19-2017 09:54 PM
It would be interesting to know why you cannot do vmotion nor cloning nor restore.
It's well known that vFMC doesn't have serial numbers, it relies on the activation key which itself is derived from VM mac address, as long as you don't change mac address you should succeed.
Maybe you need to re-register your sensors, is everything there?
Anyone knows?
11-19-2017 09:59 PM
Things may be "unsupported" for several reasons.
Sometimes it means something flat out won't work and will "break" the application. Other times it often means it's not something Cisco has tested and developed a procedure that they guarantee will work.
I agree that there's no obvious reason why it wouldn't work, but I'm just another user here - that's not an official Cisco position.
For anything with an underlying database (Firepower has a couple), you should at a minimum shutdown the server gracefully prior to making a copy of the vmdk.
11-21-2017 07:00 AM
Hello Marvin,
Thanks for the reply.
As mentioned in the document "Restoring a backup is not supported".
Can you confirm importing the configuration backup to other VM appliance would work or not.
Also what about the sensors they will automatically register to FMC or have to do additional things.
Thanks,
Pankaj
11-21-2017 07:14 AM - edited 11-21-2017 07:14 AM
If you restore a backup to a newly spun VM it should work - that would be the "supported" method. You can always open a case with TAC for assistance if you want critical production-level assurance regarding the approach.
I don't have an extra ESXi host in my lab to try it out but if I did I would try a shutdown of FMC and then clone the VM. That would be the easiest method.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide