Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1202
Views
0
Helpful
5
Replies

FMC 6.2 VMDK file importing to another server

pankajsingh87
Level 1
Level 1

‎11-19-2017 03:30 AM - edited ‎02-21-2020 06:46 AM

Hi ,

 

I am using FMC 6.2 on VMware platform integrated with 2 Cisco ASA's 5555-x working as Active/Passive.

Due to hardware refreshment process we are planning to upgrade VM hardware of FMC.

Importing the complete vmdk file to new hardware will be sufficient to up and run setup without hassle.

What are the other things that need to keep in mind.

Please help.

 

Thanks,

Pankaj

Labels:
0 Helpful
5 Replies 5

Marvin Rhoads
Hall of Fame
Hall of Fame

‎11-19-2017 03:55 AM - edited ‎11-19-2017 03:56 AM

It may not work. It definitely is not supported (see below). The closest supported method would be to backup the configuration and import into a new appliance with the exact same version and patch level.

 

See the following, taken from the Configuration Guide:

 

The following limitations exist when deploying Firepower NGIPSv for VMware:

  • Cisco Firepower Management Center Virtual appliances do not have serial numbers. The System>Configuration page will show either None or Not Specified depending on the virtual platform.

 

  • vMotion is not supported.
  • Cloning a virtual machine is not supported.
  • Restoring a virtual machine with snapshot is not supported.
  • Restoring a backup is not supported.

 

Source: https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/vmware/fmcv/FMCv-quick/intro-virtual.html#pgfId-2956674

0 Helpful

Massimo Baschieri
Level 3
Level 3
In response to Marvin Rhoads

‎11-19-2017 09:54 PM

It would be interesting to know why you cannot do vmotion nor cloning nor restore.

It's well known that vFMC doesn't have serial numbers, it relies on the activation key which itself is derived from VM mac address, as long as you don't change mac address you should succeed.

Maybe you need to re-register your sensors, is everything there?

Anyone knows?

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Massimo Baschieri

‎11-19-2017 09:59 PM

Things may be "unsupported" for several reasons.

 

Sometimes it means something flat out won't work and will "break" the application. Other times it often means it's not something Cisco has tested and developed a procedure that they guarantee will work.

 

I agree that there's no obvious reason why it wouldn't work, but I'm just another user here - that's not an official Cisco position.

 

For anything with an underlying database (Firepower has a couple), you should at a minimum shutdown the server gracefully prior to making a copy of the vmdk.

0 Helpful

pankajsingh87
Level 1
Level 1
In response to Marvin Rhoads

‎11-21-2017 07:00 AM

 

Hello Marvin,

 

Thanks for the reply.

As mentioned in the document "Restoring a backup is not supported".

Can you confirm importing the configuration backup to other  VM appliance would work or not.

Also what about the sensors they will automatically register to FMC or have to do additional things.

 

Thanks,

Pankaj

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to pankajsingh87

‎11-21-2017 07:14 AM - edited ‎11-21-2017 07:14 AM

If you restore a backup to a newly spun VM it should work - that would be the "supported" method. You can always open a case with TAC for assistance if you want critical production-level assurance regarding the approach.

 

I don't have an extra ESXi host in my lab to try it out but if I did I would try a shutdown of FMC and then clone the VM. That would be the easiest method.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card