FMC HA

fatalXerror · ‎01-27-2024

Hi,

Is it feasible to have my FMC in HA but with different subnet? If yes, how will the FTD synchronize to the standby FMC when the primary FMC goes down?

Thank you

Rob Ingram · ‎01-27-2024

Hi @fatalXerror the FMC configured as a high availability pair do not need to be on the same trusted management network, nor do they have to be in the same geographic location. If the primary fails you must manually promote the secondary.

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/admin/720/management-center-admin-72/system-ha.html#ID-2242-000001bc

fatalXerror · ‎01-27-2024

Hi @Rob Ingram , thanks for your help.

Just a follow through question,

1. If it is feasible, should I register also my FTD to the secondary FMC or it is automatically register once you register the FTD to the primary FMC?

2. What would be the expected status of the secondary FMC in the perspective of the FTD's CLI when you issue "show manager"? Will the FTD CLI shows success or pending for the secondary FMC?

thanks

Rob Ingram · ‎01-27-2024

@fatalXerror when FMC HA is setup, devices registered to the primary FMC are automatically registered on the secondary. A second sftunnel management tunnel will be created on the FTD to the secondary FMC.

balaji.bandi · ‎01-27-2024

what version of FMC - is this Virtual and Appliance ? ( some License requirement may need to look) hope you are running latest then check below guide :

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/admin/730/management-center-admin-73/system-ha.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help