10-17-2022 08:59 AM
Hi,
I recently had to migrate a FTD HA (tow FTD2130) from one FMC to a new one.
I installed the FMC in the exact Version and restored a five day old backup from the OLD FMC to the NEW FMC.
Everything was the same from the MGMT IP of the FTDs (10.0.0.x/24) to the MGMT Network of the old and new FMC (10.0.1.100/24), Certs, Policy's, RA VPN, S2S VPN, NAT, DHCP.
I have made these steps:
- FTD2 Active HA disabled on Console
- FTD1 passive HA disabled on Console
- FTD2 Active delete Manager on Console
- FTD1 passive delete Manager on Console
- FTD2 Active add Manager on Console
- new FMC add Device FTD2 (with Access Policy)
The FMC pushed the Access Policy on the active Device and did something unexpected.
It deleted all Zones from the Interfaces, all Routes, every NAT statement, DHCP, CERTS, VPN S2S and VPN RA.
How is this possible?
What did I wrong?
10-17-2022 10:38 AM
FTD2 active by config or is this failed over ? from FTD1 to FTD2 ?
10-17-2022 10:54 PM
FTD2 was the active Device from the HA.
10-17-2022 11:01 AM
In addition to an FMC restore, there is also a Device level backup/restore from within FMC. Restoring that type of backup (in addition to the FMC restore) would have allowed you to restore the zones, routes etc. you had configured specific to the devices.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide