Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2487
Views
15
Helpful
4
Replies

FMC split brain question

Go to solution
ChristopherCraddock66504
Level 1
Level 1

‎09-01-2021 05:44 AM

Community,

I am working with TAC on an issue with my FMC's. In the meantime while the issue is being resolved by TAC my FMC HA pair is in a split-brain situation due to the sync being paused. TAC is stating that I can still make and push changes from our Primary FMC and that those changes will propagate to the standby after resync. However, I was reading in the upgrade guide that any changes made during a split-brain situation will be wiped out when we resync the pair. Now I am not sure which one is true. Can anyone advise which one is correct? 

 

Thank you. 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Sheraz.Salim
VIP Alumni
VIP Alumni
In response to ChristopherCraddock66504

‎09-01-2021 07:33 AM

hey Chris.

 

in our case we were using two FMC physical appliances on both DC. DR DC standby FMC had a network card issues therefore the FMC sync was broken more than a month until we picked up in the mean time we used to push the policy on our ASA sensor and FTDs every day due to having a large network with many firewalls (From FMC primary)

 

once we open a TAC case and worked with TAC engineer to fix the issue. once the issue was fixed it took about 15-20 minutes to re-sync between two HA FMC.

 

i hope i have answered you question.

please do not forget to rate.

View solution in original post

4 Replies 4

Go to solution
Sheraz.Salim
VIP Alumni
VIP Alumni

‎09-01-2021 06:26 AM

 

Hi ChristopherCraddock66504

 

I had a similar situation where our standby FMC was not syync and was paused (for a month). in this time we were able to make changes on the FTD and ASA sfr sensors. once the FMC standby issue was fixed (when we open a case with TAC they fix the issue) and we re-sync our both FMC.

please do not forget to rate.

Go to solution
ChristopherCraddock66504
Level 1
Level 1
In response to Sheraz.Salim

‎09-01-2021 06:52 AM - edited ‎09-01-2021 06:56 AM

Sheraz,

 

Thanks so much for the quick feedback. Just so I am understanding, are you saying that all changes you made on the Primary FMC while the devices were split-brain were not lost once you re-synced the FMC's? Because if that is the case, that's great news for me! 

 

Thank you. 

0 Helpful

Go to solution
Sheraz.Salim
VIP Alumni
VIP Alumni
In response to ChristopherCraddock66504

‎09-01-2021 07:33 AM

hey Chris.

 

in our case we were using two FMC physical appliances on both DC. DR DC standby FMC had a network card issues therefore the FMC sync was broken more than a month until we picked up in the mean time we used to push the policy on our ASA sensor and FTDs every day due to having a large network with many firewalls (From FMC primary)

 

once we open a TAC case and worked with TAC engineer to fix the issue. once the issue was fixed it took about 15-20 minutes to re-sync between two HA FMC.

 

i hope i have answered you question.

please do not forget to rate.

Go to solution
ChristopherCraddock66504
Level 1
Level 1
In response to Sheraz.Salim

‎09-01-2021 07:40 AM - edited ‎09-01-2021 07:41 AM

Thank you so much Sheraz. Were in a very similar situation. We have 2 physical FMC2500 appliances. The appliance at our DR DC is out of commission due to a DB corruption, so we manually disabled sync between the two. My concern is that any changes we make to the Primary FMC will be lost once we resync the devices. But it sounds like that is not an issue and that the updates made on the primary will get pushed to the Secondary upon resync, as long as the primary is made active at that time. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card