Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1368
Views
0
Helpful
6
Replies

FMC Sync Issue

fatalXerror
Level 5
Level 5

‎03-19-2022 03:38 PM

Hi, my fmc pair seems to have some sync issues. I can see that there is a VDB mismatch. Any idea why my primary fmc did not sync its VDB to the secondary fmc? I tried to manually upload the VDB to my secondary fmc but it fails. I tried to reboot the processes, and I even tried to reboot already both of my fmc but still the status are the same. I confirm that no issues in the network because both of my fmc are in one subnet only.

 

may I know also what is the use of "re-establish mirror" in the manage_HADC.pl script? Will this forcefully sync the fmc?

 

thanks

0 Helpful
6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

‎03-19-2022 05:38 PM 

may I know also what is the use of "re-establish mirror" in the manage_HADC.pl script? Will this forcefully sync the fmc?

yes  for some reason they are out of sync, to make it as normal, we need to manually sync the DB

 

example :

 

https://archive.dependencyhell.net/2017-07-10-fmc-ha/

https://community.cisco.com/t5/network-security/fmc-ha-synchronisation-issue-please-help/td-p/3992439

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

fatalXerror
Level 5
Level 5
In response to balaji.bandi

‎03-23-2022 10:22 AM

@balaji.bandi , should I run the re-establish mirror in the primary or secondary fmc? thanks

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to fatalXerror

‎03-23-2022 11:03 AM

i would push from primary.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

fatalXerror
Level 5
Level 5
In response to balaji.bandi

‎03-25-2022 10:15 AM

Hi Balaji, so this re-establish mirror function in FMC is like forcing to replicate the DB from primary to secondary, is my understanding correct? 

Do you have any idea why the VDB in primary can't replicate to the secondary FMC?

Thanks

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to fatalXerror

‎03-25-2022 10:59 AM

Not sure what is the reason we need to look Logs

 

vulnerability database (VDB) updates  - Generally automatically sync when peer availability.

 

Note : may be we missed here some information, have you rebooted both the devices ?

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Aref Alsouqi
VIP
VIP

‎03-20-2022 05:23 AM

I think only the active FMC would be responsible to download the updates from Cisco cloud. I don't think you need to use the manage_hadc.pl utitlity, I think you can try to pause the synch and resume it on the active FMC through the UI:

System > Integration > High Availability > Pause Synchronization

System > Integration > High Availability > Resume Synchronization

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card