Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2104
Views
0
Helpful
8
Replies

FMCv clonning

AndrewM
Level 1
Level 1

‎05-11-2018 07:31 AM - edited ‎02-21-2020 07:45 AM

Hello all,

We have two physical vSphere 6.0 hosts. One is a primary host which contains production VMs and another is a backup host for backup VMs. Production FMCv is up and running on primary host and connected to two ASA5516-X physical device and one Firepower 2120 Thread Defense physical device.

Now we are thinking to create backup FMCv  VM on backup host for disaster recovery or any problems/upgrades of primary host. VMware is allowing to clone virtual machines which is creating exact copy of MV. Do you see any problems with that approach if we clone FMCv from primary host to backup host? If yes what is better solution for this?

0 Helpful
8 Replies 8

Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-13-2018 07:11 AM

It's not a supported (by Cisco) approach but should work if you're careful.

 

I'd recommend stopping the application first so that the database doesn't have open transactions. Then clone the VM and finally restart the production server.

0 Helpful

AndrewM
Level 1
Level 1
In response to Marvin Rhoads

‎05-14-2018 10:16 AM

Thank you Marvin. I have also opened a ticket with TAC and they tried it in their lab and told me that it should work but I will need to reregister SFR modules and 2120 FTD device. I am now thinking about access control policies which already created for 2120 FTD  in FMCv and what happened with them after reregistration of device. Will they be deleted or will they be imported from device?

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to AndrewM

‎05-14-2018 10:40 AM

If it's truly cloned (same IP addresses - as you would with stretched L2 network) then re-registration shouldn't be necessary.

0 Helpful

AndrewM
Level 1
Level 1
In response to Marvin Rhoads

‎05-14-2018 10:49 AM

Yes two VMs are absolutely identical and located in the same subnet. The only difference in they are located on separate physical servers (VMware hosts).

0 Helpful

Massimo Baschieri
Level 3
Level 3
In response to Marvin Rhoads

‎05-17-2018 07:58 AM

Hi guys,

I did some test on that, below my procedure:

 

1 - cloned vFMC to another site

2 - changed ip address to cloned vFMC with "configure-network"

3 - changed hostname to cloned vFMC

4 - added dns record for cloned vFMC to dns servers

5 - cloned vFMC joined domain without any manual intervention

6 - added cloned vFMC to sourcefire AD agents

7 - cleaned device list on cloned vFMC

8 - unjoined a sensor on original vFMC (ASA5508 with SF module)

9 - joined the sensor to cloned vFMC

10 - added sensor started to work like a charm

0 Helpful

AndrewM
Level 1
Level 1
In response to Massimo Baschieri

‎05-23-2018 10:01 AM

Thank you Massimo.

I am not going to change IP address of FMCv. I just want to clone current FMCv to other physical VMware host(server), shut down current running FMCv and power on cloned FMCv. Nothing change except FMC virtual machine copied to other physical server. The same subnet, the same IP address, the same host name and so on.

 

Andrew

0 Helpful

Massimo Baschieri
Level 3
Level 3
In response to AndrewM

‎05-23-2018 10:42 AM

If it worked in my scenario, which was much more challenging than yours, I guess it should work for you also.

Anyway, be so kind to share your experience once done.

  

0 Helpful

jonahrodriguez
Level 1
Level 1
In response to Massimo Baschieri

‎04-04-2025 08:04 AM

Hi Massimo Baschieri,  I know this is an older post but thought I would take a shot and ask anyways.  Before you clone the FMC did you to shutdown anything or just clone as it ran normally? We have some old ASA 5545 with SFR modules and would like to move them on to a temporary clone FMC. Then eventually I will shut them down as we just purchase 3105s.  
Thanks.

0 Helpful
Related community topics
Review Cisco Networking for a $25 gift card
Top