Solved: Re: FMCv HA

Herald Sison · ‎06-12-2022

is there a way to setup 2 FMC with only 1 FTD device, This is to make sure that FMCv configurations will stay intact incase the other FMCv fails or the entire VMWare or hardware got corrupted?fmc, Cisco Firepower Management Center (FMC)fmc, Cisco Firepower Management Center (FMC)

Marius Gunnerud · ‎06-14-2022

No, configuration is "copied" from the active to the standby. but if the active fails you will need to promote the current standby FMC to active manually.

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

Marius Gunnerud · ‎06-12-2022

Here is a guide for FMC HA configuration. And yes you can have two FMC that manage one FTD as long as they are configured as active / Standby

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/admin/710/management-center-admin-71/system-ha.html#id_21087

--
Please remember to select a correct answer and rate helpful posts

Mohammed al Baqari · ‎06-13-2022

Hi,

Just be aware about FMC HA is not automatic, i.e. if FMC-01 fails, you need
to manually switch roles to manage from FMC-02

**** please remember to rate useful posts

Herald Sison · ‎06-14-2022

does that mean you need to manually add the FTD to the FMC02?

Marius Gunnerud · ‎06-14-2022

No, configuration is "copied" from the active to the standby. but if the active fails you will need to promote the current standby FMC to active manually.

--
Please remember to select a correct answer and rate helpful posts

Herald Sison · ‎06-17-2022

Hi Sir,

one last thing. may i ask about the licenses for the 2nd FMC? i know i have +9999 licenses left for my FMCv but how will i assign it? will it be automatically be populated after joining the 2 FMC or will i need to create another token and add it to the second FMC?

Marius Gunnerud · ‎06-19-2022

I am not entirely sure which licenses you are refering to, could you post the full license name and PID?

Normally for FMCv you need entitlement licenses for each FTD device it will manage (as a minimum), that means if you have a high availability setup with two FTD devices you would still need 2 entitlement licenses. Then you would also need the additional licenses for IPS, URL, and file / malware depending on which of these you require.

If the licenses are in your smart account and are the correct license type for your FMCv then once you register your FMCv with the smart license account they will be consumed automatically.

--
Please remember to select a correct answer and rate helpful posts

Herald Sison · ‎06-19-2022

hi sir, this is now solved. after joining 2 FMCv's in HA mode the license for my FMCv just automatically populated and in license manager it consumes 2 FMCv licenses.

Massimo Baschieri · ‎06-13-2022

If you have only one ftd managed most probably you have FMCv 2 (licensed for two sensors only), which is not listed in the document linked by Marius, maybe it works anyway, but most probably you will not have tac support for that.