FTD HA add to FMC

Nikola PEnev · ‎02-21-2024

Hi,

i've 2 FTD 2130 which are working in HA. What is the proper way to add them in FMC? I saw already how to add them separately and then to make HA through FMC...

Thanks,

Nikola

MHM Cisco World · ‎02-21-2024

https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212699-configure-ftd-high-availability-on-firep.html

Check this

MHM

Nikola PEnev · ‎02-21-2024

This is the document how to make a HA pair when the devices are already added in the FMC.

How to add properly devices in FMC if they are already in HA before adding them to the FMC?

Marius Gunnerud · ‎02-21-2024

As @Marvin Rhoads has mentioned, you need to break the HA before adding the FTDs to FMC. But this is also where you need to be aware that you will lose all configuration on the FTDs during the onboarding process. The only thing that is retained are the data interface configuration (and management of course). Everything else is lost and needs to be reconfigured.

So, assuming you want to keep the configuration that is already on the FTDs, be sure that you have preconfigured all interface security zones, ACP policies and NAT policies before you onboard the devices. After the devices are onboarded you will need to associate the interfaces with the security zones, configure all routing, DHCP relay and site to site VPN and remote access VPNs. basically everything that references physical interfaces will need to be reconfigured manually after onboarding.

--
Please remember to select a correct answer and rate helpful posts

Marvin Rhoads · ‎02-21-2024

You cannot add them as an HA pair into FMC. You need to break HA, add the Primary and Secondary units separately into FMC and then re-form HA from FMC between the units.