Solved: FTD HA Reconfiguration via FMC - Cisco Community

604

Views

2

Helpful

8

Replies

Hi,

we have 2 FTD 2110 running in HA in the same datacenter with Mgmt IP in the same IP subnet. Failover/Linkstate link is configured on a single port but needs to be on a portchannel in the future

Now we need to move 1 FTD into another datacenter on the campus that has another Mgmt IP subnet. I can see in FMC that I cannot reconfigure HA settings. Also I am not sure if the FTD still connects to FMC whenever I change the Mgmt IP.

Does anyone has an idea what the steps are to reconfigure Mgmt and HA settings? The most important job is to change FTD Mgmt IP.

2 Accepted Solutions

Accepted Solutions

after HA break only the active keep have IP and can forward traffic

https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212699-configure-ftd-high-availability-on-firep.html?utm_source=chatgpt.com#toc-hId-430987556

MHM

View solution in original post

Break HA not de register FTDs
delete HA de register both FTD

MHM

View solution in original post

8 Replies 8

I want to share only roadmap

1- break HA between ftd1 abd ftd2

2- unregistered ftd1

3- register ftd1 again with new IP

I think you need after point 2 reset factory.

This my opinion' also check other VIP reply before decide which solution is good

MHM

I just found out that changing the Mgmt IP should not be a big deal without unregister adn re-register:

https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-management-center-virtual/221961-change-the-management-interface-ip-addre.html

Yes I know about this doc. But many engineers face issue after change mgmt IP.

As I mention before' check all solution and select one you see it best for you.

Goodluck friend

MHM

when breaking HA, the primary active FTD keeps active and functional?

after HA break only the active keep have IP and can forward traffic

https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212699-configure-ftd-high-availability-on-firep.html?utm_source=chatgpt.com#toc-hId-430987556

MHM

Break HA not de register FTDs
delete HA de register both FTD

MHM

Today I had a maintenance window and was able to proceed. I was able to change the Mgmt IP of FTD-02 like in this URL:

https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-management-center-virtual/221961-change-the-management-interface-ip-addre.html

We use Version 7.4.2.2.

Also I had to break HA, then moved FTD-02 to the new location, setup Port-channel on FTD-01 (active), then created HA again.

Thanks a lot for update us steps you use for move ftd.

Have a nice day

MHM

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community

Review Cisco Networking for a $25 gift card