cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1126
Views
0
Helpful
4
Replies

HA Pair- FirePower Backup

Lifeisbeautiful
Level 1
Level 1

I dont have backup of Firepower config from my old ASA in HA pair, but can I take firepower config from my working Active ASA in the HA pair and apply that on the new ASA firepower module?

 

Thanks

4 Replies 4

It all depends what Firepower-Version you are running on your ASA. With 9.2 on the ASA it's likely that you run a quite outdated Firepower version and the replacement ASA is newer than the old ASA. If that is the case then:

  1. Update the ASA-software to a recent version (I prefer the newest 9.6 interim)
  2. Update Firepower management Center to the newest 6.2.2 version
  3. Update Firepower to the newest 6.2.2
  4. Install the same ASA-software on the new ASA
  5. Assumed that the sw-model on the new ASA also comes with a 6.2 version:
  6. setup the module for your FPMC.
  7. Apply the latest Updates to the new Firepower

For the Firepower config you don't need a backup. After adding the new module to the Firepower Management Center you can just apply the policies again.

I have got both the ASA running 5525-X  which is running 9.2(2)4.

 

I read here that you can apply the backup config

https://supportforums.cisco.com/t5/intrusion-prevention-systems-ids/asa-rma-with-firepower-on-ssd/m-p/2942561#M23274

 

My question is , after I have installed the firepower (same version as of active ASA) on the new SSD if I take the backup from the active ASA with firepower module and apply that on the backup ASA firepower module, will that be ok

You don't need a backup/restore procedure as the FMC will take care of the policy. All you have to do is bring the module into FMC.

Thanks for your reply.

 

So once the module is intalled on the SSD  and point to the FMC , then do I have to goto FMC to push the config to the backup ASA firepower module or does it happen automatically

 

Review Cisco Networking for a $25 gift card