Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1753
Views
10
Helpful
3
Replies

Hardware Replacement of Cisco FTD

Go to solution
~Saj~
Level 1
Level 1

‎03-21-2022 11:57 PM

Hi all,

Currently we got FTD managed through FMC (6.7.0.3). Due to resource constrained, thinking of two options.

 

Option 1 - Install new security module to the chassis and add to the existing firewall(existing is 9300 SM-24 installed natively )                   

                 Can SM-24 and SM-40 be part of same chassis and be single firewall instance

 

Option 2 - Install a new SM-48 and restore the existing configuration to it. 

                 what is the process of migrating to new security module

 

Cheers

Saj           

           

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎03-22-2022 03:12 AM 

Option 2 - Install a new SM-48 and restore the existing configuration to it. 

                 what is the process of migrating to new security module

personally i take this option.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

3 Replies 3

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎03-22-2022 03:12 AM 

Option 2 - Install a new SM-48 and restore the existing configuration to it. 

                 what is the process of migrating to new security module

personally i take this option.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-22-2022 07:54 AM

I'd go with the SM-48 if that's an option. While you can install different SM types in a given 9300 chassis, they cannot be part of the same firewall logical device - either in HA or cluster configuration.

First I'd get everything to the current FXOS and recommended FMC/FTD releases. (FXOS currently at 2.11.1.154, FMC/FTD at 7.0.1.1/7.0.1 respectively.)

Backup the logical device configuration in FMC and then decommission the current SM-24:

https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/2111/web-guide/b_GUI_FXOS_ConfigGuide_2111/security_module_engine_management.html

Install the new SM, bootstrap FTD on it and then register/restore from FMC the configuration.

 

Go to solution
~Saj~
Level 1
Level 1
In response to Marvin Rhoads

‎03-23-2022 01:33 AM

Thanks Marvin for the response. Really Appreciated.

 

Upgrade path wasn't very clear on the doco.....In terms of upgrade path:

      > can I failover traffic to standby device

      > export configuration

      > re-initialise the new module

      > import the config 

      > add to FMC

      > at this stage one chassis will SM-24 and other chassis will have SM-48....can traffic failover back to SM-48?

 

Do i need to break the clustering to start with upgrade? Will there be total downtime during the migration?

 

Cheers

Saj

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card