10-28-2016 01:44 PM - edited 03-12-2019 06:11 AM
Hello,
I have two 3500 MCs that I'd like to upgrade to 6.1. Recently, I attempted upgrading the secondary MC which failed mid-upgrade and needed to be restored back to 6.0. As a result, I lost all objects/configuration on the device. Since HA does not exist for MCs in 6.0, I can't pair these device back up with my primary MC, and thus cannot easily copy over all existing settings. While I can manually import policies/searches/dashboards/etc. to the secondary MC, I cannot see a way to import object configurations. This is an issue for me, since I have a very large number of configured objects, and items with long lists like the Security Intelligent Global Blacklist, and a custom IP blacklist network object.
Is there any way to mirror all configuration from one MC to another including objects?
Thanks for your help!
10-28-2016 04:04 PM
You may want to configure automatic backups of FMC. This way you can restore full configuration using the backup file for the same version (e.g. upgrade to 6.0 fails -> install restore image and restore configuration via backup). Another way would be to export your policies and import them again, but I have had many bad experiences with that process therefore I would not recommand it (some referenced object types lead to general errors, etc.)
Apart from backup you could use High Availability for FMC which was re-introduced in 6.1 to achieve syncronized config between your FMCs + Failover capability (manual switchover required).
In case you want to import objects, FMC also supports a REST API since 6.1 which adds support to import certain object types via API (e.g. host,network,range,objectgroup, service, servicegroup)
Let me know if this answers your question
10-31-2016 01:15 PM
The problem with moving both devices to 6.1 is that my secondary device failed on that upgrade and the only way to fix it was a complete restore, so I was very reluctant to try it out on my primary device and risk losing everything requiring me restoring back to an old version again just to restore to my backup again.
I haven't thought of using a backup file directly as a way to copy over configuration, though. I'll try that out.
11-02-2016 12:02 PM
Did you perform a readiness check before attempting the upgrade? A pre-installation package is available for 6.1 which should be installed before upgrading from 6.0.1.x to 6.1.
You can find a install guide for the pre-installation package here.
11-07-2016 07:06 AM
kaisero, I ran the pre-installation package and this completed successfully without issue. TAC identified this as bug ID CSCvb27923, and since a reboot had occurred, the only workaround was to do a complete reformat and restoration.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide