Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1145
Views
0
Helpful
3
Replies

Management Interface Change - Firepower Devices -FXOS

Support Cat
Level 1
Level 1

‎07-26-2021 06:22 AM

2 FTD devices host a logical ASA each running in multi-context mode and HA; the device currently does not have an Out of band management interface assigned to the logical ASA, we are trying to rectify this in this change.

 

Following the software change from software 9.10 upwards for ASA; the ASA can be allocated its own separate management interface along with a separate IP. An independent management link ( Ethernet 1/7) has been cabled and enabled however on trying to add that management interface to the logical ASA the FXOS prompts that a complete restart of the entire chassis will be required on each chassis.?

Warning.jpg

 

Many thanks in advance

@FTD FXOS: FCMの GUI言語設定 @managementIP

 

 

0 Helpful
3 Replies 3

rcullum
Level 1
Level 1

‎07-26-2021 09:21 AM

Hi

 

have you allocated  Eth1/7 as a Type=mgmt interface in FXOS? Then in your Logical Device, edit it and assign that Interface to your ASA instance. I believe the message you are getting is expected behaviour when allocating a management interface because you can choose to restart the logical asa immediately or later. See: "Change an Interface on an ASA Logical Device" section in Config Guide:

Cisco Firepower 4100/9300 FXOS Firepower Chassis Manager Configuration Guide, 2.10(1) - Logical Devices [Cisco Firepower 9300 Series] - Cisco

0 Helpful

Support Cat
Level 1
Level 1
In response to rcullum

‎07-26-2021 10:31 AM

Thanks cullum, 

much appreciated, will have a look at the guide...., and hoping for some more expert answer here

 

Regards

0 Helpful

Support Cat
Level 1
Level 1

‎07-27-2021 03:05 AM

 Hi All, I have simulated this in the lab and observed the results. The key thing I was trying to establish is now clear which are


* The reboot is unavoidable
* The reboot breaks the HA relationship between the firewalls not matter what order I perform it. Standby first or Primary First.
* This relationship break mandates a reboot of the primary HA device as well which will cause a DC wide outage whilst rebooting

We will have to schedule an outage for the entire DC; which is what we were trying to avoid.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card