Migrating to new FMC

rjadhav163 · ‎08-11-2016

Hi

i have a Firepower Management Center (FMC) for VMWare, lets call it FMC1 with ip 10.10.1.1/24.

I have an ASA High Availibility pair running the FTD Unified image and this HA Pair is currently managed by FMC1.

We have installed FMC2 with ip 10.10.1.52/24, with all exact same settings and policies as FMC1.

Now, we want to migrate the ASA HA Pair from FMC1 to FMC2, without network disruption at all.

So the question:

I know that i need to log on to ASA per CLI and change the "manager" to the new FMC IP with new registration key.

But then, If I "add" the active firewall in the new FMC i.e. FMC2 then will it break the HA pair and will both become active? This will cause network disruption.

What is the exact procedure to migrate?

Thanks and Regards,

Oliver Kaiser · ‎08-18-2016

In case you associate your firewalls again with the new FMC you will need to break HA in old FMC, add FTD appliances in new FMC and build HA again. In this case only one firewall will be active with the correct interface configuration so you will not face an active/active scenario.

For a more seamless migration I would recommand you to backup your FMC configuration and import it onto the new FMC. In this case you have to shutdown FMC1, import backup onto FMC2 and just wait for the new FMC to reboot with the migrated configuration.

This way you retain all your config + licenses - but keep in mind that this is only supported between equal types of FMC (e.g. only VM FMC to VM FMC).

nihalsalim · ‎08-11-2018

thanks