cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8554
Views
13
Helpful
15
Replies

Migration from one FMC to another

rjadhav163
Level 1
Level 1

Hello

I want to migrate all the devices from our current virtual Firepower management center to a new firepower management center. Following are the conditions:

1. The new management center will also be on VMWare and will have exact version number as the current one.

2. The devices managed by current FMC are ASAs with FTD images and are in High Availability (only 1 pair)

3. The new FMC must have exact same configuration as the current one. (like security policies and all. I can export the config from the current FMC I guess.)

4. The new FMC should take over the IP Address of the current FMC

How can I achieve this migration? Is there a document? Or can someone jot down the process i should follow?

Thanks and Regards,

15 Replies 15

rjadhav163
Level 1
Level 1
Additional Note: FMC version is 6.0.1.1

nspasov
Cisco Employee
Cisco Employee

Hi there, have you looked at the backup and restore process?

http://www.cisco.com/c/en/us/td/docs/security/firepower/601/configuration/guide/fpmc-config-guide-v601/Backup_and_Restore.html

Thank you for rating helpful posts!

Hi

yes I took a look there. But that is a Backup and Restore procedure and there it says the following:

Do not use the backup and restore process to copy configurations between appliances. A backup file contains information that uniquely identifies an appliance, and cannot be shared.

Since we are installing a new FMC, I am not sure about the process in this guide!

Have you tried it yourself?

Hi,

I have done this in my lab and I was able to backup and restore the configuration of one FMC to another FMC. One thing to be careful of is that the vulnerability database needs to be exactly the same, as that was the only issue I found.

I know this thread is old but if anyone else comes across it...
From the link from @nspasov it also says "You can restore a backup onto a replacement appliance or device only if the two appliances or devices are the same model and are running the same version of the Firepower System software".
I believe your @rjadhav163 quote is meant to mean: do not use the back up and restore as a way to copy configuration to multiple devices.

When I restored my firewall (with the help of TAC) this I used backup and restore and like @Ashley Sahonta said I just had to make sure all the versions were the same.

Hi There, 

 

Did you manage to do this Migration? I am facing the same challenge, but I will need to get the Management IP changed. 

Dill
Level 1
Level 1

Old topic, but I am move from an obsolete FMC1000 to an Virtual FMC (VMWare).   I tried doing a backup and restore but it won't let me.  (Restore will not be available: Product model mismatch)

In the same boat, did you find a solution? 

Gustavo Medina
Cisco Employee
Cisco Employee

After 6.5 you can use the Firepower Management Center Model Migration feature. Just make sure you follow a supported migration path:

https://www.cisco.com/c/en/us/td/docs/security/firepower/fmc_model_migration/b_FMC_Model_Migration_Guide/about_fmc_model_migration.html

Hi Gustavo,

I've read that guide and digested it fully. Only issue is, Cisco has only paved a path to allow people to go from one FMC to an equal size or larger FMC. There is no solution to go from FMC 1000 to FMCv. A lot of our customers have FMC 1000 becuase it was given to them free with their 4 or 6 FTD purchases, but now that we want to go to FMCv, we have no option but to go to the super sized FMCv300. 

Do you know of a way to go from FMC1000 to FMCv and bypass the "Restore will not be available: Product model mismatch" error?

My Cisco TAC found this for me.
Change the VM model, Import your backup, then change the VM back.
https://community.cisco.com/t5/network-security/can-fmc-running-in-vsphere-be-migrated-to-aws/td-p/4569305

you are amazing, thank you so much. Im going to try this right now to trick it into being FMCv300 and then attempt the migration process. After that, I will change it back and evaluate if everything worked out. Will report back soon!

Forgot to report back, this worked perfect. sized the FMCv to FMCv300, imported the config from FMC1000. Then sized it back down to FMCv.

This procedure is only intended for TAC lab use only and not supported for production environments. Any issues would be supported as best effort only.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: