Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2385
Views
0
Helpful
5
Replies

Move fmc or reinstall

Go to solution
moskalevas
Level 1
Level 1

‎03-24-2020 03:44 AM

Hi all, i have fmc virtual, he works fine. The task is move fmc in other side (cloud), ip address will different, how make it that would, no lose access my ftd device, and save license? maybe who have instruction?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-24-2020 05:00 AM

Here's how I would do it:

Go into each managed device in the FMC GUI and make management inactive. Perform a current FMC backup.

Then go into each managed device at the cli and "configure manager delete".

Shutdown and move the FMC (either restore from backup or vMotion depending on your environment).

Configure the new IP address on FMC and then make management active for each device.

Then go into each managed device at the cli and "configure manager add..." using the new FMC address and same shared key that was originally used.

Verify the devices all re-register. Once they do, redeploy policies to sync everything.

 

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-24-2020 05:00 AM

Here's how I would do it:

Go into each managed device in the FMC GUI and make management inactive. Perform a current FMC backup.

Then go into each managed device at the cli and "configure manager delete".

Shutdown and move the FMC (either restore from backup or vMotion depending on your environment).

Configure the new IP address on FMC and then make management active for each device.

Then go into each managed device at the cli and "configure manager add..." using the new FMC address and same shared key that was originally used.

Verify the devices all re-register. Once they do, redeploy policies to sync everything.

 

0 Helpful

Go to solution
moskalevas
Level 1
Level 1
In response to Marvin Rhoads

‎03-24-2020 06:03 AM

Thanks for the answer, Marvin, I have 2 ftd devices in HA pair, am I just deleting them from fmc (delete)? And, if I forgot the key that I used when adding ftd to fmc, what nuances can there be when using the new key, or can I see it somewhere?
0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to moskalevas

‎03-24-2020 07:52 AM

The plain text keys are not stored once the registration is done. So if you've lost them you may need to delete and re-add the devices in FMC.

https://community.cisco.com/t5/network-security/re-register-key-for-a-source-fire-module/td-p/2825256

You might want to open a TAC case and see if they can help with more tailored suggestions.

0 Helpful

Go to solution
C Garstka
Level 1
Level 1
In response to Marvin Rhoads

‎08-17-2021 03:22 PM

What if you keep the same IP for the restored FMC? I ask because making the managed devices "unmanaged" will take down site-to-site VPNs, would it not? Making turning them back on remotely impossible.

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to C Garstka

‎08-17-2021 07:26 PM

How can your FMC have the same address if you move it from an on premises subnet to the cloud?

Also, as I mentioned before, "You might want to open a TAC case and see if they can help with more tailored suggestions."

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card