Solved: Move FPR-1010 from offsite FMCv to a new FMCv onsite

lcaruso · ‎07-30-2023

I have been working with FPR-1010 and FTD v7.x enough over the last year to have experienced complete a loss of firewall interface configurations when switching managers, for example, from FDM to FMCv.

I need to know beforehand if switching from an offsite FMCv manager to a new onsite FMCv manager will cause the FPR-1010 to again lose its network configuration and require rebuilding or if this operation will execute and only change managers and nothing else.

I assume below is correct procedure; hopefully, I will not have to rebuild the interfaces when switching managers:

show managers
configure manager delete
show managers
configure manager add <FMC Host> <Registration Key> <NAT ID>

Marvin Rhoads · ‎07-31-2023

When you change managers you will need to restore the device configuration from backup as everything but the interface addresses will be lost. (This requires FMC 7.1 or higher.)

You will also need to have backed up the policies from the offsite FMC to the new onsite FMC so that you can associates them with the newly-onboarded FTD.

View solution in original post

Marvin Rhoads · ‎07-31-2023

When you change managers you will need to restore the device configuration from backup as everything but the interface addresses will be lost. (This requires FMC 7.1 or higher.)

You will also need to have backed up the policies from the offsite FMC to the new onsite FMC so that you can associates them with the newly-onboarded FTD.