Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1588
Views
0
Helpful
6
Replies

Moving FMC4100 to New Data Center

TCSPB
Level 1
Level 1

‎02-15-2018 12:03 PM - edited ‎02-21-2020 07:22 AM

We are going to be moving our FMC FS4000 appliance to a new data center in the near future.   Does anyone here have any experience with moving their FMC like this?

 I know that the IP and name changes will require us to reconnect all SFR modules, but was wondering if there is anything else we need to worry about. Is there anything else that we should be aware of with the FMC being offline for more than 24 hours?  Besides not being able to make changes, is there anything else that we need to worry about?

Right now the plan is to make sure we have a backup, make the name and IP changes, then power off the FMC and ship it overnight to the new DC.  Then re-rack and power on in the new location.  I think because the SFR modules all connect to the manager by name, when we change the DNS record they will all be able to connect right back up after the device comes back online. 

Labels:
0 Helpful
6 Replies 6

Oliver Kaiser
Level 7
Level 7

‎02-15-2018 12:52 PM

Since you have used FQDN to register to your FMC the connection to the sensor should be re-established (already tested it > worked fine).

If you are using URL filtering make sure to disable unknown url lookups before the FMC migration to make sure you dont have latency issues (FMC does unknown url lookups and your sensors would need to reach a timeout before passing traffic with unknown urls).

In case you are using identity integration you should also be aware that there wont be any ip:user updates since FMC handles all the connection to ISE / User-Agent.

Hope that helps. :)
0 Helpful

TCSPB
Level 1
Level 1
In response to Oliver Kaiser

‎02-15-2018 01:41 PM

We are doing some URL filtering such as blocking Rep 1 URLs and the Category filters for things like Spam and Malware sites. Are you saying we should disable these while the FMC is offline?



I'm not sure where the unknown URL lookups come into play here so any help would be appreciated.


0 Helpful

Oliver Kaiser
Level 7
Level 7
In response to TCSPB

‎02-15-2018 04:37 PM

The unknown url lookups are triggered when an URL cannot be found in the local url database. On every sensors you have database in memory that is being queried when a url is being recognized in your network traffic. If the local url database has no match it will forward the query to FMC which then forwards the query to the cloud.

You can enable/disable unknown url lookups in FMC UI at System > Integration > Cisco CSI
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Oliver Kaiser

‎02-15-2018 08:06 PM

Hi Oliver,

 

Your reply reminded me of this behavior. I believe the box is unchecked by default.

 

https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/117956-technote-sourcefire-00.html#anc7

 

In the event that we do check it, do you know what the timeout value is? I don't see that in the documentation.

0 Helpful

Oliver Kaiser
Level 7
Level 7
In response to Marvin Rhoads

‎02-16-2018 03:51 PM

Hi Marvin,

I think there is a section in the FTD book by Nazmul Rajib that goes into more details. Unfortunately I borrowed mine to a colleague so I cant look it up at the moment. When I get a chance to look it up I will update this thread.
0 Helpful

TCSPB
Level 1
Level 1

‎03-02-2018 08:04 AM

Is there a procedure for changing the manager IP on a HA pair of FTD devices?  Is it as simple as deleting them from the FMC and adding them back using the new IP address?

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card