06-15-2023 06:04 AM
After the Ransomware attack, our FMC VM was encrypted. The backup was unfortunately corrupted as well.
What are the methods to restore FMC from a working Firepower or something like that? Or should we do a clean installation of FMC?
06-15-2023 06:15 AM
@DmitriyG hi, i suggest clean installation if you have configuration backup with you. because there may or may not be compatible descriptors. because there will be no no issue in traffic without FMC. so go with clean install. and make sure to harden device settings to avoid another attack.
06-15-2023 11:32 AM
Unfortunately you cannot restore a running config on an FTD to a new FMC.
The best you can do is output "show running-config" to a text file and rebuild that config in the newly built FMC manually.
06-16-2023 02:30 AM
I would suggest a clean install, and unless you have already exported the ACP, NAT, Flex config policies you will need to recreate these from scratch as well as the security zones and security groups. The only thing that is imported when you "re-onboard" the FTD are the interface configurations, everything else needs to be re-added
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide