Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4344
Views
0
Helpful
7
Replies

Reinstall FMC virtual appliance

Go to solution
Roy Lee
Level 1
Level 1

‎10-22-2018 01:20 AM - edited ‎02-21-2020 08:22 AM

Dear All,

As my FMC virtual appliance was crashed when restore a backup (always show: System processes are starting, please wait.)

, I would like to reinstall FMC and try restore the backup again...

The original FMCv is managing a FirePower 2110.

I would like to reinstall FMCv from fresh.

A silly question: Is that possible to sync back the configuration/Policy etc from the FirePower 2110 to the fresh FMCv?

 

Here is my plan:

1. De-register the crached FMCv from smartlicense portal. (Because the MAC address will change)

2. Install FMCv from fresh with same version and update to same VDB as the crashed one.

3. Upload and restore the backup.

4. Register the fresh FMCv from smartlicense portal, and select appropriate license.

5. Hopefully the fresh FMCv can connect to the FirePower 2110 senor automatically?

5. Deploy the policy again to the FirePower 2110.

 

Anything wrong about my plan? And what should I take care before and after reinstall?

Thanks,

Roy Lee

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Roy Lee

‎10-23-2018 08:06 PM

I've only ever done a few FMC restores and they worked fine.

 

You would be best off opening a TAC case for this sort of issue as it is likely due to some low level setting that's not easily diagnosed in this forum.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-22-2018 05:09 AM

The "system processes are starting" can take as long as 20 minutes or so to complete.

 

Unfortunately you can restore a configuration from a sensor to an FMC - even for the policies that are running on the sensor.

 

You might want to open a TAC case to check on your restore. Note you do need to have the same VDB and Snort Rules that were on the FMC previously already applied on the rebuilt FMC in order to restore successfully.

0 Helpful

Go to solution
Roy Lee
Level 1
Level 1
In response to Marvin Rhoads

‎10-22-2018 08:52 AM

Dear Marvin,
Unfortunately, the message "system processes are starting" stay over 1 hour after restore. I have reboot the FMCv but still got same message and can't login.
I have open another thread for the detail but no help: https://community.cisco.com/t5/firepower/fmc-virtual-appliance-6-2-3-on-esx-6-5-restore-problem/td-p/3728492
I didn't buy TAC support and there are leak of resources on the web (compare with ASA......), so I wonder only way is to rebuilt FMCv.
Thanks,
Roy Lee
0 Helpful

Go to solution
Roy Lee
Level 1
Level 1

‎10-23-2018 03:51 AM

OK, I have spend whole day to JUST install a fresh FMCv 6.2.3 on ESXi6.5.

I want to set static MAC address so next time rebuild no need to care about licensing and hopefully the sensor connection.

Retried 4 times all failed, lots of Failed at Initialize stage, and the "System processes are starting, please wait" show after all.

Finally I gave up any changes from the default setting of VOF and rebuild AGAIN. I can login FMC after 5 times rebuild.....

OK, try to restore the backup done last week..... failed... "Unable to restore CSM"...... "System processes are starting, please wait" come back again...

What a wonderful product...

 

Now I think I can only rebuild fresh FMCv and connect to the FirePower 2110 which will remove all configuration.....

Hopefully I can get back the control on FirePower 2110. Then try the backup/restore again.....

It's nightmare if backup/restore function may destroy everything....

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Roy Lee

‎10-23-2018 06:09 AM

I missed you saying earlier that you had attempted to rebuild while changing the OVF settings. That is very risky and would not be expected to result in a clean build.

 

I've installed dozens of FMCv for multiple customers since as far back as when it was Sourcefire Defense Centre 5.0 and never had a problem with any of them.

0 Helpful

Go to solution
Roy Lee
Level 1
Level 1
In response to Marvin Rhoads

‎10-23-2018 08:03 AM - edited ‎10-23-2018 08:11 AM

Hi Marvin,
Sorry for my bad english. I changed the default setting after deploy the OVF, by assigning a static MAC address inside the VM setting, not directly modify OVF file. The Cisco FMCv deployment guide also mention this static MAC address.
But this static MAC address caused the login problem of my 4 rebuilds, so I deploy OVF again directly without changing any VM setting.
It's up and running, but when I restore the backup of last week, crash again.
I wonder my last week backup got problem which cause restore fail. I will try to backup and restore again.
May I know your experience on backup / restore of FMCv? Is that stable?
If FMCv crash and restore fail like what happened to me, I can only build a fresh FMCv and lost all configuration. All existing firepower devices will lost configuration when connect and manage by that fresh build FMCv, right?
That is what I worry.

Will import configuration to fresh FMCv can be used in case of restore fail?
Thanks,
Roy Lee

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Roy Lee

‎10-23-2018 08:06 PM

I've only ever done a few FMC restores and they worked fine.

 

You would be best off opening a TAC case for this sort of issue as it is likely due to some low level setting that's not easily diagnosed in this forum.

0 Helpful

Go to solution
Roy Lee
Level 1
Level 1
In response to Marvin Rhoads

‎10-24-2018 12:42 AM

Thanks.
I will purchase TAC service asap, to secure the FirePower maintenance.
Hope I will never do the restore.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card