Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1516
Views
5
Helpful
3
Replies

Replace old FMC 2000 to new FMC 1600

kalger
Level 1
Level 1

‎05-31-2022 02:59 AM

Hi,
I have to replace a Cisco Firepower Management Center 2000 with a FMC 1600. Cisco does not support this migration path. The FMC is standalone, managing 2 FTDs in HA. Current software version is 6.4.0.14. What would be the best way of the replacement?

Thanks!

Standalone Firepower Management Center Model Migration Workflow

1

Create a backup file in the source Firepower Management Center.

Back up the Firepower Management Center

Note 

In addition to Back Up Configuration, you must also select Backup Events and Backup Threat Intelligence Director. If Threat Intelligence Director is not enabled, the option to select TID backup does not appear.

2

Set up the target FMC.

Prepare for Migration

3

Copy the generated backup file to the target FMC.

Upload a Backup File

4

Disconnect the target FMC from the network.

Physically disconnect (unplug) the target FMC device from the network.

5

Execute the migration script in the target FMC.

Firepower Management Center Model Migration Script

6

Unregister your source Firepower Management Center from the Cisco Smart Software Manager.

Deregister a Firepower Management Center from the Cisco Smart Software Manager

7

Disconnect the source FMC from the network.

Physically disconnect (unplug) the source FMC device from the network.

8

Connect the target FMC to the network. Note that it may take a few minutes for the managed devices to establish a heartbeat with the target FMC.

See the Getting Started Guide for your Firepower Management Center model.

9

Enable smart licensing in the target FMC.

License Requirements for Firepower Management Center

10

Verify that a heartbeat is established for all devices managed by target FMC.

After a successful migration, the target Firepower Management Center has the IP address that the source model had before migration. Log in to the target FMC and verify that all configurations are restored and that basic FMC operations such as policy editing, deployment, and scheduled jobs work as expected.

1 person had this problem
0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-31-2022 09:28 AM - edited ‎05-31-2022 09:29 AM

Prior to running the migration script, modify the model of the target FMC 1600 to fool the script into thinking it is a supported model. There is a shell script on FMC that you can use to do this. Use this script as root from the cli:

/var/sf/etc/model-info/configure-model.sh

Change the model of the new appliance to FMC 2600 and then reboot and run the migration script. After this redo the script and revert it to FMC 1600.

 

kalger
Level 1
Level 1
In response to Marvin Rhoads

‎06-01-2022 04:26 AM

It seems to be an easy solution.
I will try in a couple of days and get back with the results.
Thank you Marvin!

0 Helpful

amonroynex
Level 1
Level 1
In response to kalger

‎01-27-2023 02:05 PM

Hello Kalger,

Could you please share your experience and end result?

Thanks and regards.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card