12-23-2020 06:13 AM
Dear Community,
I would like to clean up my doubts to make a proper plan for migrating primary FTDv from old esxi to new one with better conditions. As I mentioned earlier there is a FTDv HA pair managed by FMCv. So, I found a cisco document
However, It's a bit a vague for me. As there is nothing to be said about how to retain a configuration running on primary unit.
Though, at some documents I read that after breaking HA pair primary node retains a config and secondary is being vanished.
So, what If I
- switch primary FTDv active unit to secondary FTDv unit
- break the HA pair
- de- register HA pair entirely
Will secondary unit obtain the full configuration which was initially in primary unit? and being active all the time since it was delegated to process the traffic?
So that, I would be able to bring up meantime a new primary unit in the new esxi host without production traffic impact. Then,
- register it as a new device to FMCv
- form new HA pair with existing secondary unit
- new primary FTDv unit join to the new HA pair as a secondary
- existing secondary unit join as primary
Thereby, replicate the previously moved configuration to secondary unit on to "new primary unit".
Please correct me or propose validated steps to achieve requested!
Thank you very much!
12-23-2020 11:58 PM
12-24-2020 02:24 AM
Hello Mohammed,
Thank you for looking into my question!
The tricky part is that. My virtual FTDs are not installed on shared disk storage meaning vmotioning is not possible. As for the provisioning I am not sure if it's possible? I might not read thoroughly through docs but I didn't see if I am allowed to do so. As that's meaning to transfer the turned off primary vFTD from one esxi dedicated disk storage to another "new" esxi dedicated storage. So, my concern is Does that not involve any inconsistency further with object's ids or anything similar at FMCv then? which would prevent to accept restoring communication between moved machine? or there matters only mac address and ip attached to management interface? udi used as well but it won't changed if I achieved it by transferring as you are suggesting....
I was having an experience of reimaging FTDv due to some conditions. However, not tried transferring between esxi yet.
As for the availability HA interfaces as well as data interfaces there is everything is set over distributed switch where old and new esxi hosts are part of. So, that's not a problem.
Thank you very much!
12-24-2020 04:11 AM
12-24-2020 04:52 AM
Ok, so I will give a try of simply transferring primary unit without breaking HA at FMCv. However, I will confirm that only after the new year.
Will update the thread afterwards.
Thank you very much!
01-27-2021 02:54 AM
Just for the sake of a complete picture. I have conducted a change by going with the next steps:
- Switch the role Secondary to Active;
- Make sure traffic diverted and being processed fine;
- Turn off Primary vFTD;
- Migrate it from one to another esxi;
- Start Primary vFTD;
- See it appeared in Cisco FMCv;
- Switch Roles back to original successfully.
Thank you, Mohammed!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide