Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5696
Views
70
Helpful
19
Replies

Replace Secondary Firepower when in HA

Go to solution
Garry Cooper
Level 1
Level 1

‎08-08-2022 08:23 AM

Have to replace a faulty secondary firepower, I am trying to delete the secondary from FMC that is setup in HA , but I cannot find the correct information to delete this.

I can click the bin button, but get this error "Confirm Delete" see below, and I am not sure ho to proceed.

But I am guessing the primary will run as it is then I should be able to delete the secondary then re-add the new firewall.

TIA

 

 

 

Preview file
48 KB
Preview file
28 KB
0 Helpful
19 Replies 19

Go to solution
Garry Cooper
Level 1
Level 1

‎08-15-2022 01:04 AM - edited ‎08-15-2022 01:53 AM

Just an update to my issue, so got Tac involved and they found an issue with FMC not synchronizing that was causing the issue me not allow the upgrade.  Once fixed I could upgrade to same version as primary.

My issue now is I need to force break HA so I can get rid of the faulty secondary ftd this still present in FMC.

If I try to delete the secondary it throws and error about the VPN Config "The Device 'NCC-Civic-FTD-HA' cannot be deleted because the following VPN Configuration(s) refer this device."  I have over 100 VPN's setup so not an option the just delete and redo,

Tac say I need to force delete, see image below.

Anyone know timescale on how long this will take.

 

Preview file
59 KB
Preview file
29 KB
0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to Garry Cooper

‎08-15-2022 02:27 AM - edited ‎08-15-2022 02:29 AM

You need to log into the CLI and issue the command "configure high-availability disable".

I suggest that before doing this you have a complete backup of the FMC and FTD device.

If FTD has been removed from the network and it is just the presence of the FTD object in the GUI, then check the box for force and continue with the delete.  It should only take a few seconds.  But still make sure you have a full backup ready to be restored.

--
Please remember to select a correct answer and rate helpful posts

Go to solution
Garry Cooper
Level 1
Level 1
In response to Marius Gunnerud

‎08-15-2022 02:38 AM

Marius.

Thanks for the reply,  just had an email from tac saying that it will take upto 20 mins, if I force the break ha..

But this totally defeats the object of having HA, if you have a working primary and you need to remove some simple ha config to re introduce a secondary, and this will cause service disruption.

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to Garry Cooper

‎08-15-2022 03:03 AM

I dont see how this would take 20 minutes.  I have never tried the "force" option but for a regular break it is just the deployment time.

--
Please remember to select a correct answer and rate helpful posts

Go to solution
Garry Cooper
Level 1
Level 1
In response to Marius Gunnerud

‎08-16-2022 06:07 AM

Just an update, got both firepowers back in HA.

Doing a Force does interupt traffic, but for only about 20 secs.

It then drops again after makeing HA again.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card