Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
311
Views
0
Helpful
4
Replies

Restore an FTD -- from backup or from HA sync?

Go to solution
brettp
Level 1
Level 1

‎03-19-2024 09:58 AM

I am little confused. What is the preferred or best method of restoring a re-imaged FTD (1000 series) that was part of an HA pair? Is it better to run a restore from backup... Or is better to simply configure the device with a barebones config and set up the HA pair again (allowing the primary to push the config.) What is the difference or the pros/cons? Any insight is appreciated. Thanks!

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎03-19-2024 10:20 AM

@brettp

There is a guide that covers both methods:-

https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense/221097-replace-faulty-unit-in-secure-firewall-t.html

IMO, I would configure the barebones config of the management IP address and re-register with the FMC, rather than restore from backup.

 

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Rob Ingram
VIP
VIP

‎03-19-2024 10:20 AM

@brettp

There is a guide that covers both methods:-

https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense/221097-replace-faulty-unit-in-secure-firewall-t.html

IMO, I would configure the barebones config of the management IP address and re-register with the FMC, rather than restore from backup.

 

0 Helpful

Go to solution
brettp
Level 1
Level 1

‎03-22-2024 08:32 AM - edited ‎03-22-2024 08:33 AM

@Rob Ingram Thank you for your input! Do you know if there are any pros or cons to one method or the other? 

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to brettp

‎03-25-2024 01:06 AM

@brettp well, using the backup/restore method might take slightly longer doing the restore and a subsequent reboot, and the configuration would still be synchronised from the active unit. The other method does not rely on a backup configuration (which would maybe out of date anyway) and has less steps, taking slightly less time to complete.

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP

‎03-24-2024 04:28 AM

I always prefer to let HA sync the configuration when the device is in an HA pair.  This is due because the active device will always sync its configuration to the standby overwriting any existing configuration already there. 

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card