cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
316
Views
7
Helpful
4
Replies

Separate FMC

Dodzi
Level 1
Level 1

Hi,
We're building up 2 new data centres, and the connection between them won't be ready for some time, each data centre will have a number FTDs in it, and one FMC in each data centre which will form a FMC cluster.

I was thinking what's the best way to kick start configuration of FTD via FMC and later on connect the FMCs together when the link between the DCs is available.

I'd appreciate any thoughts around it, I hope I made it clear.

Thanks,
Dodzi

4 Replies 4

@Dodzi perhaps it would be a better solution to use the Cloud Delivered FMC (cdFMC) instead of an on-premise FMC. https://secure.cisco.com/secure-firewall/docs/cloud-delivered-firewall-management-center

 

Marvin Rhoads
Hall of Fame
Hall of Fame

If (or when) you later combine two FMCs managing separate devices into one FMC HA pair, only the one designated as Primary will have its managed devices in the combined system. You could export policies and device configuration prior to doing so but it would be a lot of work as well as being error-prone.

The idea @Rob Ingram mentioned would make more sense.

FTD can mgmt by only one fmc.

If you have two fmc then only fmc HA can make ftd connect to one fmc as primary and other as backup.

MHM

Here is my understanding working with FTD and FMC-HA.

FTD will have both IP addresses of FMC HA (primary and secondary) in it configuration. which can be confirmed by using the command "show configure manager" on FTD.
FTD can not have 2xFMC (where each FMC is stand-alone) and not in FMC-HA pair. as @Marvin Rhoads mentioned the way to fix this is using the HA-pair. in order for FMC-HA to work the both hardware spec needs to be matched and so does the software model. unless otherwise if vmware in that case software model and cpu need to be same for appliances.

please do not forget to rate.
Review Cisco Networking for a $25 gift card