Solved: Server hardware requirements for remote storage of FMC backups

BACANEL · ‎05-22-2024

I know FMC is quite picky when it comes to remote storage and that Cisco recommends backing up the FMCs and managed devices to a secure remote location by mounting NFS, SMB or SSH network volumes as remote storages. My FMC are currently on version 7.2.7.

I did locate some documentation that review the supported protocols and versions (older FMC versions) but it does not give the hardware requirements for the server.

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/admin/710/management-center-admin-71/system-config.html#ID-2241-00000551

Management Center Remote Storage - Supported Protocols and Versions

Management Center Version NFS Version SSH Version SMB Version

6.4	V3/V4	open ssh 7.3p1	V2/V3
6.5	V3/V4	cisco ssh 1.6.20	V2/V3
6.6	V3/V4	cisco ssh 1.6.20	V2/V3
6.7	V3/V4	cisco ssh 1.6.20	V2/V3

What are the recommended server hardware (Physical or Virtual) requirements for FMC and managed device backups? Any guidance would be greatly appreciated.

BACANEL · ‎06-05-2024

I verified that the rpc is bind with /etc/init.d/rpcbind status - it shows "/usr/sbin/rpcbind pid 8340) is running ...
I mount the server with /bin/mount -t nfs x.x.x.x:B:/NFSBackups /mnt/remote-storage -o rw,vers=3 (version 4 failed, but ver 3 seems to work)
I checked the version on the server with rpcinfo -p x.x.x.x
I verified I can ping the server from the FMC successfully

I filled out the following under remote storage devices
storage type : NFS
host : x.x.x.x
directory : B:/NFSBackups
Advanced options : enabled with the following command line options : rw,vers=3,noatime,-o nolock
selected "use for backups"

but now im getting the following error

Cannot delete the test file under directory /mnt/remote-storage

Could anyone please provide guidance - any help would be appreciated

I reference the following cisco documentation

Configure Remote Backup for FMC Using NFS Storage Device - Cisco

Cisco Secure Firewall Management Center Administration Guide, 7.2 - System Configuration [Cisco Secure Firewall Management Center] - Cisco

Cisco: Security - Firepower Management Center (FMC) Backup

Configure Remote Backup for FMC Using NFS Storage Device - Cisco

View solution in original post

balaji.bandi · ‎05-22-2024

anything is fine as long as you have enough space

we use SMB / SSH works fine as expected. Depends on the deployment watch out space on the remove storage and clear up when the old backup not required based on the compliance ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Marius Gunnerud · ‎05-22-2024

You need a server that can support either NFS, SSH, or SMB. We use SSH for backup to a Linux virtual machine. Just be sure that the user you will use for backups has read / write permissions to the directory and that the server has sufficient disk space to store the number of backups you require.

--
Please remember to select a correct answer and rate helpful posts

BACANEL · ‎06-04-2024

Are there any specific configurations from a windows perspective that I need to verify - I am receiving the following error :

mount.nfs: Protocol not supported
Cannot mount NFS remote device, please verify the remote directory name

I did verify with the windows server engineer that the IP and path is correct and that the permissions are correct for the NFS folder.

Marius Gunnerud · ‎06-05-2024

Has the team verified the folder permissions? The NFS setup in FMC does not provide user options, so you might either need to use the option field to provide a user that you are connecting with or look at and amend the permissions on the folder. The logs on the server should give a better indication if this is the issue.

--
Please remember to select a correct answer and rate helpful posts

BACANEL · ‎06-05-2024

Yes the server team did confirm the permission settings as Read/Write as well as all other configuration settings on the server side

BACANEL · ‎06-05-2024

I verified that the rpc is bind with /etc/init.d/rpcbind status - it shows "/usr/sbin/rpcbind pid 8340) is running ...
I mount the server with /bin/mount -t nfs x.x.x.x:B:/NFSBackups /mnt/remote-storage -o rw,vers=3 (version 4 failed, but ver 3 seems to work)
I checked the version on the server with rpcinfo -p x.x.x.x
I verified I can ping the server from the FMC successfully

I filled out the following under remote storage devices
storage type : NFS
host : x.x.x.x
directory : B:/NFSBackups
Advanced options : enabled with the following command line options : rw,vers=3,noatime,-o nolock
selected "use for backups"

but now im getting the following error

Cannot delete the test file under directory /mnt/remote-storage

Could anyone please provide guidance - any help would be appreciated

I reference the following cisco documentation

Configure Remote Backup for FMC Using NFS Storage Device - Cisco

Cisco Secure Firewall Management Center Administration Guide, 7.2 - System Configuration [Cisco Secure Firewall Management Center] - Cisco

Cisco: Security - Firepower Management Center (FMC) Backup

Configure Remote Backup for FMC Using NFS Storage Device - Cisco

BACANEL · ‎06-05-2024

apologies - I still have the problem and this has not been resolved - I am trying to find a solution for the error im receiving

cannot delete the test file under directory /mnt/remote-storage