cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1717
Views
2
Helpful
7
Replies

Server hardware requirements for remote storage of FMC backups

BACANEL
Level 1
Level 1

I know FMC is quite picky when it comes to remote storage and that Cisco recommends backing up the FMCs and managed devices to a secure remote location by mounting NFS, SMB or SSH network volumes as remote storages. My FMC are currently on version 7.2.7.

I did locate some documentation that review the supported protocols and versions (older FMC versions) but it does not give the hardware requirements for the server.  

 https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/admin/710/management-center-admin-71/system-config.html#ID-2241-00000551

Management Center Remote Storage - Supported Protocols and Versions

 Management Center Version NFS Version SSH Version SMB Version

6.4

V3/V4

open ssh 7.3p1

V2/V3

6.5

V3/V4

cisco ssh 1.6.20

V2/V3

6.6

V3/V4

cisco ssh 1.6.20

V2/V3

6.7

V3/V4

cisco ssh 1.6.20

V2/V3

What are the recommended server hardware (Physical or Virtual) requirements for FMC and managed device backups?   Any guidance would be greatly appreciated.

 

 

1 Accepted Solution

Accepted Solutions

BACANEL
Level 1
Level 1

I verified that the rpc is bind  with /etc/init.d/rpcbind status - it shows "/usr/sbin/rpcbind pid 8340) is running ...
I mount the server  with /bin/mount -t nfs x.x.x.x:B:/NFSBackups /mnt/remote-storage -o rw,vers=3  (version 4 failed, but ver 3 seems to work)
I checked the version on the server with rpcinfo -p x.x.x.x
I verified I can ping the server from the FMC successfully

I filled out the following under remote storage devices
storage type : NFS
host : x.x.x.x
directory : B:/NFSBackups
Advanced options : enabled  with the following command line options : rw,vers=3,noatime,-o nolock
selected "use for backups"

but now im getting the following error 

Cannot delete the test file under directory /mnt/remote-storage 

Could anyone please provide guidance - any help would be appreciated

I reference the following cisco documentation

Configure Remote Backup for FMC Using NFS Storage Device - Cisco

 

Cisco Secure Firewall Management Center Administration Guide, 7.2 - System Configuration [Cisco Secure Firewall Management Center] - Cisco

 

Cisco: Security - Firepower Management Center (FMC) Backup

 

Configure Remote Backup for FMC Using NFS Storage Device - Cisco


 

View solution in original post

7 Replies 7

balaji.bandi
Hall of Fame
Hall of Fame

anything is fine as long as you have enough space

we use SMB / SSH  works fine as expected. Depends on the deployment watch out space on the remove storage and clear up when the old backup not required based on the compliance ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

You need a server that can support either NFS, SSH, or SMB.  We use SSH for backup to a Linux virtual machine.  Just be sure that the user you will use for backups has read / write permissions to the directory and that the server has sufficient disk space to store the number of backups you require.

--
Please remember to select a correct answer and rate helpful posts

BACANEL
Level 1
Level 1

Are there any specific configurations from a windows perspective that I need to verify - I am receiving the following error : 

mount.nfs: Protocol not supported
Cannot mount NFS remote device, please verify the remote directory name

I did verify with the windows server engineer that the IP and path is correct and that the permissions are correct for the NFS folder.

Has the team verified the folder permissions?  The NFS setup in FMC does not provide user options, so you might either need to use the option field to provide a user that you are connecting with or look at and amend the permissions on the folder.  The logs on the server should give a better indication if this is the issue.

--
Please remember to select a correct answer and rate helpful posts

BACANEL
Level 1
Level 1

Yes the server team did confirm the permission settings as Read/Write as well as all other configuration settings on the server side

BACANEL
Level 1
Level 1

I verified that the rpc is bind  with /etc/init.d/rpcbind status - it shows "/usr/sbin/rpcbind pid 8340) is running ...
I mount the server  with /bin/mount -t nfs x.x.x.x:B:/NFSBackups /mnt/remote-storage -o rw,vers=3  (version 4 failed, but ver 3 seems to work)
I checked the version on the server with rpcinfo -p x.x.x.x
I verified I can ping the server from the FMC successfully

I filled out the following under remote storage devices
storage type : NFS
host : x.x.x.x
directory : B:/NFSBackups
Advanced options : enabled  with the following command line options : rw,vers=3,noatime,-o nolock
selected "use for backups"

but now im getting the following error 

Cannot delete the test file under directory /mnt/remote-storage 

Could anyone please provide guidance - any help would be appreciated

I reference the following cisco documentation

Configure Remote Backup for FMC Using NFS Storage Device - Cisco

 

Cisco Secure Firewall Management Center Administration Guide, 7.2 - System Configuration [Cisco Secure Firewall Management Center] - Cisco

 

Cisco: Security - Firepower Management Center (FMC) Backup

 

Configure Remote Backup for FMC Using NFS Storage Device - Cisco


 

BACANEL
Level 1
Level 1

apologies - I still have the problem and this has not been resolved - I am trying to find a solution for the error im receiving 

cannot delete the test file under directory /mnt/remote-storage

 

Review Cisco Networking for a $25 gift card