vFMC Migration

gcook0001 · ‎01-05-2023

I am getting ready to perform a migration for my vFMC. Currently, our FMC is licensed for 2 devices. We are currently adding a third firewall so we need to create a new vFMC with the new license. According to our rep we can't just add the new license to the current install. From what I understand reading some documentation to perform the migration I need to perform the following steps.

on the current fmc

- backup the configuration

- backup the manged devices

shut down the current fmc

start the new fmc

- restore the managed device backups

- restore the configuration backup

I am not sure about how the licensing will work since we currently have the two licenses. How do I make sure the new FMC gets the correct license.

Is there anythig I am missing?

Thanks

balaji.bandi · ‎01-05-2023

vMFC can supprt up to 25 devices. what is the reason of creating new vFMC

are you creating new vFMC due to resource issue ? what is the reason for new vFMC ?

Management Center Virtual Licenses

The management center virtual License is a platform license, rather than a feature license. The version of virtual license you purchase determines the number of devices you can manage via the management center. For example, you can purchase licenses that enable you to manage two devices, 10 devices, 25 devices, or 300 devices.

https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/fmcv/fpmc-virtual/fpmc-virtual-intro.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

gcook0001 · ‎01-05-2023

Our current license only supports two devices. We are adding a third device. You can't apply the license for 10 devices to a installation that is licensed for 2. Therefore, we need to create an new install using the new license and migrate the settings.

Marius Gunnerud · ‎01-05-2023

I find this very strange that your "rep" has said you need to reinstall the FMCv because of the license. Are you using Smart licensing or legacy licensing? I am leaning towards legacy as this type of issue is easily solved in smart license. If you are using smart license it is just a matter of adding the new entitlement license into the smart account and you are good to go.

As for the migration you should not need to restore the device backups but they are good to have in case of a disaster scenario. But for the FMCv restore I would do something like the following.

1. backup FMC
2. backup managed devices
3. power off or remove the existing FMCv from the network
4. power on and configure management on the new FMCv
5. configure remote storage device for the new FMCv
6. restore the backup to the new FMCv
7. verify that devices are showing as registered under the devices tab
8. access CLI on the FTD devices and verify "show managers" is registered to the new FMCv
9. verify that there are no pending deploy jobs

--
Please remember to select a correct answer and rate helpful posts

Marvin Rhoads · ‎01-06-2023

Your rep is giving you bad info. As @Marius Gunnerud and @balaji.bandi said, you do not need to rebuild your FMC.

While it is true that licenses don't "stack" (i.e. you cannot buy 2 each 2-device licenses to manage 4 firewalls), you can replace an existing 2-device license with a 10 (or 25) device license and be done with the job in about 2 minutes.

glsparks · ‎01-09-2025

Is this also true going from 25 to 300? You don't need to rebuild?

Marvin Rhoads · ‎01-09-2025

FMCv300 would require a new build since the disk is sized differently and it is internally identified as a different model.