Re: vFMC on HyperV. Are we there yet?

itsupport · ‎01-14-2019

I administer a site with several FTDs, controlled by a vFMC. At the time of installation, around a year ago, I heard rumours from various sources that support for HyperV was "Roadmapped". Since we use HyperV exclusivly as a virtualisation host, I purchased an "Office PC", threw the free version of ESX 6.5 on it, and used that just to host the vFMC. It sits in the rack with the "real" servers. Has worked fine, but is of course just a PC, so no redundant hard drives, fans, enviromental monitoring, out of band management or any of that nice stuff. Plan was to move the vFMC to a HyperV machine once supported, and use the office PC for something else.

I notice now that the vFMC is supported on Azure. Azure basically IS HyperV, with a few extra bells and whistles. Hence, I would guess there is a good chance that the vFMC would run just fine on HyperV. Target I have in mind is a new server we are purchasing, which will be running Server 2019.

Has anyone tried this? Anyone know of any "solid rumours" about HyperV support in the near future?

Francesco Molino · ‎01-14-2019

Hi

Unless there's something new I'm not aware of, FMCv isn't supported in Azure neither on Hyper-V.
On Azure, you can have the firewall itself which is managed by FMC but this FMC runs out of Azure.
Here a documentation:
https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/azure/ftdv-azure-qsg.html

FMCv is supported on ESXi, KVM and AWS Cloud.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

hoffa2000 · ‎02-11-2019

Hi all

FMC support in Azure has been on the top of my Cisco wish list for over a year. Mostly because of architectural reasons, we are moving our datacenters to Azure and in doing so there isn't much investment done into performance for our VMware anymore. For me as security...manager, it's got to the point I cannot expand my FTD/ASA-Firepower platform anymore because of performance issues with our vFMC.

/Fredrik

ajc · ‎08-28-2019

Hi everyone,

I am facing the same issue, all our virtualization environment is based on Hyper-V and I need to install a virtual FMC. Is it still not supported?

thanks

Marvin Rhoads · ‎08-28-2019

It is still not supported as of FMC 6.4.0.4.

I've been asking for it on behalf of my customers for about 3 years. No joy so far.

Michael Braun · ‎02-11-2020

Hi guys, just for everyone to know, since 6.5 (technically 6.4 but with that one i had issues) there is an Azure version and (while its is not officially supported) it runs on Hyper-V. I have it running smooth on a Win10 OS (experimental stage) no issues, just make sure you run 6.5 with a fresh install and latest updates.

Just one more thing, i could not import the config from the VMWare version - it says it is not possible due to version conflict.

Michael Braun · ‎02-13-2020

Additional info:

The zipped file is around 2GB, keep in mind, unzipped it is the virtual HD (250GB).

Just make a new VM Gen 1 , add the existing drive - GO

It works with one network card, but you can add more, i tried with 4 and they showed up under configuration.

I gave it 4 virtual CPU's and 16384 MB.

The installation took A VERY LONG TIME, (pretending to do nothing unless you watch drive access, it is doing a lot)

but i did not have the fastest drives available, so your experience my differ.

From what i can tell, after first boot it creates all the database tables and such, so it will take a while in any case.

In the end you should end up at the setup prompt (if you watch the console window)

Funny thing, it seems to run with better performance compared to the VMWare install.

jocke9292 · ‎02-27-2020

Crap, we are doing a hyper-v migration and now I don't have high hopes on converting our firepower management center to hyper-v. I'd forgot about this limitation in the firepower VM and just randomly thought that I should google how to do it to be prepared.

chris.kelly · ‎06-15-2020

Found this post whilst trying to migrate our own FMC to Hyper-V. Hopefully it'll help somebody else out as we've just managed to migrate the FMC from a standalone ESXi server into our Hyper-V environment. I doubt this method is officially supported but it works!

- Download and deploy the 6.5.0 FMC for Azure into Hyper-V environment (might want to convert the fixed vhd to a dynamic vhdx while you're at it). Login and set the admin password etc and set it to another IP address for now.

- The existing FMC and the new FMC versions must match for this to work, so either upgrade the existing FMC to 6.5.0 or upgrade the Azure version to whatever version the existing FMC is on. (Why are the FMC upgrades soooo slow.....)

- Once they are on the same version install the latest Vulnerability And Fingerprint Database Updates on both FMCs. These must match for the restore to work.

- Backup the existing FMC via the system>tools menu. You want a Firepower Management backup with both Backup Configuration and Backup Events selected. Download the tar file you created.

- Open the tar file using your favourite compression utility (7zip works fine for this) and edit this file: etc/sf/ims.conf

- Edit the following two lines to match this: MODEL="Cisco Firepower Management Center for Azure" and PRODUCT_ID=FS-AZU-SW-K9 and save the file back to the tar.

- Shutdown the existing FMC.

- In Hyper-V set the MAC address of the new FMC VM to match the MAC address of the old FMC VM. This is to avoid licensing problems post restore.

- Restore the tar file using the restore function in the system>tools menu on the new FMC. Again this will take ages....

Once the restore is complete the FMC will reboot onto the old FMC IP address and function normally. Because of the source of the backup it will report that it is a Cisco Firepower Management Center for VMWare install but this does not seem to have any bearing on the function or updates. I have patched the system up to 6.5.0.4-57 without any issues (haven't tried 6.6 yet as this has taken long enough!).

Hope this helps.

Michael Braun · ‎06-15-2020

Nice, although sad that we have to run in circles to accomplish something that Cisco should provide in first place.

Maybe there is a file somewhere on the system where you can change the ID to Azure instead of the "wrong" VMWare idendity.

Not sure if that would cause a license issue???

There may be no errors now, but who knows with the next major update.

Cisco software = Box of chocolate - never know what you are gonna get....

Alexander Proskurnin · ‎09-21-2020

Hi, Chris! Thanks for your sharing.

Have you updated version to 6.6? Are you having any issues while using it on HyperV?

chris.kelly · ‎03-30-2021

Have been running 6.6 for a little while now with no issues at all related to it being in Hyper-V

DMel · ‎03-29-2021

Do we know if this is Legacy boot or UEFI?

We are about to attempt this from KVM to Hyper-V/Azure with v6.7

chris.kelly · ‎03-30-2021

Generation 1 VM under Legacy boot

DMel · ‎03-30-2021

Next step....

We have the HyperV VM created...and it is booting from the FMC for Azure VHD(X).

However, it is not completely booting. I have rebooted it 3 times, and let it sit for a couple of hours.

It stops at the line "usbcore: registered new interface driver usb-storage"

Is there something I missed in setting up the VM?