cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10351
Views
11
Helpful
6
Replies

Virtual Firepower Management Centre High Availability?

nickbettison
Level 1
Level 1

Hi,

What options (if any) are there for Virtual (VMWARE) Firepower Management Centre High Availability?

I notice in the 6.1 release notes that only physical appliances are listed and the menu isn't available in my lab virtual appliance.

- I'm looking to deploy in a Layer 3 Data Centre topology, i.e vmotion probably isn't an option.

Thanks in Advance,

Nick

1 Accepted Solution

Accepted Solutions

Oliver Kaiser
Level 7
Level 7

vMotion would be an option if you had a l2 interconnect (although its not officially supported, it works fine)

I would recommend a DR plan.

Install a 2nd vFMC and keep the version aligned to your active vFMC. If your primary fails, import your backup into your cold standby FMC (dont backup event data or this prpcess will take > 30 minutes. Spin up your SVI to get the same network as in your other dc up and you should be done.

Let me know if that answers your wuestion

View solution in original post

6 Replies 6

yogdhanu
Cisco Employee
Cisco Employee

Hi There,

HA for virtual FMC isn't supported, You would need to go for physical appliance.

Thanks

Yogesh

Rate if helps.

I really find it a little puzzling that the FMC virtual does not have an HA option or even a Pri/Sec option. I mean even the ISE appliances can do this! I Feel you should be able to add multiple managers to the SFRs/FTDs and have another FMC just sitting waiting and you can promote it to primary. 

 

Oliver Kaiser
Level 7
Level 7

vMotion would be an option if you had a l2 interconnect (although its not officially supported, it works fine)

I would recommend a DR plan.

Install a 2nd vFMC and keep the version aligned to your active vFMC. If your primary fails, import your backup into your cold standby FMC (dont backup event data or this prpcess will take > 30 minutes. Spin up your SVI to get the same network as in your other dc up and you should be done.

Let me know if that answers your wuestion

What is a DR solution? I'm looking for a solution that would work for HA across 2 subnets in remote locations. Would ESXi work in that case?

For Disaster Recovery of Firepower Management Center you need to either:

 

a. Use hardware appliances that support HA, or

b. Do a backup/restore scheme outside the context of Firepower itself. If the subnet does not exist in the remote location, you won't be able to easily restore as device registration etc. will be broken.

c. Manage the DR site appliances with an FMC at the DR site. (Of course this would not address any appliances at other sites.)

 

Note that most features continue to work fine in the absence of the FMC.

takk
Level 1
Level 1

Hi,

"FMCv for VMWare now supports High Availability.

You configure FMCv HA just as you would on hardware models. You will need two licensed identical FMCv's

Supported platforms: FMCv for 10, 25, and 300 devices only (No support for FMCv for 2 devices), running on VMWare "

(Version 6.7.0)

https://www.cisco.com/c/en/us/td/docs/security/firepower/670/relnotes/firepower-release-notes-670/m_features_functionality.html?bookSearch=true#Cisco_Concept.dita_9ec1deee-f5e6-45b2-b790-177094453a84

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: