Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1151
Views
0
Helpful
2
Replies

We have 19 devices being managed by FMC. Limitation is up to 25. Getting nearer to 25 devices might slower down the performance of FMC.

Go to solution
hrithiktej
Level 1
Level 1

‎03-13-2018 03:02 AM - edited ‎02-21-2020 07:30 AM

We are thinking of spinning up a second VM, one in each DC and we split the existing load between the two. This will give us an upper limit of 50 appliances and some redundancy with regard to potential outages. We would need to do further research to see if there is an HA model using VMs that would give us true failover logging.

 

Is this a good plan ?

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-13-2018 09:56 PM - edited ‎03-13-2018 09:56 PM

I'm surprised you're not already unhappy managing 19 devices with FMC VM. I don't usually recommend it for any but the smallest deployments (say 5-6 sensors) due to its scalability issues re the database.

 

Distributing the load across two VMs would work but then you lose any possibility of common policies, object etc. as well as the integrated logs that you mentioned.

 

Only the FMC hardware (i.e. not VM-based) is eligible for HA. See confirmation here:

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/firepower_management_center_high_availability.html#ID-2242-0000039a

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-13-2018 09:56 PM - edited ‎03-13-2018 09:56 PM

I'm surprised you're not already unhappy managing 19 devices with FMC VM. I don't usually recommend it for any but the smallest deployments (say 5-6 sensors) due to its scalability issues re the database.

 

Distributing the load across two VMs would work but then you lose any possibility of common policies, object etc. as well as the integrated logs that you mentioned.

 

Only the FMC hardware (i.e. not VM-based) is eligible for HA. See confirmation here:

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/firepower_management_center_high_availability.html#ID-2242-0000039a

0 Helpful

Go to solution
hrithiktej
Level 1
Level 1
In response to Marvin Rhoads

‎03-14-2018 10:38 AM

Hey thanks I wil pitch this to my management and push them to get us a budget for hardware FMC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card