Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1014
Views
0
Helpful
4
Replies

When adding existing ASA to a rebuilt FMC

lowellsmith
Level 1
Level 1

‎04-13-2022 10:13 PM

Hello,

 

We have an HA pair of ASA 5525 with the firepower module.  The FMCv was corrupted and we had to take it offline.  The FMC has since been rebuilt and we are ready to add it back as the manager of the firepower module. Everything I've read so far describes a net new install of an ASA to an FMC but from trial and error I've experienced once you make the FMC the manager it wipes out the config of that device. Can this be avoided or will i need to recreate the config on the FMC first and push it to the ASA after I make the FMC the manager?

0 Helpful
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎04-14-2022 07:07 AM

If you have backup from old, restore to new FMC with new version, suggest to re-register the device, until the config is pushed its not going to overwrite here.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

lowellsmith
Level 1
Level 1

‎05-02-2022 10:58 AM

We don't have a back up of the old FMCv config it is a brand new install.  Because of how long it took for us to get the a new FMCv spun up the ASA's have been operating as without the FMC for some time now. So If we introduce the FMCv as the manager of the firepower module on the ASA will that wipeout the ASA config file and attempt to download a config from the FMCv?

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to lowellsmith

‎05-02-2022 09:42 PM

If there are any access control policies or other child policies on the Firepower service module, (re)registering to an FMC will replace those policies with whatever is designated on the FMC to be associated to those modules.

However, many organizations only use the most basic IPS policy on an ASA Firepower service module, preferring to continue to use the ASA for implementation of security policy.

0 Helpful

lowellsmith
Level 1
Level 1
In response to Marvin Rhoads

‎05-05-2022 11:02 AM

So that is at the root of my concern, will registering the Firepower module to the FMC wipe out the existing ASA config? Will I have to create a config in the FMC for the ASA to pull down along with the policies for the Firepower module?  I hope I explained that correctly. Thanks again for all the information btw. It is greatly appreciated.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card