When adding existing ASA to a rebuilt FMC
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-13-2022 10:13 PM
Hello,
We have an HA pair of ASA 5525 with the firepower module. The FMCv was corrupted and we had to take it offline. The FMC has since been rebuilt and we are ready to add it back as the manager of the firepower module. Everything I've read so far describes a net new install of an ASA to an FMC but from trial and error I've experienced once you make the FMC the manager it wipes out the config of that device. Can this be avoided or will i need to recreate the config on the FMC first and push it to the ASA after I make the FMC the manager?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-14-2022 07:07 AM
If you have backup from old, restore to new FMC with new version, suggest to re-register the device, until the config is pushed its not going to overwrite here.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-02-2022 10:58 AM
We don't have a back up of the old FMCv config it is a brand new install. Because of how long it took for us to get the a new FMCv spun up the ASA's have been operating as without the FMC for some time now. So If we introduce the FMCv as the manager of the firepower module on the ASA will that wipeout the ASA config file and attempt to download a config from the FMCv?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-02-2022 09:42 PM
If there are any access control policies or other child policies on the Firepower service module, (re)registering to an FMC will replace those policies with whatever is designated on the FMC to be associated to those modules.
However, many organizations only use the most basic IPS policy on an ASA Firepower service module, preferring to continue to use the ASA for implementation of security policy.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-05-2022 11:02 AM
So that is at the root of my concern, will registering the Firepower module to the FMC wipe out the existing ASA config? Will I have to create a config in the FMC for the ASA to pull down along with the policies for the Firepower module? I hope I explained that correctly. Thanks again for all the information btw. It is greatly appreciated.
