cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
4980
Views
15
Helpful
10
Replies
TJinasri
Beginner

How to change peer HA ip address on The Cisco FMC of Cisco FTD for smoothing?

Currently, There is already a peer done but i need change to new ip network.

1 ACCEPTED SOLUTION

Accepted Solutions

In situation of break the HA pair is done, so the standby FTD still seen in The Cisco FMC , right ?
then creating the HA pair with new IP again , right ?

 

in order to re-ip the HA interface on FTD which are managed by FMC. you have to break the HA pair. once the HA is break you can re-change the ip addresses of both FTD. once the ha is break FMC still can access your both FTD (which were part of HA pair).

 

now if you have the new ip addresses in hand you can re-create the HA pair again. having said that in your HA configuration from FMC you have to define which unit will be FTD priamry and wihich will be standby. make your the FTD which has production HA configuration make it as primary as FMC will push the policies to standby unit.

 

 

here this link you will find helpful https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212699-configure-ftd-high-availability-on-firep.html

please do not forget to rate.

View solution in original post

10 REPLIES 10
Spooster IT Services
Rising star

Hello @TJinasri 

 

Which IP do you want to change? If you want to change MGMT IP, then here is the link:

 

Cisco Firepower | Change FTD HA Management IP Addresses for the FMC – CiscoTom

 

and a link to the similar discussion:

 

FTD: Need to Change MGMT IP - Cisco Community

 

 

***Please rate all helpful posts***

Sr Network Engineer
Freelancer

No , sir. I want to change a ip address of peer HA, not IP management.

balaji.bandi
VIP Master

There is already a peer done but i need change to new ip network.

This is service distruptive - and need to doen offline with physical access also required some times.

 

if the same IP used for FMC register, then you need to un register and register again.

 

or i miss-understand your requirement ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Community for Help

Yes. You understand mine requirement.

Then that is proceedure and make sure you change any objects tied with old IP need to move to new IP.

BB

***** Rate All Helpful Responses *****

How to Ask The Community for Help

Hi BB,

In situation of break the HA pair is done, so the standby FTD still seen in The Cisco FMC , right ?
then creating the HA pair with new IP again , right ?

You need to remove and join them back with new HA IP as per below guide :

 

https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212699-configure-ftd-high-availability-on-firep.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Community for Help

Hi balaji.bandi ,

What the solution without effect to exiting config after join them back ( break the HA pair or Disable HA pair) ?
Could you recommend solution the best way ?
thank you so much for responded !!

In situation of break the HA pair is done, so the standby FTD still seen in The Cisco FMC , right ?
then creating the HA pair with new IP again , right ?

 

in order to re-ip the HA interface on FTD which are managed by FMC. you have to break the HA pair. once the HA is break you can re-change the ip addresses of both FTD. once the ha is break FMC still can access your both FTD (which were part of HA pair).

 

now if you have the new ip addresses in hand you can re-create the HA pair again. having said that in your HA configuration from FMC you have to define which unit will be FTD priamry and wihich will be standby. make your the FTD which has production HA configuration make it as primary as FMC will push the policies to standby unit.

 

 

here this link you will find helpful https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212699-configure-ftd-high-availability-on-firep.html

please do not forget to rate.

View solution in original post

Hi Sheraz.Salim,

I tried to break the HA pair in Lab environment yesterday before you have reply. It's works following your explained to me.
Now, I have cleared and pray that, once i take action with the production it will smooth and no bugs.
I hoped this discussion to help other engineer.
thank you so much for your response.