03-18-2021 02:23 AM
Currently, There is already a peer done but i need change to new ip network.
Solved! Go to Solution.
03-23-2021 05:42 AM - edited 03-23-2021 05:45 AM
In situation of break the HA pair is done, so the standby FTD still seen in The Cisco FMC , right ?
then creating the HA pair with new IP again , right ?
in order to re-ip the HA interface on FTD which are managed by FMC. you have to break the HA pair. once the HA is break you can re-change the ip addresses of both FTD. once the ha is break FMC still can access your both FTD (which were part of HA pair).
now if you have the new ip addresses in hand you can re-create the HA pair again. having said that in your HA configuration from FMC you have to define which unit will be FTD priamry and wihich will be standby. make your the FTD which has production HA configuration make it as primary as FMC will push the policies to standby unit.
here this link you will find helpful https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212699-configure-ftd-high-availability-on-firep.html
03-18-2021 02:33 AM
Hello @TJinasri
Which IP do you want to change? If you want to change MGMT IP, then here is the link:
Cisco Firepower | Change FTD HA Management IP Addresses for the FMC – CiscoTom
and a link to the similar discussion:
FTD: Need to Change MGMT IP - Cisco Community
***Please rate all helpful posts***
03-18-2021 03:50 AM
No , sir. I want to change a ip address of peer HA, not IP management.
03-18-2021 03:08 AM
There is already a peer done but i need change to new ip network.
This is service distruptive - and need to doen offline with physical access also required some times.
if the same IP used for FMC register, then you need to un register and register again.
or i miss-understand your requirement ?
03-18-2021 03:15 AM
Yes. You understand mine requirement.
03-18-2021 06:34 AM
Then that is proceedure and make sure you change any objects tied with old IP need to move to new IP.
03-18-2021 07:05 AM
Hi BB,
In situation of break the HA pair is done, so the standby FTD still seen in The Cisco FMC , right ?
then creating the HA pair with new IP again , right ?
03-18-2021 08:01 AM
You need to remove and join them back with new HA IP as per below guide :
03-18-2021 08:25 AM
Hi balaji.bandi ,
What the solution without effect to exiting config after join them back ( break the HA pair or Disable HA pair) ?
Could you recommend solution the best way ?
thank you so much for responded !!
03-23-2021 05:42 AM - edited 03-23-2021 05:45 AM
In situation of break the HA pair is done, so the standby FTD still seen in The Cisco FMC , right ?
then creating the HA pair with new IP again , right ?
in order to re-ip the HA interface on FTD which are managed by FMC. you have to break the HA pair. once the HA is break you can re-change the ip addresses of both FTD. once the ha is break FMC still can access your both FTD (which were part of HA pair).
now if you have the new ip addresses in hand you can re-create the HA pair again. having said that in your HA configuration from FMC you have to define which unit will be FTD priamry and wihich will be standby. make your the FTD which has production HA configuration make it as primary as FMC will push the policies to standby unit.
here this link you will find helpful https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212699-configure-ftd-high-availability-on-firep.html
03-23-2021 07:59 PM
Hi Sheraz.Salim,
I tried to break the HA pair in Lab environment yesterday before you have reply. It's works following your explained to me.
Now, I have cleared and pray that, once i take action with the production it will smooth and no bugs.
I hoped this discussion to help other engineer.
thank you so much for your response.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide