Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
723
Views
0
Helpful
2
Replies

ASA HA Primary Swap with Firepower

Go to solution
NETAD
Level 4
Level 4

‎06-14-2018 10:00 PM - edited ‎03-08-2019 03:22 PM

Hello, I’m planning on replacing the primary ASA in HA and need to know the procedure when it comes to Firepower. Do I have to re-configure mgmt and re-add it to FMC since I will need to remove the SSD and installing it in the new one?  Here’s what I’m planning on doing:

 

1-Power of primary and break HA by disconnecting the failover link

2-Remove the SSD drive from the existing ASA

3-Install SSD in the new firewall 

4-Match the IOS on the new ASA and unshut the ports

5-Configure it for failover

6-Connect the failover link and wait for config sync

 

and finally failover to it and test.

 

what I’m not clear on is the firepower piece and if I have to re-configure it.

 

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
NETAD
Level 4
Level 4
In response to NETAD

‎06-19-2018 03:40 PM

Here's what I had to do here: 

1-Match the version of the new firewall to the existing firewall

2-re-host the licenses to the new firewall and make sure it matches the existing firewall 

3-Copy the anyconnect and asdm images to the new firewall

4-Configure the new firewall as secondary and configure the existing secondary firewall as primary to prevent the secondary from sync'ing its config with a blank config from the new firewall 

5-Unshut the Failover links only on the new firewall

6-Failover to the secondary 

7-Power off the primary and remove the ssd 

8-Power off the new firewall and install the ssd from the old firewall 

Next you have to re-install firepower on the new firewall

9-Copy the firepower img file to flash 

 

10-issue sw-module module sfr recover configure image disk0:...

    and sw-module module sfr recover boot 

11-Login to the firepower module with session sfr console 

12-Issue the setup command to do the initial configuration 

13-Use the command system-install http|FTP to install firepower 

14-Remove the old firepower from FMC 

15-remove the defective firewall and rack the new one 

16-connect the failover link first and make sure the configuration gets pushed to it. 

17-Connect the remaining cables (outside,inside,dmz,etc) 

18-Add the firepower to FMC and perform the needed upgrades 

19-Failover to test. 

15-Add the new one

 

 

 

 

 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
NETAD
Level 4
Level 4

‎06-17-2018 05:52 AM

Anyone here?
0 Helpful

Go to solution
NETAD
Level 4
Level 4
In response to NETAD

‎06-19-2018 03:40 PM

Here's what I had to do here: 

1-Match the version of the new firewall to the existing firewall

2-re-host the licenses to the new firewall and make sure it matches the existing firewall 

3-Copy the anyconnect and asdm images to the new firewall

4-Configure the new firewall as secondary and configure the existing secondary firewall as primary to prevent the secondary from sync'ing its config with a blank config from the new firewall 

5-Unshut the Failover links only on the new firewall

6-Failover to the secondary 

7-Power off the primary and remove the ssd 

8-Power off the new firewall and install the ssd from the old firewall 

Next you have to re-install firepower on the new firewall

9-Copy the firepower img file to flash 

 

10-issue sw-module module sfr recover configure image disk0:...

    and sw-module module sfr recover boot 

11-Login to the firepower module with session sfr console 

12-Issue the setup command to do the initial configuration 

13-Use the command system-install http|FTP to install firepower 

14-Remove the old firepower from FMC 

15-remove the defective firewall and rack the new one 

16-connect the failover link first and make sure the configuration gets pushed to it. 

17-Connect the remaining cables (outside,inside,dmz,etc) 

18-Add the firepower to FMC and perform the needed upgrades 

19-Failover to test. 

15-Add the new one

 

 

 

 

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card