Replace a Failed Primary Firewall Management Center (Successful Backup)

Two Firewall Management Centers, FMC1 and FMC2, are part of a high availability pair. FMC1 is the primary and FMC2 is the secondary. This task describes the steps to replace a failed primary Firewall Management Center, FMC1, when data backup from the primary is successful.

Before you begin

Verify that the data backup from the failed primary Firewall Management Center is successful.

Procedure

Step 1

Contact Support to request a replacement for a failed Firewall Management Center - FMC1.

Step 2

When the primary Firewall Management Center - FMC1 fails, access the web interface of the secondary Firewall Management Center - FMC2 and switch peers. For more information, see Switching Peers in the Firewall Management Center High Availability Pair.

This promotes the secondary Firewall Management Center - FMC2 to active.

You can use FMC2 as the active Firewall Management Center until the primary Firewall Management Center - FMC1 is replaced.

Caution

Do not break Firewall Management Center high availability from FMC2, since licenses that were synced to FMC2 from FMC1 (before failure ), will be removed from FMC2 and you will be unable to perform any deploy actions from FMC2.

Step 3

Reimage the replacement Firewall Management Center with the same software version as FMC1.

Step 4

Restore the data backup retrieved from FMC1 to the new Firewall Management Center.

Step 5

Install required Firewall Management Center patches, geolocation database (GeoDB) updates, vulnerability database (VDB) updates and system software updates to match FMC2.

The new Firewall Management Center and FMC2 will now both be active peers, resulting in a high availability split-brain.

Step 6

When the Firewall Management Center web interface prompts you to choose an active appliance, select FMC2 as active.

This syncs the latest configuration from FMC2 to the new Firewall Management Center - FMC1.

Step 7

When the configuration syncs successfully, access the web interface of the secondary Firewall Management Center - FMC2 and switch roles to make the primary Firewall Management Center - FMC1 active. For more information, see Switching Peers in the Firewall Management Center High Availability Pair.

What to do next

High availability has now been re-established and the primary and the secondary Firewall Management Centers will now work as expected.