Replace a Failed Primary Firewall Management Center (Unsuccessful Backup)
Two Firewall Management Centers - FMC1 and FMC2 are part of a high availability pair. FMC1 is the primary and FMC2 is the secondary. This task describes the steps to replace a failed primary Firewall Management Center -FMC1 when data backup from the primary is unsuccessful.
Procedure
Step 1 | Contact Support to request a replacement for a failed Firewall Management Center - FMC1. | ||
Step 2 | When the primary Firewall Management Center - FMC1 fails, access the web interface of the secondary Firewall Management Center - FMC2 and switch peers. For more information, see Switching Peers in the Firewall Management Center High Availability Pair. This promotes the secondary Firewall Management Center - FMC2 to active. You can use FMC2 as the active Firewall Management Center until the primary Firewall Management Center - FMC1 is replaced.
| ||
Step 3 | Reimage the replacement Firewall Management Center with the same software version as FMC1. | ||
Step 4 | Install required Firewall Management Center patches, geolocation database (GeoDB) updates, vulnerability database (VDB) updates and system software updates to match FMC2. | ||
Step 5 | Deregister one of the Firewall Management Centers - FMC2 from the Cisco Smart Software Manager. For more information, see Deregister the Firewall Management Center. Deregistering Firewall Management Center from the Cisco Smart Software Manager removes the Management Center from your virtual account. All license entitlements associated with the Firewall Management Center release back to your virtual account. After deregistration, the Firewall Management Center enters Enforcement mode where no update or changes on licensed features are allowed. | ||
Step 6 | Access the web interface of the secondary Firewall Management Center - FMC2 and break Firewall Management Center high availability. For more information, see Disabling Firewall Management Center High Availability. When prompted to select an option for handling managed devices, choose Manage registered devices from this console. As a result, licenses that were synced to the secondary Firewall Management Center- FMC2, will be removed and you cannot perform deployment activities from FMC2. | ||
Step 7 | Re-establish Firewall Management Center high availability, by setting up the Firewall Management Center - FMC2 as the primary and Firewall Management Center - FMC1 as the secondary. For more information , see Establishing Firewall Management Center High Availability. | ||
Step 8 | Register a Smart License to the primary Firewall Management Center - FMC2. For more information see Register the Firewall Management Center with the Smart Software Manager. |
What to do next
High availability has now been re-established and the primary and the secondary Firewall Management Centers will now work as expected.