Using CLI to Resolve Device Registration in Firewall Management Center High Availability

If automatic device registration fails on the standby Firewall Management Center, but appears to be registered to the active Firewall Management Center, complete the following steps:

Warning

If you do an RMA of secondary Firewall Management Center or add a secondary Firewall Management Center, the managed devices are unregistered, and their configuration can get deleted as a result.

Procedure

Step 1

Delete the device from the active Firewall Management Center. See Delete (Unregister) a Device from the Firewall Management Center in Cisco Secure Firewall Management Center Device Configuration Guide.

Step 2

Complete the following steps to trigger automatic registration of the device on the standby Firewall Management Center:

  1. Log in to the CLI for the affected device.

  2. Run the CLI command: configure manager delete .

    This command disables and removes the current Firewall Management Center.

  3. Run the CLI command: configure manager add .

    This command configures the device to initiate a connection to a Firewall Management Center.

    Tip

    Configure remote management on the device, only for the active Firewall Management Center. When you establish high availability, the devices are automatically registered to the standby Firewall Management Center.

  4. Log in to the active Firewall Management Center and register the device.

Step 3

If the standby Firewall Management Center is behind NAT, complete the following steps to edit the hostname of the standby Firewall Management Center:

  1. Access the Firewall Threat Defense shell and use the show managers command to get the standby Firewall Management Center entry identifier value.

  2. In the Firewall Threat Defense shell, edit the standby Firewall Management Center hostname to the public IP address. Execute the configure manager edit <standby_uuid> hostname <standby_ip> command using the entry identifier value and the host IP address.