Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
20680
Views
18
Helpful
16
Replies

Backing up config, FTD and vFMC.

Go to solution
itsupport
Level 1
Level 1

‎10-16-2017 08:23 PM - edited ‎02-21-2020 06:30 AM

 

 

Hi.

I am most of the way through implementing an ASA 5508-x, controlled by a vFMC. Both are running 6.2.2.0 of the FTD and FMC software.

Since the configuration is quite complex, and I would hate to have to do it all again from scratch, I figured that backing it up would be a good idea. When I go to  System>Tools>Backup/restore, I see options for "Firepower Management Backup"and "Managed Device Backup."This seems logical; one backs up the vFMC, the other the ASA 5508-x.

Going to "Firepower Management Backup", I was indeed able to create and pull down a 270Mb .TAR file. Looks good!

When I go to "Managed device backup" however, I am greeted with a blank box of "managed devices", and cannot kick off a backup.
Capture.JPG

So, Questions:

1. Should the managed ASA 5508x be listed here as a managed device that I can backup?
2. If not, if the configuration and other data required to restore the ASA 5508x included in the "firepower management backup".

I want to be in a position where I can restore both the FTD and vFMC in the event of a catastrophic hardware failure. Probably better to sort this out now as opposed to when a device catches fire or gets stolen or something.


 

1 person had this problem
Labels:
0 Helpful
16 Replies 16

Go to solution
garrett.butler
Level 1
Level 1
In response to ramirezjason

‎03-26-2024 09:31 PM

@Marvin Rhoads I also would like to know the advantage of taking individual FTD device backups. The FMC has all Platform Settings and ACP etc., -- why do we need to backup each FTD, if we are already backing up the FMC?

Consider FMC/FTD 7.x -- If FTD fails but FMC is fine, then we can simply re-register a new FTD (eg., RMA device) with the same FMC, and then assign the same ACP and Platform Settings and push policy to it. Right? So, as long as FMC is backed up, then it is easy to restore any failed FTD under it.

Right?

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to garrett.butler

‎03-27-2024 07:42 AM

@garrett.butler a complete device configuration is comprised of data drawn from several sources in FMC. The ACP with all child policies (Intrusion, SSL Network Discovery etc.) in one piece. The platform policy is another. As is the NAT policy.

The device backup will include all of the elements under the device configuration menus - interface address, names, zone assignment, port channel (if any), routing, VRFs etc. None of those are included in the previously mentioned policies.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card