This video shows the steps to backup FMC and a pair of FTDs in HA, and save the file in the local device or in a remote server. More information: www.cisco.com/...
Do you have similar one for backup restore on both fmc and ftd ? also how license restoration works if we uploading to new device and removing from old device (for fmc and ftd)
Hi there, thanks for your questions! To back up and restore FMC, use the FMC web interface to create a backup. This backup includes configuration data but not the actual software version. To restore, you use the web interface to upload and restore the backup file. This process will overwrite the current configuration on the FMC. To back up and restore FTD, backups are typically stored on the FMC in /var/sf/remote-backup or in a remote storage location. The backup includes configuration data and is intended for RMA scenarios. You must use the FTD CLI to restore from a backup. The process involves accessing the FTD CLI as the admin user and using the restore remote-manager-backup command to retrieve the backup file via SCP or from a local directory. Regarding License Restoration: FMC: When restoring an FMC from a backup, you may need to reconfigure licensing settings. If you notice licensing conflicts or orphan entitlements, you should contact Cisco TAC for assistance. FTD: During the restore process, the FTD device will automatically reconnect to the FMC. The backup restoration should restore the licensing and policy into the expected state. If there are any licensing conflicts, you may need to resolve them manually or with the help of Cisco TAC. For license restoration for FMC, you may need to reconfigure any necessary licensing settings. If there are conflicts or orphan entitlements, contact Cisco TAC. FTD: For license restoration for FTD, ensure the replacement device is running the same Firepower software version as the faulty device. Register the new FTD device to the FMC if needed, and deploy a basic policy to allow patching. Unregister the freshly patched device from the FMC to avoid ghost devices. Restore the backup to the new FTD device using the FTD CLI. Resolve any licensing conflicts post-restore. By following these steps, you can ensure that both FMC and FTD devices are backed up and restored correctly, with licensing settings properly reconfigured. We hope this information helps!
@@CiscoSystemsthanks for response. Do you have any tech article or KB that covers these FMC / ftd sequential steps in detail ? Thanks for your response
May I ask that what is the difference between backup FMC and backup FTD? In my understanding, the FMC backup include all the configuration include the policy and paltform setting etc. then why we need to backup FTD separately?
Hi there, the backup FMC is for security policies, configurations, and event data, while FTD backup is for backing up the local configuration of the individual security appliance. We hope this information helps.
thanks for replying. In my understanding the local config also include plolicies and configurations. or can you explain that when shall we backup FMC and when shall we back the FTD? @@CiscoSystems
The following configuration guide may be helpful to you: www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/admin/720/management-center-admin-72/tools-backup.html
How to update ssh key? I have an issue where I have a windows sftp server. When I tried to initiate test connection from fmc its giving me ssh rsa key fingerprint missmatch. How do i resolve that. Please give me a solution. My FMC auto backup failed to generate.
Hi there, ff you get an RSA key fingerprint mismatch, it's likely the SSH key on FMC has changed. To resolve this issue, remove the old RSA key fingerprint from your SSH client: On Unix/Linux, use the command: ssh-keygen -R [hostname or IP address] On Windows with PuTTY, open the registry editor and navigate to HKEY_CURRENT_USER\SoftWare\SimonTatham\PuTTY\SshHostKeys, then delete the line with your FMC's IP or hostname. Next, try to SSH into FMC again to get a new RSA key fingerprint. We hope this info helps.
Hi cisco, can support for one more try to add in channel it's helpful. My question is how to schedule back-up in fmc with email notifications setup . thanks
Is there a reason remote backups done display properly on firefox browser ?
Do you have similar one for backup restore on both fmc and ftd ? also how license restoration works if we uploading to new device and removing from old device (for fmc and ftd)
Hi there, thanks for your questions! To back up and restore FMC, use the FMC web interface to create a backup. This backup includes configuration data but not the actual software version. To restore, you use the web interface to upload and restore the backup file. This process will overwrite the current configuration on the FMC.
To back up and restore FTD, backups are typically stored on the FMC in /var/sf/remote-backup or in a remote storage location. The backup includes configuration data and is intended for RMA scenarios. You must use the FTD CLI to restore from a backup. The process involves accessing the FTD CLI as the admin user and using the restore remote-manager-backup command to retrieve the backup file via SCP or from a local directory.
Regarding License Restoration:
FMC: When restoring an FMC from a backup, you may need to reconfigure licensing settings. If you notice licensing conflicts or orphan entitlements, you should contact Cisco TAC for assistance.
FTD: During the restore process, the FTD device will automatically reconnect to the FMC. The backup restoration should restore the licensing and policy into the expected state. If there are any licensing conflicts, you may need to resolve them manually or with the help of Cisco TAC.
For license restoration for FMC, you may need to reconfigure any necessary licensing settings. If there are conflicts or orphan entitlements, contact Cisco TAC.
FTD:
For license restoration for FTD, ensure the replacement device is running the same Firepower software version as the faulty device. Register the new FTD device to the FMC if needed, and deploy a basic policy to allow patching. Unregister the freshly patched device from the FMC to avoid ghost devices. Restore the backup to the new FTD device using the FTD CLI. Resolve any licensing conflicts post-restore.
By following these steps, you can ensure that both FMC and FTD devices are backed up and restored correctly, with licensing settings properly reconfigured. We hope this information helps!
@@CiscoSystemsthanks for response. Do you have any tech article or KB that covers these FMC / ftd sequential steps in detail ? Thanks for your response
Of course. Take a look at Chapter: Backup and Restore of this configuration guide: cs.co/6057SAAEZ
May I ask that what is the difference between backup FMC and backup FTD? In my understanding, the FMC backup include all the configuration include the policy and paltform setting etc. then why we need to backup FTD separately?
Hi there, the backup FMC is for security policies, configurations, and event data, while FTD backup is for backing up the local configuration of the individual security appliance. We hope this information helps.
thanks for replying. In my understanding the local config also include plolicies and configurations. or can you explain that when shall we backup FMC and when shall we back the FTD? @@CiscoSystems
and how do I make the recovery of a replaced FTD that was in HA?
The following configuration guide may be helpful to you: www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/admin/720/management-center-admin-72/tools-backup.html
How to update ssh key? I have an issue where I have a windows sftp server. When I tried to initiate test connection from fmc its giving me ssh rsa key fingerprint missmatch. How do i resolve that.
Please give me a solution. My FMC auto backup failed to generate.
Hi there, ff you get an RSA key fingerprint mismatch, it's likely the SSH key on FMC has changed. To resolve this issue, remove the old RSA key fingerprint from your SSH client:
On Unix/Linux, use the command: ssh-keygen -R [hostname or IP address]
On Windows with PuTTY, open the registry editor and navigate to HKEY_CURRENT_USER\SoftWare\SimonTatham\PuTTY\SshHostKeys, then delete the line with your FMC's IP or hostname.
Next, try to SSH into FMC again to get a new RSA key fingerprint. We hope this info helps.
❤️❤️❤️❤️❤️
Hi cisco, can support for one more try to add in channel it's helpful. My question is how to schedule back-up in fmc with email notifications setup . thanks
To receive email notifications, you must configure the FMC to connect to a mail server: cs.co/6055Pdo2N. We hope that helps.
@@CiscoSystems thanks for your update, will check and update to you
@@CiscoSystems just for asking can you try one video this request.its help us to all. Thanks