Firepower Management Center 4000

Cisco Firepower Management Center 4000 User guide

  • Hello! I am an AI chatbot trained to assist you with the Cisco Firepower Management Center 4000 User guide. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
Firepower Management Center Model Migration Guide
First Published: 2019-09-23
Last Modified: 2020-06-23
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
CHAPTER 1
About Firepower Management Center Model
Migration
The Firepower Management Center model migration workflow enables you to migrate configurations and
events from one Firepower Management Center model to an equivelent or higher-capacity Firepower
Management Center model using the backup and restore feature.
Migration from KVM and Microsoft Azure is not supported.
Note
Supported Migration Paths, on page 1
Best Practices, on page 2
History for Firepower Management Center Model Migration, on page 2
Supported Migration Paths
The following table lists the supported target Firepower Management Center models you can migrate to from
your source (current) Firepower Management Center model.
FMCv refers to Firepower Management Center Virtual using VMware deployments.
Note
Target ModelSource
Model
Number of Supported Managed Devices
FMCv
300
FMC
4600
FMC
2600
FMC
1600
FMCv
YesYes
YesYesFMCv 22
YesYesYesYesFMCv 1010
YesYesYesYesFMCv 2525
YesYesYesYesFMC 100050
YesYesYesFMC 160050
YesYesYesFMC 2000250
Firepower Management Center Model Migration Guide
1
YesYesYesFMC 2500300
YesYesFMC 2600300
YesYesFMCv 300300
YesFMC 4000750
YesFMC 4500750
Best Practices
Note the following guidelines and limitations for the Firepower Management Center model migration workflow:
If you need to change the Firepower Management Center IP after migration, you must also update the
NAT configuration between the FMC and its managed devices (for more information, see NAT
Environments).
The Firepower Management Center model migration workflow is supported with all FMC licensing
modes - evaluation, connected, and SLR.
You must de-register licenses from the source FMC and register licenses in the target FMC after migration.
History for Firepower Management Center Model Migration
DetailsVersionFeature
FMC model migration workflow
functionality first introduced
6.5Firepower Management Center
Model Migration
Firepower Management Center Model Migration Guide
2
About Firepower Management Center Model Migration
Best Practices
CHAPTER 2
Migrate Your Firepower Management Center
from the Source Model to the Target Model
Standalone Firepower Management Center Model Migration Workflow, on page 3
High Availability Firepower Management Center Model Migration Workflow, on page 4
Prepare for Migration, on page 6
Firepower Management Center Model Migration Script, on page 7
Standalone Firepower Management Center Model Migration
Workflow
Use the following workflow to migrate your Firepower Management Center from the source model to the
target model.
Table 1: Standalone Firepower Management Center Model Migration Workflow
Back up the Firepower
Management Center
In addition to Back Up
Configuration, you
must also select Backup
Events and Backup
Threat Intelligence
Director. If Threat
Intelligence Director is
not enabled, the option
to select TID backup
does not appear.
Note
Create a backup file in the source Firepower
Management Center.
1
Prepare for Migration, on page 6Set up the target FMC.2
Upload a Backup FileCopy the generated backup file to the target FMC.3
Firepower Management Center Model Migration Guide
3
Physically disconnect (unplug) the
target FMC device from the
network.
Disconnect the target FMC from the network.4
Firepower Management Center
Model Migration Script, on page
7
Execute the migration script in the target FMC.5
Deregister a Firepower
Management Center from the Cisco
Smart Software Manager
Unregister your source Firepower Management Center
from the Cisco Smart Software Manager.
6
Physically disconnect (unplug) the
source FMC device from the
network.
Disconnect the source FMC from the network.7
See the Getting Started Guide for
your Firepower Management
Center model.
Connect the target FMC to the network. Note that it may
take a few minutes for the managed devices to establish
a heartbeat with the target FMC.
8
License Requirements for
Firepower Management Center
Enable smart licensing in the target FMC.9
After a successful migration, the
target Firepower Management
Center has the IP address that the
source model had before migration.
Log in to the target FMC and verify
that all configurations are restored
and that basic FMC operations such
as policy editing, deployment, and
scheduled jobs work as expected.
Verify that a heartbeat is established for all devices
managed by target FMC.
10
High Availability Firepower Management Center Model
Migration Workflow
Use the following workflow to migrate your Firepower Management Center High Availability setup from the
source models to the target models.
Firepower Management Center Model Migration Guide
4
Migrate Your Firepower Management Center from the Source Model to the Target Model
High Availability Firepower Management Center Model Migration Workflow
Table 2: High Availability Firepower Management Center Model Migration Workflow
Back up the Firepower
Management Center
In addition to Back Up
Configuration, you
must also select Backup
Events and Backup
Threat Intelligence
Director. If Threat
Intelligence Director is
not enabled, the option
to select TID backup
does not appear.
Note
Create a backup file in each of the source Firepower
Management Centers.
1
Prepare for Migration, on page 6Set up the target Firepower Management Centers.2
Upload a Backup FileCopy the generated backup files to the target Firepower
Management Centers.
3
Physically disconnect (unplug) the
target FMC devices from the
network.
Disconnect target Firepower Management Centers from
the nework.
4
Firepower Management Center
Model Migration Script, on page
7
Execute the migration script in the target FMCs.5
After a successful migration, the
target Firepower Management
Center has the IP address that the
source model had before migration.
Log in to the target FMC and verify
that all configurations are restored
and that basic FMC operations such
as policy editing, deployment, and
scheduled jobs work as expected.
Verify that the data migrated successfully to the target
FMCs.
6
Deregister a Firepower
Management Center from the Cisco
Smart Software Manager
Unregister your source Firepower Management Centers
from the Cisco Smart Software Manager.
7
Physically disconnect (unplug) the
source FMC devices from the
network.
Disconnect source Firepower Management Centers from
the network.
8
See the Getting Started Guide for
your Firepower Management
Center models.
Connect the target Firepower Management Centers to
the network. Note that it may take a few minutes for the
managed devices to establish a heartbeat with the target
FMCs.
9
Firepower Management Center Model Migration Guide
5
Migrate Your Firepower Management Center from the Source Model to the Target Model
High Availability Firepower Management Center Model Migration Workflow
Viewing Firepower Management
Center High Availability Status
Validate connectivity between the target FMCs.10
Pausing Communication Between
Paired Firepower Management
Centers
Pause FMC HA synchronization from Active Firepower
Management Center and wait for the operation to
complete.
11
Restarting Communication
Between Paired Firepower
Management Centers
Resume FMC HA synchronization from Active
Firepower Management Center and wait for the operation
to complete.
12
Viewing Firepower Management
Center High Availability Status
Verify that the FMC HA configuration is healthy, and
alerts are cleared.
13
License Requirements for
Firepower Management Center
Register smart licensing in the target primary Active
FMC.
14
After a successful migration, the
target Firepower Management
Centers have the IP address that the
source model had before migration.
Log in to the target FMC and verify
that all configurations are restored
and that basic FMC operations such
as policy editing, deployment, and
scheduled jobs work as expected.
Verify that heartbeat is established for all devices
managed by the target Firepower Management Centers.
15
Prepare for Migration
Before you begin, perform the following steps to prepare your target Firepower Management Center model
for migration:
Refer to the Supported Migration Paths, on page 1 to determine which target model you can migrate
to from your source model.
Ensure that the target FMC has the same number of interfaces as your source FMC (see About Management
Interfaces).
Connect the new FMC to your network and assign an IP address (see Cisco Firepower Management
Center Getting Started Guide for Models 750, 1500, 2000, 3500, and 4000 and Cisco Firepower
Management Center Getting Started Guide for Models 1000, 2500, and 4500).
Verify that the target FMC version matches the source FMC version (including patch, VDB, and SRU):
In each FMC, choose Help >About.
Verify that all pending deployments have completed successfully. For more information about viewing
deployment status, see the Deployment Management chapter in the Firepower Management Center
Configuration Guide for your Firepower version (https://www.cisco.com/c/en/us/td/docs/security/
firepower/650/configuration/guide/fpmc-config-guide-v65/policy_management.html).
Firepower Management Center Model Migration Guide
6
Migrate Your Firepower Management Center from the Source Model to the Target Model
Prepare for Migration
Firepower Management Center Model Migration Script
Use the following procedure to migrate your Firepower Management Center configurations from the source
model to the target model. Note that this procedure is one step in the Firepower Management Center model
migration. See Standalone Firepower Management Center Model Migration Workflow, on page 3 for the
full model migration workflow.
Procedure
Step 1 Log into the target Firepower Management Center CLI in expert mode.
Step 2 Execute the migration command:
sf-migration.pl backup_file_path
Example:
[root@firepower:/var/sf/backup#
[root@firepower:/var/sf/backup# /var/sf/bin/sf-migration.pl
/var/sf/backup/100LocalBackup-2019examp.tar
Once the migration process is complete, the system reboots.
What to do next
Return to Standalone Firepower Management Center Model Migration Workflow, on page 3 or High
Availability Firepower Management Center Model Migration Workflow, on page 4 and complete all remaining
steps.
Firepower Management Center Model Migration Guide
7
Migrate Your Firepower Management Center from the Source Model to the Target Model
Firepower Management Center Model Migration Script
Firepower Management Center Model Migration Guide
8
Migrate Your Firepower Management Center from the Source Model to the Target Model
Firepower Management Center Model Migration Script
/