Has anyone had to restore a failed FMC or FTD sensor? We are using 4100s, and both virtual and physical FMC for different environments...
I'm going through TAC at the moment to find out what the actual process is, and so far it seems like if your FTD fails and needs to be replaced, you need to...
- import and configure a new logical device (seems like this is all doable by importing the XML export)
- delete failed sensor from FMC
- register new sensor with FMC
- MANUALLY configure all the interfaces, security zones, NAT rules etc...
This seems like the only way. Cisco confirmed this and that there is no backup for the sensors, and the device configuration isn't saved or backed up on the FMC
To restore a failed virtual FMC, you need to
- Deploy and update a new FMC
- Install the VDB and snort rules you had when you backed up
- Restore your FMC backup
I'm not sure if you then need to register your FMCs again, and how much of the device configuration of those is retained.
It seems that only the interface configuration is imported.
Has anyone had the misfortune of having to RA or restore an FMC or FTD before?
I hate these things so much, and every day it seems like there's another WTF thing made known about them...
No comments:
Post a Comment