Configuring FMCs in HA is a common design as it provides redundancy to the FirePower Management Console service. Let’s quickly cover how to configure Cisco FMCs in high availability.
The Firepower Management Center (FMC) models used in this post to configure high availability are the 1600 series. Needless to say, both FMCs to be configured in HA should have the same software version.
Table of Contents
We are assuming that you have already configured a CIMC and management IP on the FMCs. The CIMC IP is configured on the CIMC interface (pointer #6) and the FMC’s management IP on eth0 (pointer #3) per the FMC 1600 Rear Panel graphic below.
Here’s a quick diagram for reference.
Advertisement
Configure Primary FMC (HA Pair)
On the FMC that been assigned at the primary FMC (either FMC – you just need to appoint one of the FMCs are primary), log into the management console. Click on the gear icon on the top right.
Then click on High Availability.
Select Primary and then enter the IP address of the secondary FMC and a secret key such as 123456. These numbers must match between the two FMCs. Click on Register.
Advertisement
Configure Secondary FMC (HA Pair)
Same on the secondary FMC. When you get to the High Availability screen, select Secondary and then enter the IP address of the Primary FMC and the same secret key. Click on Register.
At this point, you have to WAIT until the process ends. Be patient. It takes a while. You’ll then need to https into the Primary FMC’s IP address to access the HA pair.
Advertisement
High Availability & Failover
As seen in the configuration sections above, when setting up FMCs in a high availability pair, you configure one FMC to be primary and the other as secondary. Once you define who’s primary and secondary, the primary unit’s policies are synchronized to the secondary unit. After this synchronization, the primary FMC becomes the active peer, while the secondary FMC becomes the standby peer, and the two units act as a single appliance for managed device and policy configuration.
The main differences between the two FMCs in a high availability pair relate to which peer is active and which peer is on standby. The active FMC remains fully functional where you can manage devices and policies whereas the standby FMC, functionality is hidden so you cannot make any configuration changes. Both Firepower Management Centers remain in a state of continuous synchronization.
If the active FMC fails, the high availability pair enters a degraded state until you manually promote the standby appliance to the active state (a manual switchover must be performed). Once the promotion is complete, the appliances leave maintenance mode.
When the primary FMC fails, you need to access the web interface of the secondary FMC and switch peers. This is applicable conversely in case the secondary FMC fails.
Good luck.
I can just add the secondary to active primary unit. We have been running single FMC for more then a year with multiple policies, so adding 2nd one is just as simple as this article explains?? how does the FTD know if primary fails to respond to policies from secondary..? Does the process let FTDs know about secondary FMC present?
Those are valid questions. Here’s the deal. When setting up FMCs in a HA, you configure one FMC as primary and the other as secondary as you saw from my post. During configuration, the primary unit’s policies are synchronized to the secondary unit. After this synchronization, the primary FMC becomes the active unit, while the secondary FMC becomes the standby peer, and the two units act as a single appliance for managed devices and policy configuration.
The main difference between the two FMCs in high availability are related to what peer is active and what peer is standby. The active FMC remains fully functional and there’s where you manage devices and policies. On the standby FMC, that functionality is hidden and you cannot make any configuration changes. Both FMCs remain in a state of continuous synchronization.
If the active FMC fails, the high availability pair enters a degraded state until you “manually” promote the standby appliance to the active state. Once the promotion is complete, the appliances leave maintenance mode. In other words, in case of a failure situation, a manual switchover must be performed. When the primary FMC fails, just access the web interface of the secondary FMC and switch peers.