Configuring FMCs in HA is a common design as it provides redundancy to the FirePower Management Console service. Let’s quickly cover how to configure Cisco FMCs in high availability.
The Firepower Management Center (FMC) models used in this post to configure high availability are the 1600 series. Needless to say, both FMCs to be configured in HA should have the same software version.
Table of Contents
We are assuming that you have already configured a CIMC and management IP on the FMCs. The CIMC IP is configured on the CIMC interface (pointer #6) and the FMC’s management IP on eth0 (pointer #3) per the FMC 1600 Rear Panel graphic below.
Here’s a quick diagram for reference.
Advertisement
Configure Primary FMC (HA Pair)
On the FMC that been assigned at the primary FMC (either FMC – you just need to appoint one of the FMCs are primary), log into the management console. Click on the gear icon on the top right.
Then click on High Availability.
Select Primary and then enter the IP address of the secondary FMC and a secret key such as 123456. These numbers must match between the two FMCs. Click on Register.
Advertisement
Configure Secondary FMC (HA Pair)
Same on the secondary FMC. When you get to the High Availability screen, select Secondary and then enter the IP address of the Primary FMC and the same secret key. Click on Register.
At this point, you have to WAIT until the process ends. Be patient. It takes a while. You’ll then need to https into the Primary FMC’s IP address to access the HA pair.
Advertisement
High Availability & Failover
As seen in the configuration sections above, when setting up FMCs in a high availability pair, you configure one FMC to be primary and the other as secondary. Once you define who’s primary and secondary, the primary unit’s policies are synchronized to the secondary unit. After this synchronization, the primary FMC becomes the active peer, while the secondary FMC becomes the standby peer, and the two units act as a single appliance for managed device and policy configuration.
The main differences between the two FMCs in a high availability pair relate to which peer is active and which peer is on standby. The active FMC remains fully functional where you can manage devices and policies whereas the standby FMC, functionality is hidden so you cannot make any configuration changes. Both Firepower Management Centers remain in a state of continuous synchronization.
If the active FMC fails, the high availability pair enters a degraded state until you manually promote the standby appliance to the active state (a manual switchover must be performed). Once the promotion is complete, the appliances leave maintenance mode.
When the primary FMC fails, you need to access the web interface of the secondary FMC and switch peers. This is applicable conversely in case the secondary FMC fails.
Good luck.
Getting CCNA or CCNP Certified?
Self-paced Books. On-demand Courses. Practice Tests.
Sign up for a 10-day free trial with unlimited access!
I can just add the secondary to active primary unit. We have been running single FMC for more then a year with multiple policies, so adding 2nd one is just as simple as this article explains?? how does the FTD know if primary fails to respond to policies from secondary..? Does the process let FTDs know about secondary FMC present?
Those are valid questions. Here’s the deal. When setting up FMCs in a HA, you configure one FMC as primary and the other as secondary as you saw from my post. During configuration, the primary unit’s policies are synchronized to the secondary unit. After this synchronization, the primary FMC becomes the active unit, while the secondary FMC becomes the standby peer, and the two units act as a single appliance for managed devices and policy configuration.
The main difference between the two FMCs in high availability are related to what peer is active and what peer is standby. The active FMC remains fully functional and there’s where you manage devices and policies. On the standby FMC, that functionality is hidden and you cannot make any configuration changes. Both FMCs remain in a state of continuous synchronization.
If the active FMC fails, the high availability pair enters a degraded state until you “manually” promote the standby appliance to the active state. Once the promotion is complete, the appliances leave maintenance mode. In other words, in case of a failure situation, a manual switchover must be performed. When the primary FMC fails, just access the web interface of the secondary FMC and switch peers.
Hi,
Does the UUID of the standby FMC show on the FTD under show managers command ?
If the active fmc fails , do i have to on the FTD CLI do configure manager delete and configure manager add to add he standby FMC.
But if the UUID of the standby is known to the FTD then promoting to primary fmc will work .
Nabeel, I consulted about your question with Michael Keys, a Firewall Security Specialist. He said: “Yes, the standby FMC shows up under the FTD as a second FMC manager. When performing the “show managers” command, you will see both the primary and standby FMC’s along with their Identifier. The display will look like this:”
“So, when the primary FMC fails, you do not need to add the standby unit as the manager for the FTD. It will automatically promote itself to being the Active unit in the FMC HA Pair, so you can still continue to manage your appliances.”