In this Tutorial will be configured Cisco FMC – Secure Firewall Management Center Virtual 7.3.1 Appliance in Testlab, running on VMware ESXi 7.0 host. The steps in this tutorial could also be used for production environment install.
Prerequisites:
- Cisco FMCv VMware install package for ESXi (7.3.1) – primary
- Cisco FMCv VMware install package for ESXi (7.3.1) – secondary
Network Diagram:
1. Requirements
According to Cisco Documentation following Software and Bandwidth requirements must be met to set up Secure Firewall Management Center High Availability:
- there must be at least 5 Mbps network bandwidth between the peers
- The two management center in HA configuration must have same version of the:
- firmware software
- intrusion rule update installed
- vulnerability database update installed
- LSP (Lightweight Security Package) installed
Read more about all requirements:
2. Prerequisites
- if the future secondary management center has already registered devices, delete the registered devices and re-register these to the future primary management center
- export required policies from the future secondary management center to the future primary management center
- import the policies into the future primary management center
- on the future primary management server verify the imported policies und deploy them to the appropriate device
3. Configure the High Availability
3.1 On the future secondary management center choose Integration > Other Integrations > High Availability and select Secondary
Primary Firewall Management Center Host: 172.21.1.40
Registration Key: generate and type your key
Select Register
3.2 This operation may affect critical processes running in the background. Do you want to continue? Select Yes
3.3 Do you want to register primary peer: 172.21.1.40? Select Yes
3.4 On the secondary management server: pending registration
3.5 On the future primary management center choose Integration > Other Integrations > High Availability and select Primary
Secondary Firewall Management Center Host: 172.21.1.40
Registration Key: generate and type your key
Select Register
3.6 This operation may affect critical processes running in the background. Do you want to continue? Select Yes
3.7 Do you want to register primary peer: 172.21.1.41? Select Yes
3.8 Registering
3.9 Synchronizing primary management center to secondary management center
3.10 Primary management center is synchronized to the secondary management center
We can also continue with FTD – Firepower Threat Defense Installation and afterwards registering FTD into FMC.
How to install Cisco FTD – Firepower Threat Defense:
Cisco Secure Firewall Threat Defense Virtual Install
FMC Configuration Guide:
Cisco Secure Firewall Management Center Device Configuration Guide