Replace a Failed Primary Cloud-Delivered Firewall Management Center (Unsuccessful Backup)

Two Cloud-Delivered Firewall Management Centers - FMC1 and FMC2 are part of a high availability pair. FMC1 is the primary and FMC2 is the secondary. This task describes the steps to replace a failed primary Cloud-Delivered Firewall Management Center -FMC1 when data backup from the primary is unsuccessful.

Procedure

Step 1

Contact Support to request a replacement for a failed Cloud-Delivered Firewall Management Center - FMC1.

Step 2

When the primary Cloud-Delivered Firewall Management Center - FMC1 fails, access the web interface of the secondary Cloud-Delivered Firewall Management Center - FMC2 and switch peers. For more information, see Switching Peers in the Cloud-Delivered Firewall Management Center High Availability Pair.

This promotes the secondary Cloud-Delivered Firewall Management Center - FMC2 to active.

You can use FMC2 as the active Cloud-Delivered Firewall Management Center until the primary Cloud-Delivered Firewall Management Center - FMC1 is replaced.

Caution

Do not break Cloud-Delivered Firewall Management Center High Availability from FMC2, since licenses that were synced to FMC2 from FMC1 (before failure ), will be removed from FMC2 and you will be unable to perform any deploy actions from FMC2.

Step 3

Reimage the replacement Cloud-Delivered Firewall Management Center with the same software version as FMC1.

Step 4

Install required Cloud-Delivered Firewall Management Center patches, geolocation database (GeoDB) updates, vulnerability database (VDB) updates and system software updates to match FMC2.

Step 5

Deregister one of the Cloud-Delivered Firewall Management Centers - FMC2 from the Cisco Smart Software Manager. For more information, see Deregister the Cloud-Delivered Firewall Management Center.

Deregistering Cloud-Delivered Firewall Management Center from the Cisco Smart Software Manager removes the Management Center from your virtual account. All license entitlements associated with the Cloud-Delivered Firewall Management Center release back to your virtual account. After deregistration, the Cloud-Delivered Firewall Management Center enters Enforcement mode where no update or changes on licensed features are allowed.

Step 6

Access the web interface of the secondary Cloud-Delivered Firewall Management Center - FMC2 and break Cloud-Delivered Firewall Management Center high availability. For more information, see Disabling Cloud-Delivered Firewall Management Center High Availability. When prompted to select an option for handling managed devices, choose Manage registered devices from this console.

As a result, licenses that were synced to the secondary Cloud-Delivered Firewall Management Center- FMC2, will be removed and you cannot perform deployment activities from FMC2.

Step 7

Re-establish Cloud-Delivered Firewall Management Center high availability, by setting up the Cloud-Delivered Firewall Management Center - FMC2 as the primary and Cloud-Delivered Firewall Management Center - FMC1 as the secondary. For more information , see Establishing Cloud-Delivered Firewall Management Center High Availability.

Step 8

Register a Smart License to the primary Cloud-Delivered Firewall Management Center - FMC2. For more information see Register the Cloud-Delivered Firewall Management Center with the Smart Software Manager.

What to do next

High availability has now been re-established and the primary and the secondary Cloud-Delivered Firewall Management Centers will now work as expected.