Using CLI to Resolve Device Registration in Cloud-Delivered Firewall Management Center High Availability

If automatic device registration fails on the standby Cloud-Delivered Firewall Management Center, but appears to be registered to the active Cloud-Delivered Firewall Management Center, complete the following steps:

Warning

If you do an RMA of secondary Cloud-Delivered Firewall Management Center or add a secondary Cloud-Delivered Firewall Management Center, the managed devices are unregistered, and their configuration can get deleted as a result.

Procedure

Step 1

Delete the device from the active Cloud-Delivered Firewall Management Center. See Delete (Unregister) a Device from the Cloud-Delivered Firewall Management Center in Cisco Secure Firewall Management Center Device Configuration Guide.

Step 2

Complete the following steps to trigger automatic registration of the device on the standby Cloud-Delivered Firewall Management Center:

  1. Log in to the CLI for the affected device.

  2. Run the CLI command: configure manager delete .

    This command disables and removes the current Cloud-Delivered Firewall Management Center.

  3. Run the CLI command: configure manager add .

    This command configures the device to initiate a connection to a Cloud-Delivered Firewall Management Center.

    Tip

    Configure remote management on the device, only for the active Cloud-Delivered Firewall Management Center. When you establish high availability, the devices are automatically registered to the standby Cloud-Delivered Firewall Management Center.

  4. Log in to the active Cloud-Delivered Firewall Management Center and register the device.

Step 3

If the standby Cloud-Delivered Firewall Management Center is behind NAT, complete the following steps to edit the hostname of the standby Cloud-Delivered Firewall Management Center:

  1. Access the Firewall Threat Defense shell and use the show managers command to get the standby Cloud-Delivered Firewall Management Center entry identifier value.

  2. In the Firewall Threat Defense shell, edit the standby Cloud-Delivered Firewall Management Center hostname to the public IP address. Execute the configure manager edit <standby_uuid> hostname <standby_ip> command using the entry identifier value and the host IP address.