How to physically move your Cisco FTD device to another location safely…
In the past when we wanted to move our ASA’s, we just powered them down, moved them, powered them up and readdressed them if needed. No mess no fuss.
Yea, not so much with the new FTD’s. After setting up hundreds of 2100 FTD boxes at a Corp office in Canada, we started moving them to their final home by powering them down, moving them and then powering them up…well, the boxes took about 30+ minutes to come up because they had to run checks, etc…so, let’s not do that again – just in case!
Also, not all configs are pushed out to the FTD device when inserted back into the FMC, so let’s look at that too.
First, here is what you should do instead of just powering down:
From the FTD CLI just type these commands in and you’re set:
> configure manager delete
This command will shutdown the system. Continue?
Please enter ‘YES’ or ‘NO’:
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
admin@ftd15:~$ sudo shutdown -h -P now
The system is going down for system halt NOW!
From the Cisco FMC GUI, go to Devices>Device tab and press the Shutdown button (you cannot turn it back on from here!)
After you bring up the FTD device, reconfigure the new IP and configure the manager, you’ll notice that all your configs are no longer present. Most of your Policies are pushed out when the devices comes back into the manager, but here’s what’s not and that you need to do manually:
- Interface Zones
Have a great day!