FTD HA Configuration Problems On The FMC When Two Firepower Chassis Have Duplicated System Names

Available Languages

Updated:July 30, 2018

Document ID:213530

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Problem: FTD HA Configuration Problems On The FMC When Two Firepower Chassis Have Duplicated System Names

Solution

Related Bugs

Introduction

This document describes a problem seen on the firepower devices when you configure a Firepower Threat Defense (FTD) High Availability (HA) pair from the Firepower Management Center (FMC) when the two firepower chassis have duplicated system names. The main purpose of this document is to help you to understand this problem and provide you with guidance for the resolution.

Prerequisites

Requirements

Cisco recommends that you have knowledge of these topics:

Cisco FMC basic configuration.
Cisco FTD basic configuration.
Cisco Firepower eXtensible Operating System (FXOS) basic configuration.

Components Used

The information in this document is based on these software and hardware versions:

Cisco FMC v6.2.1
Cisco Firepower 4120 Threat Defense v6.2.1

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

Problem: FTD HA Configuration Problems On The FMC When Two Firepower Chassis Have Duplicated System Names

There is a problem that happens when you try to add a secondary FTD in an HA pair configuration in the FMC when duplicated firepower chassis system names. The main issue is that you cannot choose the secondary FTD to create the HA pair and this is because the FMC does not display the second FTD as an option at all, just as you can see in the image.

Due to this problem, It does not matter which FTD is chosen as the primary peer, once the primary FTD is chosen for the HA pair, then you cannot choose any FTD as secondary for the HA pair.

Solution

The FTD developers confirmed this issue happens because both firepower chassis are configured with the same system name:

Step 1. In this example, you can confirm both firepower chassis use the same system name as FTD-4120:

For FPR chassis 1:

For FPR chassis 2:

Step 2. To correct this problem, access both firepower chassis from Command Line Interface (CLI) and change their system name to use a different name for each chassis:

For the firepower chassis 1:

FTD-4120-A# scope system
FTD-4120-A /system # set name FTD-4120-FCCC
Warning: System name modification changes FC zone name and redeploys them non-disruptively
FTD-4120-A /system* #commit-buffer
FTD-4120-A /system #
FTD-4120-FCCC-A /system #

For the firepower chassis 2:

FTD-4120-A# scope system
FTD-4120-A /system # set name FTD-4120-CCDC
Warning: System name modification changes FC zone name and redeploys them non-disruptively
FTD-4120-A /system* #commit-buffer
FTD-4120-A /system #
FTD-4120-CCDC-A /system #

Step 3. After the system name is changed for both firepower chassis, proceed to delete and re-add each FTD to the FMC.

Step 4. Once both FTD are added to the FMC, select the Add High Availability option from the Devices > Device Management > Add High Availability, this time you are able to choose the second FTD for the high availability pair: