Configure Remote Backup for FMC Using NFS Storage Device

Available Languages

Download Options

  • PDF     (1.5 MB)
    View with Adobe Reader on a variety of devices
  • ePub     (1.6 MB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (1.1 MB)
    View on Kindle device or Kindle app on multiple devices
Updated:October 11, 2023
Document ID:221080

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes how to obtain a remote backup of Secure Firewall Management Center (FMC) and Secure Firewall Threat Defense (FTD).


    Prerequisites

    Requirements

    Cisco recommends that you have knowledge of these topics:

    • Secure FMC configuration via GUI and SSH navigation
    • Secure FTD navigation via shell
    • Network File System (NFS) configuration

    Components Used

    The information in this document is based on these software and hardware versions:

    • vFMC version 7.2.5
    • FPR1140 running FTD 7.2.5
    • NFS Windows Server

    The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

    Background Information

    The ability to recover from a disaster is an essential part of any system maintenance plan. As part of your disaster recovery plan, it is recommended that you perform periodic backups.

    You can store backups locally. However, it is recommended that you back up management centers and managed devices to a secure remote location by mounting an NFS, Server Message Block (SMB), or Secure SHell FileSystem (SSHFS) network volume as remote storage. For the management center, you can use the Copy when complete option to securely copy (SCP) completed backups to a remote server.

    This document refers to the NFS setup. After you accomplish this, all subsequent backups are copied to that volume, but you can still use the management center in order to manage them.

    warning-icon

    Warning: The management center setup process schedules weekly configuration-only backups, to be stored locally. This is not a substitute for full off-site backups initial setup finishes. You must review your scheduled tasks and adjust them to fit the requirements of your organization.

    tip-icon

    Tip: After configuring and choosing remote storage, you can switch back to local storage only if you have not increased the connection database limit.

    Configure

    Network Topology

    Network DiagramNetwork Diagram

    Add an NFS Remote Storage Device

    Step 1. In order to implement NFS for remote storage, rpcbind must be started first as it is disabled by default.

    Open an SSH session to your FMC, navigate to expert mode, elevate to sudo rights, and issue the command /etc/init.d/rpcbind start.

    You can validate that it has started correctly with the command /etc/init.d/rpcbind status.

    Start rpcbindStart rpcbind

    tip-icon

    Tip: In order to avoid having to start the rpcbind utility in the FMC manually, check the Use Advanced Options checkbox, and fill the Command Line Option with the -o nolock  command.

    Step 2. Log in to your FMC GUI and navigate to System (Settings Icon> Configuration.

    System-ConfigurationSystem-Configuration

    Step 3. Choose Remote Storage Device and then choose NFS in the drop-down menu for Storage Type.

    NFS Remote StorageNFS Remote Storage

    Step 4. Insert your NFS device information.

    Enter the IPv4 address or hostname of the storage system in the Host field and the path to your storage area in the Directory field.

    Check the Use for Backups checkbox under System Usage and click Save.

    NFS SettingsNFS Settings

    Step 5. A successful integration shows a green Success Saved Remote Storage Device configuration successfully  box at the top of the page.

    Saved Remote Storage Device Configuration SuccessfullySaved Remote Storage Device configuration successfully

    Setup a Backup Profile

    Step 1. Navigate to System (Settings Icon) > Tools > Backup/Restore.

    System-Tools-BackupSystem-Tools-Backup

    Step 2. Move to Backup Profiles and click Create Profile.

    Create Backup ProfileCreate Backup Profile

    Step 3. Give your profile a Name and check all the checkboxes for a full backup profile.

    Click Save As New.

    Profile SettingsProfile Settings

    Schedule a Recurring Task to Backup the FMC

    Step 1. Navigate to System (Settings Icon)> Tools > Scheduling.

    SchedulingScheduling

    Step 2. Click Add a Task.

    Add TaskAdd Task

    Step 3. Set the schedule as needed and pick Recurring as the Schedule task in order to run, and Management Center as your Backup Type.

    For demonstration purposes, this backup task starts on September 2023 and repeats once a month at 3:00 am every 29th of the month.

    Choose the Backup Profile you created earlier and click Save.

    New TaskNew Task

    Step 4. Once saved, you are placed back into your calendar and the new scheduled task is shown under the day you have chosen.

    CalendarCalendar

    Schedule a Recurring Task to Backup the FTD

    Step 1. Navigate to System (Settings Icon) > Tools > Scheduling.

    SchedulingScheduling

    Step 2. Click Add a Task.

    Add TaskAdd Task

    Step 3. Pick Recurring as the Scheduled task in order to run and set the schedule as needed.

    For demonstration purposes, this backup task starts on September 2023 and repeats once a month at 4:00 am every 29th of the month.

    Insert a Job Name.

    New TaskNew Task

    Step 3.1. Choose Device as the Backup Type and click the device that must be backed up recurrently.

    Check the Retrieve to Management Center checkbox and click Save.

    Task SettingsTask Settings

    tip-icon

    Tip: You can choose more than one device by pressing the Shift key while clicking over the other device(s).

    Step 4. Once saved, you are placed back into your calendar and the new scheduled task is shown under the day you have chosen.

    CalendarCalendar

    Troubleshooting

    • Verify that the FMC can reach the Remote Storage device. Open an SSH session to the FMC, navigate to the expert mode, and elevate to sudo rights. Send a ping to the remote storage device.

    Ping TestPing test

    • The logs of the backup task are stored in the FMC filename/var/log/backup.log. If an error occurred and the task did not finish successfully, you can search here for an error or failure.

    Less Commandless command

    Backup Log Filebackup.log

    • This file can also be found in the FTD when it has run a backup task. Find it under/ngfw/var/log/backup.log.

    Less CommandLess command

    Backup Log Filebackup.log

    • FTD logs show the backup file is stored locally however, in the end, it is sent to the FMC and then to the remote storage device.

    FTD LogsFTD logs

    Revision History

    Revision Publish Date Comments
    1.0
    11-Oct-2023
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • Laura Villafranca
      Cisco TAC Engineer

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products