Welcome Back 😉
Think about this for a bit, its been years ago when we first configured the our Cisco FMCv in our virtual environment perhaps this is running for years with no problems. (Lucky us!) All of our firewalls connect to it, policies are pushed correctly, IPS rules are updated correctly and we even have URL filtering turned on some devices, and upgrades work out of the box, it just works, again lucky us! We have remote backups working but we never needed them…
Just like how the season changes so do our IP addresses, nothing is ever static. Now we are faced with a problem… We have to move this perfectly operational system, that hasn’t bothered anyone.
Our fear is now realized everything works now, what is going to happen when we change the IP address of this thing? Flashbacks from Reddit posts, re-imaging, downtime, everything is down! Remember we were the lucky guys, our FMCv just worked out the box no issues! Are we going to stir the hornet nest?
Well I can tell you changing the IP address of the FMCv is as simple as running this script in CLI:
It’s that easy…(almost too easy)
I had to move the VMDK of this thing to a different vSphere install as well as in a different data center. So I just cloned the original moved the clone and turned it on, ran the CLI script and in about 15 minutes all of my devices checked in automatically. Remember you have to make sure you can reach your devices from your different IP scheme.
After that its been back to a smooth road like nothing ever happened, policies are pushed correctly, IPS rules are updated correctly, URL filtering works, upgrades work out of the box, and backups are working! The only thing that has changed is the IP address, just the season! These are the always the best stories to tell!