Cisco Firepower FMC Quarterly Cleanups. Do this!
When I’m working at a customer I try and setup as much task management by going to System>Tools>Scheduling, and using all the Add Task programs I can.
I have to assume that about a week after I leave they will stop logging in and providing the advanced network analysis that I taught them (just like when we signup for the gym each January), and which is critical to the support of Cisco Firepower.
However, there is something else that is critical to the support and health of your Cisco Firepower Management Center (FMC), and that is data purging the system, which I tell people to do quarterly, but yearly could probably work too (depends on how much data you have).
I am not talking about the purge function found at System>Tools>Data Purge as shown here:
This would purge data you actually need and and this data rolls over anyway based on your settings in System>Configuration>Database
So I have something else that will be vey useful to you in this post let’s take a look…
Here is your list of useful cleanups for your FMC
All of these are non-invasive, meaning you don’t need to create a maintenance window for this process
1. Overview>Reporting>Reports
If you schedule reports, which you should be doing, then this will area will fill up rather quickly. For my customers, I schedule 15-20 reports a week, so in a quarter that could be around 200 reports, or in a year close to 800 old reports stored in here. Since these should being sent and stored in your remote storage area (System>Configuration>Remote Storage Device), these can and should be purged.
2. System>Updates>Product Updates
This area may be the most important as this gets updates quickly, assuming you have download updates automatically in your task management, which you should. Even if you decide to provide this function manually, it is important to purge this page, as this can get confusing real fast with all the various type of updates showing up weekly. Cleaning these out quarterly will help you maintain your updates and your sanity.
3. System>Tools>Backup/Restore
You should be backing up your FMC nightly, and also moving the backups to your remote storage device area since the backups are only stored on your FMC by default. These backups can be 250-300MB or much more more. At 365 backups a year, that’s a lot of storage needed for old backups which you no longer need, so make sure and clean this area out.
Good tip! Adding to my maintenance schedule.
Great! Thanks for posting.
Good list. There are a couple of items I had not considered. Is there any way to automate any of these processes?
No, that is why I listed them here…there are a couple harder ones that I’ll put in my new book
also, the video series shows the task management section and everything that you can schedule
BTW… Soooooo much easier via CLI.
which part?
Can you please provide details on how it can be done via Cli?
Shahrukh, I don’t know of a way, but maybe there is something in expert mode, but then it become possible dangerous. if you find a safe way via CLI, please let us know…
Thanks for the info Todd!
You’re welcome!
Thanks for your in detailed knowledge sharing really valuable to read you have done good job keep sharing
Thank you, Ritika!
Just stumbled upon this article and let me say it: like all content you produce it is very clear and useful! Thank you! I just “inherited” FMC administration and was looking for some good in-depth tips. I was also wondering if updating the Snort Rules and Localization Rules may impact my NAT rules or ACLs or is it transparent and recommended anyways with no impact?
Hi Anton, two things.
First, thank you for the nice comment, those are always welcome.
You can update rules and although they could effect NAT and other policies, if your just filtering on URL, applications, etc you’ll probably be okay, but I can’t truly answer that with no knowledge of your network. just back up your FMC every night to start with.
There are full Firepower Self-Paced courses on lammle.com for $299 for the year, with 58 other courses as well that are included, this can help you
https://www.lammle.com/self-paced-online/
….and I also have a 1 day Snort processing online course for les then $500 and a 3-day full Firepower course for only $1495
Both found here:
https://www.lammle.com/product/quickstart-cisco-firepower-7-1-hands-on-event/
https://www.lammle.com/product/mastering-cisco-firepower-ftd-administration-securing-networks-w-cisco-firepower/
thanks!
Todd