Cisco Cisco Firepower Management Center 4000

To ensure continuity of operations, both Defense Centers in a high availability pair must have Internet 
access; see 

. For specific features, the primary Defense Center 

contacts the Internet, then shares information with the secondary during the synchronization process. 
Therefore, if the primary fails, you should promote the secondary to Active as described in 

For more information on which configurations are shared or not shared between members of a high 
availability pair, see:

Any

DC1000, DC1500, DC3000, DC3500

Defense Centers in a high availability pair share the following information:

user account attributes, authentication configurations, and custom user roles

authentication objects for user accounts and user awareness, as well as the users and groups that are 
available to user conditions in access control rules

custom dashboards

custom workflows and tables

device attributes, such as the device’s host name, where events generated by the device are stored, 
and the group in which the device resides

intrusion policies and their associated rule states

file policies

access control policies and their associated rules

local rules

custom intrusion rule classifications

variable values and user-defined variables

network discovery policies

user-defined application protocol detectors and the applications they detect

activated custom fingerprints

host attributes 

network discovery user feedback, including notes and host criticality; the deletion of hosts, 
applications, and networks from the network map; and the deactivation or modification of 
vulnerabilities

correlation policies and rules, compliance white lists, and traffic profiles