Overview
Verify VMware feature support and confirm system and resource requirements for Management Center Virtual deployments. Use this information to plan supported operations, allocate required memory and CPU resources, and meet upgrade and platform compatibility requirements.
Firewall Management Center Virtual Requires 28 GB RAM for Upgrade (6.6.0+)
The Firewall Management Center Virtual platform has introduced a new memory check during upgrade. The Firewall Management Center Virtual upgrades to Version 6.6.0+ will fail if you allocate less than 28 GB RAM to the virtual appliance.
We recommend you do not decrease the default settings: 32 GB RAM for most of the Firewall Management Center Virtual instances, 64 GB for the Firewall Management Center Virtual 300 (FMCv300). To improve performance, you can always increase a virtual appliance’s memory and number of CPUs, depending on your available resources.
As a result of this memory check, we will not be able to support lower memory instances on supported platforms.
Memory and Resource Requirements
You can deploy the Firewall Management Center Virtual using VMware vSphere provisioning hosted on VMware ESX and ESXi hypervisors. See the Cisco Secure Firewall Threat Defense Compatibility Guide for hypervisor compatibility.
When upgrading the Firewall Management Center Virtual, check the latest Release Notes for details on whether a new release affects your environment. You may be required to increase resources to deploy the latest version.
When you upgrade, you add the latest features and fixes that help improve the security capabilities and performance of your deployment.
The specific hardware used for Firewall Management Center Virtual deployments can vary, depending on the number of instances deployed and usage requirements. Each virtual appliance you create requires a minimum resource allocation—memory, number of CPUs, and disk space—on the host machine.
We strongly recommend that you reserve CPU and memory resources to match the resource allocation. Failure to do so may significantly impact the Firewall Management Center Virtual performance and stability.
The following table lists the recommended and default settings for the Firewall Management Center Virtual appliance.
Be sure to allocate enough memory to ensure the optimal performance of your Firewall Management Center Virtual. If your Firewall Management Center Virtual has less than 32 GB memory, your system could experience policy deployment issues. To improve performance, you can increase a virtual appliance’s memory and number of CPUs, depending on your available resources. Do not decrease the default settings, as they are the minimum required to run the system software.
| Setting |
Minimum |
Default |
Recommended |
Adjustable Setting? |
|---|---|---|---|---|
| Memory |
28 GB |
32 GB |
32 GB |
With restrictions.
|
| Virtual CPUs |
4 |
4 |
16 |
Yes, up to 16 |
| Hard disk provisioned size |
250 GB |
250 GB |
n/a |
No |
| Setting |
Default |
Adjustable Setting? |
|---|---|---|
| Memory |
64 GB |
Yes |
| Virtual CPUs |
32 |
No |
| Hard disk provisioned size |
2.2 TB |
No |
Firewall Management Center Virtual 10.0 supports deployment on VMware vSphere / ESXi 8.0 platforms.
Insufficient allocation of RAM causes restart of processes due to Out Of Memory (OOM) events. Restarting database processes could also cause database corruption. In such cases, ensure that you upgrade the RAM to the required allocation and back up the database frequently to avoid any disruption due to database corruption.
Systems running VMware vCenter Server and ESXi instances must meet specific hardware and operating system requirements. For a list of supported platforms, see the VMware online Compatibility Guide.
Support for Virtualization Technology
The computer that serves as the ESXi host must meet the following requirements:
-
It must have a 64-bit CPU that provides virtualization support, either Intel® Virtualization Technology (VT) or AMD Virtualization™ (AMD-V™) technology.
-
Virtualization must be enabled in the BIOS settings
Both Intel and AMD provide online processor identification utilities to help you identify CPUs and determine their capabilities. Many servers that include CPUs with VT support might have VT disabled by default, so you must enable VT manually. You should consult your manufacturer's documentation for instructions on how to enable VT support on your system.
-
If your CPUs support VT, but you do not see this option in the BIOS, contact your vendor to request a BIOS version that lets you enable VT support.
-
To host virtual devices, the computer must have network interfaces compatible with Intel e1000 drivers (such as PRO 1000MT dual port server adapters or PRO 1000GT desktop adapters).
Verify CPU Support
You can use the Linux command line to get information about the CPU hardware. For example, the /proc/cpuinfo file contains details about individual CPU cores. Output its contents with less or cat.
You can look at the flags section for the following values:
-
vmx—Intel VT extensions
-
svm—AMD-V extensions
Use grep to quickly see if any of these values exist in the file by running the following command:
egrep “vmx|svm” /proc/cpuinfoIf your system supports VT, then you should see vmx or svm in the list of flags.