Introduction
I was recently involved in resizing a container instance for a customer. Despite searching everywhere, I could not find an official document that describes the process, so I made sure to document everything, which has turned into this post.
Case
Our customer had 2 x FP4115 in Multi-Instance with 4 logical container instances on each firewall running Firepower Threat Defence (FTD). So a total of 8 instances across both chassis constituting 4 A/S HA Pairs.
All instances were initially created using a Resource Profile that allocates 10 Cores for each instance, and the goal was to upgrade one of the instances from 10 to 16 cores.
Overall Procedure
- Perform Failover on the Logical Instance from FMC by making the Secondary chassis Active for the container instance.
- Disable the Container Instance on the Primary/Standby unit.
- Edit the Logical Instance and change Resource Profile.
- Enable the Logical Device and verify it’s booting.
- HA Should be re-established, but LINA should be throwing warnings due to the different hardware specifications.
- Make the Primary/Standby unit active so that it becomes Primary/Active, meaning that the Standby Chassis is handling no traffic for the container instance.
- Re-do above.
- Once both container instances and HA is back up, edit the HA Pair in the FMC, and under the Device tab, go to the Inventory Details section and click Refresh Inventory Details.
Procedure
First, create the desired Resource Profiles by logging onto FXOS and navigating to Platform Settings > Resource Profiles, then click Add and specify the number of Cores you wish to assign to the Container Instance. I have noted the expected amount of throughput based on the number of cores in the description field.
OBS: Remember to do this on both Chassis!
Perform Failover on the Logical Instance from FMC by making the Secondary Chassis Active for the container instance
The Primary firewall no longer handles any traffic for that particular HA Pair. Now browse to the FXOS of the Primary Chassis (Make sure it’s the right chassis!) And Disable the container instance.
It’s going to prompt if you really want to disable the instance. Say Yes
The Container Instance will be powered off. Once it has been marked Offline, click the Pencil icon and Click to Configure.
Choose the new Resource Profile from the popup window and click OK, followed by Save.
This automatically boots up the Container Instance again. Navigate to Logical Devices to verify its booting and that the Resource Profile has changed.
After a short while, you can SSH to the container instance using its management IP and verify that the device is booting correctly without any errors.
Once the container instance has booted, navigate to the LINA engine by issuing system support diagnostic-cli.
You should see the CLI being spammed with messages warning about the hardware difference.
Verify that the configuration is synced from the active unit and that HA is re-established using show failover from the CLI or directly from the FMC. You will want to verify that the Primary unit comes up as Standby (Or Standby Ready from CLI)
Now perform another Failover between the container instances by making the Primary firewall Active and the Secondary Standby again, then repeat the entire procedure for the second Chassis.
Once both Container Instances are back up using the new resource profiles, go to the FMC and navigate to Device Management. Edit the HA Pair, go to the Device tab, and locate the Inventory Details section. Notice it’s still showing the previous core assignment.
Click the Refresh icon, and it should now update with the correct amount of cores. 
The post FP Multi-Instance: Resizing Container Instances in Production appeared first on NBORC.