topic Re: Migration from Barracuda FW to Cisco FMC in Network Security

Migration from Barracuda FW to Cisco FMC

oliver.mentel — Mon, 03 Feb 2025 10:39:27 GMT

Hello Cisco Community,

We are faced with the challenge of transferring the access rule list from an existing Barracuda firewall to Cisco FMC. On the Cisco side, two FTDs are connected to the FMC.

When looking into the Barracuda Firewall, I noticed that, unlike in the Cisco world, the rules between ACL and NAT are not strictly separated. In addition, the export from the Barracuda is very individual, which further complicates matters.

Therefore my question is there anyone who has already faced a similar challenge? How did they deal with this challenge?

Is there possibly a publicly available open source project, e.g. on GitHub, that can be used to translate the rules for the FMC?

I would be grateful for any advice.

Re: Migration from Barracuda FW to Cisco FMC

Sheraz.Salim — Mon, 03 Feb 2025 11:04:10 GMT

The Cisco Secure Firewall Migration Tool supports migration from third-party firewalls (e.g., Check Point, Fortinet) to Cisco FTD. It allows selective migration of access control and NAT rules while removing redundant or shadowed rules. This tool could simplify the process if Barracuda configurations are supported or can be adapted for import Link is here but I do not think Barracuda is in the tool migration.

Cisco provides APIs for FMC that can be used to automate rule creation and management. Here at this Community you may find scripts this can assist in merging or translating access control policies. For example

A Python script designed for merging access policies in FMC could be adapted to import rules from Barracuda exports Here and Here this link may give you for insight and give your more kind of road mind how to appraoch this for your migration.

I do not come across and doesn’t appear to be a specific open-source project for Barracuda-to-FMC migration, general-purpose firewall migration tools or custom scripts could be developed:

Parse the Barracuda export file to extract ACL and NAT rules.

Convert them into a format compatible with FMC (e.g., JSON for API imports)

These are the following step I shall take in scope of this migration hence they are not limited.

Steps for Migration

Export Rules from Barracuda: Use the Barracuda interface to export ACL and NAT configurations.
Analyze and Categorize Rules: Separate ACLs from NAT rules manually or using a script.
Prepare for FMC Import, -Use the Cisco Secure Firewall Migration Tool if compatible. Alternatively, adapt an API-based script to create rules in FMC.
Test in a Lab Environment: Before deploying, test the imported rules on a non-production FMC setup with FTDs.
Deploy and Monitor: Apply the configurations to live devices and monitor traffic to ensure correctness.

worth reaching out to your cisco partner or cisco representative in your area.

Re: Migration from Barracuda FW to Cisco FMC

ahollifield — Tue, 04 Feb 2025 12:17:46 GMT

Stare and compare and reconfigure manually. A great time to clean up old/unused/unneeded rules.

Re: Migration from Barracuda FW to Cisco FMC

oliver.mentel — Tue, 04 Feb 2025 12:22:24 GMT

You are absolutely right. In this case, it was the explicit wish that it should be adopted one-to-one as far as possible.