i have to do this for multiple sites, also, enabling logging on all 300 rules is the manual process , I think No tool help with this, logging is also required to see the logs at FMC.
Wondering, why Cisco migration tool is not doing this ...
You can use the FMC REST API to update the configuration of multiple ACP rules. I frequently use it to enable logging for all ACP rules missing the logging configuration.
thanks for reply.
Do you able to share steps or documents that can help me on this ? Telling me how to use REST API for this configuraiton..
Also, Do you have any python script that can help to clean-up ASA configuration?
If you are interested I wrote a blog post yesterday on how to use the fmc rest api. I created a small script to enable syslog alerts for access-control-policy rules. You can find it here: http://dependencyhell.net/2017/08/27/Automating-ACP-Bulk-Changes/
In case anything is unclear let me know.
p.s. what do you mean by cleaning up ASA configuration. What is it that you want to clean up?
i was having the same issue, contacted Tac tried the following things and it worked:
Removed any header and trailer contents on the running config output, as I have seen this in past.
The file looked like the example below:
ASA Version 9.4(2)11
prompt hostname state priority
no call-home reporting anonymous
Also make sure the ASA configuration file is not encoded in unsupported format, as only UTF8 is supported ( for me it worked in ANSI mode)
hope it helps
Are you planning to upgrade to FTDs?
If so, tool would not help you to create interfaces.
You need to create interface /sub-interface by own, this has to be done at FMC once you have your FTDs regiesterd.
Tool is only helpful to migrate firewall rules, you need to tune the existing rules before uplaoding the configurtation to the FMC tool.
Let me know if you have any questions, I have done this in the past and could able to guide/help.
You can create sub-interface on the Firepower.
Script will just help you to convert the firewall policies. Any other settings inlcuding interface creation need to be done manually.