Import Access Control Policy from ASA to Firesight

prayer401 · ‎07-17-2019

Our ESXi box failed and we had to rebuild it from scratch (as a result we lost the Firesight/FirePOWER VM). We have a backup but it is not the latest. The restored VM is up and running again but the FirePOWER module on ASA has the latest polices.

Is there a way to import the FirePOWER polices (Access Control Policy in particular) from the FirePOWER module on ASA to the Firesight VM?

Sheraz.Salim · ‎07-19-2019

you can spin the same version of your FMC as the last version and import the backup from your previous FMC file and than push the policy to SFR.

now as it to late. what you can do it spin a new VM FMC with same version as the previous and restore the backup once restore register the new sfr and deploy the policy.

please do not forget to rate.

prayer401 · ‎07-19-2019

I appreciate the feedback but what I’m looking to do is having the VM FMC receive the configuration from the SFR module on ASA (not the other way around).

If this isn’t possible is there a way to display applied configuration on the SFR module (so that I can manually re-add the policies on VM FMC and then deploy to the SFR module)?

Marvin Rhoads · ‎07-19-2019

If you log into the Firepower module and "show running-config" you will see the basic settings. Some bits however are buried in other files and locations with in various databases running on the module and not easily viewable.