11-08-2017 09:46 AM - edited 02-21-2020 06:40 AM
I am converting ASA to firepower. The problem is that I need to remove the zones and int ip addresses from the original config as they are being removed and replaced with a new ip schemes.
Is there a way to edit the new sfo file to add the new int ip addresses?
10-09-2018 04:35 AM
i don't believe there is any way doing it. Until and unless you are very good with REST-API and from there you can update your bulk of policies and objects using python scripts.
11-07-2018 08:35 PM
i have the same issue
after migrating the the FMC/FTD model i have lost functionality
object and policies were easy to in CLI
with FTD/FMC, no more CLI "conf t" allowed
a group of objects took me seconds to deploy in CLI, now they can many minutes per object
there is no means to see the config as in CLI
now it just outputs SFO file which i cant open
this direction by Cisco is POOR and might make me move to another OEM
11-08-2018 01:55 AM
You can still see the running-config in FTD. Just "show running-config" from the cli. You just cannot makes many changes that way.
I agree deployments are (too) slow! Keep giving that feedback to Cisco - I know they have been working on it but the more customers that complain, the higher priority a fix it will be.
11-08-2018 02:05 AM
Hi @Marvin Rhoads We are facing lot of complaints from customer regrading below issues. Is there any forum to report these kind of issues to enhance.
Deployment time, Search time, No live logs, MFA for VPN (integration to thirdparty MFA servers) etc.
HTH
Abheesh
11-08-2018 02:10 AM - edited 11-08-2018 02:13 AM
There's no public forum.
I recommend contacting your Cisco account manager or partner account manager. If you are a partner, also be sure to attend the partner training sessions given by the product TMEs and/or the bi-annual Security SEVT and be sure to bring up your feedback there.
Also, if you attend any Cisco Live, go up to the product reps and speak with them directly. What they hear there goes directly into the business unit in helping prioritizing work going forward.
11-08-2018 02:12 AM
11-08-2018 03:38 PM
Hello Marvin
I did that this year @ CL18 in Orlando.
I spoke to 6-10 different people TAC, BU, ASA session, LABS etc
all CISCO employee agree with what i told them.
now is 6 months after talking
i asked my SE about the updated for ASA FTD/FMC. Everything thing that i asked, was NOT in the new asa update.
poor support from asa BU (;
11-08-2018 10:16 PM
There is no documented way to modify the SFO file.
These are the two below Option which i think possible, both required manual effort.
Option 1: Modify in .cfg file before importing to migration tool.
You may change the IP address on the .cfg file (Config of ASA) before importing to Migration tool.
Option 2: Modify the Interface IP on FMC
Once you import the SFO file to FMC and assigned to an FTD, you can go to Device setting and modify manually.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide