Solved: Re: Add an FTD to FMC - config import?

Daniel Mangan · ‎05-07-2018

Hi,

I have an ASA5508-X running FTD 6.2.2-81 which has just gone into production, but I'd like to add an FMC virtual appliance to the environment to control the firewall. When I register the FTD to the FMC, will the on-box configuration be imported to the FMC, or will I need to rebuild the configuration in the FMC during a maintenance window?

Thanks in advance,

-Dan

Mohammed al Baqari · ‎05-07-2018

You need to rebuilt. One you configure config manager as FMC, it will
remote the existing config

View solution in original post

Mohammed al Baqari · ‎05-07-2018

You need to rebuilt. One you configure config manager as FMC, it will
remote the existing config

Daniel Mangan · ‎05-07-2018

Thanks Mohammed...not the answer I was hoping for though!

Karsten Iwen · ‎05-08-2018

Do you already have a complex access-policy? If yes, then one workaround could be to upgrade to 6.2.3. There you can pull your access-control rules with the API and push them to FMC. But you need some python/perl skills for that.

Daniel Mangan · ‎05-08-2018

Karsten that's a great idea. My python skills are beginner at best, but I'll take a look at it. Do you have any reference info you think might be helpful?

Karsten Iwen · ‎05-08-2018

Most important, there are the API-Guides:

https://www.cisco.com/c/en/us/td/docs/security/firepower/ftd-api/guide/ftd-rest-api/ftd-rest-api-intro.html

https://www.cisco.com/c/en/us/td/docs/security/firepower/623/api/REST/Firepower_Management_Center_REST_API_Quick_Start_Guide_623.html

First make yourself comfortable with the API-Explorer to play around and use the API manually, then apply that to the provided scripts that you can download from the API-Explorer.