06-21-2018 08:48 AM - edited 02-21-2020 07:54 AM
Hello,
I'm working on a project to migrate several ASA 5510’s & 5520’s to FirePower 2100. I'm new to FirePower and need some guidance on the best way to migrate existing config files from the ASA 55X's to the FirePower 2100. I've reviewed the below doc but got a bit confused about the difference between configuring the FXOS vs the ASA. I was under the impression that migrating the config of one ASA to another was straight forward.
Thanks in advance,
~zK
06-21-2018 10:14 AM
Are your planning to run ASA or Firepower Threat Defense (FTD) image on the Firepower 2100 chassis? IF you plan to use ASA, the config would be the same as what you have now, only your initial setup processes may vary. FXOS is just the underlying OS for the chassis on top of which ASA is installed as an application . Think of the ASA installed as an VM and the FXOS as a hypervisor. All the physical aspects of the chassis are controlled on the FXOS.
IF you plan on using the FTD, you would have to convert the ASA configuration to FTD using the migration tool. As of today, this involves spinning up a separate Firepower Management Center (FMC) just for migration. Once you convert your ACLs, objects and NAT on the migration tool, you import the migrated output to your production FMC. More details are here:
06-22-2018 08:52 AM
Thanks, Rahul!
So, I simply want to run just the ASA image, will I need to do any type of configuration involving the FXOS?
Thanks, ~zK
06-23-2018 08:22 AM
As @Rahul Govindan mentioned, the initial installation of the ASA image and assignment of physical interfaces to the ASA is done via FX-OS.
Once you've done that, everything else is on the ASA itself using either ASDM or the cli.
07-25-2018 12:11 AM - edited 07-26-2018 10:51 AM
Thank you!
Best, zK
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide