02-12-2021 02:13 AM
Hello,
Please I am tasked with migrating 3 different ASAs into Firepower, I am trying to use the migration tool which seems faster but my problem is each time I connect the migration tool to each ASA, a new policy package is generated hence this will overwrite the previous policy package from another ASA
please is there a way i could do this seamlessly? there are a thousand NAT statements and also over 700 ACL statements with tonnes of Network Objects.
Please advise
02-12-2021 04:22 AM - edited 02-12-2021 04:22 AM
If you are looking to merge three separate ASAs into one Firepower Threat Defense appliance, that is not currently supported with the Firepower Migration Tool. The process I've followed is to
1. clean up all of the source configurations - removing unused objects, ACLs and ACL entries.
2. Migrate the largest ASA configuration first to minimize the remaining work.
3. Migrate #2 and #3 selecting only objects when you migrate. That will write them all to the target FMC and this save you some work when creating the remaining NAT statements and ACP entries later on.
02-12-2021 05:27 AM
Optionally, you can look into scripting this. For example, you could save all the ASA configurations into three separate text files, then write a script that parses the text files, extracts the required data you are looking to migrate, and then send it to the FMC using API. Of course creating this script might take a little time depending on your coding experience, but I will assume it will take less time than manually migrating the required rules and you will be learning something new in the process.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide