Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
244
Views
1
Helpful
2
Replies

ASA->FTD migration tool

Go to solution
Chess Norris
Level 4
Level 4

‎05-17-2024 04:21 AM - edited ‎05-17-2024 04:45 AM

Hello,

I'm using the Firewall migration tool version 6 to convert a single context ASA with Firepower Services to a FTD device.

The current ASA firepower module is manged by the same FMC that will also mange the new FTD firewalls, but the new FTD's are not  installed yet. 

If I try to migrate the ASA configuration, the migration tool tells me that interfaces, routes and L2L tunnels will not be migrated if there is no FTD present. However the rest of the configuration will be migrated without a FTD present.

If I start migrating ACP,'s objects, etc. and then re-run the migration tool when the FTD are present, should I use the same configuration file or should I create a new configuration file, just including interface, routes and VPN when I do the second migration?

Also, the migration tool says the migration might fail if I dont upgrade FMC to at least version 7.3. Is that necessary? The Firepower modules is running version 6.6.7.1 and FMC 7.2.5.1. When looking at the compabillity matrix, I cannot upgrade the FMC to anything newer than 7.2.x if I want to mange a 6.6.x device and the Firepower modules cannot be upgraded beyond 6.6.7

 

 

Capture.JPGCapture2.JPG

 

Capture 3.JPG

Thanks

/Chess

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-17-2024 07:35 AM

I have not run a migration lately using the v6 tool. I suspect the warning about FMC 7.3 or later is due to some of the newest features (Zero Trust etc.) requiring that version of FMC. For the elements you are asking about, your FMC 7.2.5.1 should be fine. I have run several migrations to FMC 7.2.x.

You should use the complete source configuration file as it will replace everything on the target FTD.

View solution in original post

2 Replies 2

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-17-2024 07:35 AM

I have not run a migration lately using the v6 tool. I suspect the warning about FMC 7.3 or later is due to some of the newest features (Zero Trust etc.) requiring that version of FMC. For the elements you are asking about, your FMC 7.2.5.1 should be fine. I have run several migrations to FMC 7.2.x.

You should use the complete source configuration file as it will replace everything on the target FTD.

Go to solution
Chess Norris
Level 4
Level 4

‎05-17-2024 08:29 AM

Thanks  @Marvin Rhoads Appreciate it.

/Chess

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card