Asa Migration tool, is it ready yet?

tahscolony · ‎01-30-2025

I tried migrating our 5555-X to a 3120 instance HA pair. For the most part, it migrated, however only ONE WAY. Our firewall is set up with inbound AND outbound ACLs and only the inbound ACL's migrated, leaving a huge load of unmigrated network objects and groups.

Has the latest tool solved this issue yet, or does it still ignore outbound ACL's and associated objects? We have a few ACL's used to allow access to a server that is applied to the outgoing list on the DMZ. It is set that way since traffic can egress from multiple interfaces to that DMZ through the ASA.

Karsten Iwen · ‎01-30-2025

Outbound ACLs are still unsupported:

https://www.cisco.com/c/en/us/td/docs/security/firepower/migration-tool/migration-guide/ASA2FTD-with-FP-Migration-Tool/m-getting-started-with-the-secure-firewall-migration-tool.html#id_68079

I would not expect that this feature will get implemented.

ccieexpert · ‎01-30-2025

you would have run some automation using API etc to accmoplish this.

i have to had to do some large scale migration using scripting etcl.