Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1686
Views
0
Helpful
2
Replies

ASA to FTD Migration, manually migrate and HA mode

Go to solution
yong khang NG
Level 5
Level 5

‎08-28-2018 10:39 PM - edited ‎02-21-2020 08:09 AM

Hi All

 

I would like to migrate a pair of legacy ASA replace with new ASA running in FTD 6.2.3

 

With no using any tools migrate the existing config (reconfig from scratch), i would like to know the sequence of setting up the FTD in HA.

 

This is my thought, please correct me

 

a. Should i create the object at the FMC,

 

b. or should i prep the single unit ASA in FDM (example object, access rules etc), ready second unit with minimal setting ready for HA. Then using FMC register both unit of ASA and let them sync up the config, in HA mode.

 

Will this propagate the object, access rules created before into FMC?

 

what is the correct way in doing this?

 

Noel

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-29-2018 12:35 AM

Bootstrap both ASAs with FTD image using the initial cli-based setup. Then add both to FMC using "configure manager add..." command.

 

Once both appliances are successfully registered and licensed, add them as an HA pair in FMC. See Devices > Device Management > Add > High Availability.

 

Then proceed to do the normal configuration of objects, policies, platform settings, etc. deploy to the HA pair and everything will sync from FMC to the Active member of the pair (and then on from there to the Standby member).

 

You don't need to do anything from FDM. Indeed you shouldn't as it will be all wiped out by FMC.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-29-2018 12:35 AM

Bootstrap both ASAs with FTD image using the initial cli-based setup. Then add both to FMC using "configure manager add..." command.

 

Once both appliances are successfully registered and licensed, add them as an HA pair in FMC. See Devices > Device Management > Add > High Availability.

 

Then proceed to do the normal configuration of objects, policies, platform settings, etc. deploy to the HA pair and everything will sync from FMC to the Active member of the pair (and then on from there to the Standby member).

 

You don't need to do anything from FDM. Indeed you shouldn't as it will be all wiped out by FMC.

0 Helpful

Go to solution
yong khang NG
Level 5
Level 5
In response to Marvin Rhoads

‎09-07-2018 03:33 AM

good one, thanks!
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card