ASA to FTD migration using FMT

rushispace · ‎11-05-2024

hello everyone!! so basically we have one ASA with SFR which is register with FMC which use as IPS using some ACL policy and i need to migrate the ASA to the new FTD does ASA backup more system:running-config hold the SFR-FMC IPS policys? is not then how can migrate my ASA backup + SFR-FMC policys into that new FTD.

nspasov · ‎11-06-2024

The ASA running/startup configs do not contain configuration details for the SFR module; they are separate entities. The IPS related configurations are stored in your FMC. Nonetheless, the Firepower Migration Tool does support your deployment scenario:

https://www.cisco.com/c/en/us/td/docs/security/firepower/migration-tool/migration-guide-fps/fmt-migration-guide-asa-fps/asawithfps2ftd-with-fp-migration-tool/b_Migration_Guide_ASA2FTD_chapter_0111.html

In addition, unless you are using custom-built constructs (e.g., Custom Snort signatures, custom application detectors, etc.) then re-creating your policies from scratch should be simple and quick.

I hope this helps!

Thank you for rating helpful posts!

Thank you for rating helpful posts!

rushispace · ‎11-06-2024

i agree on "The IPS related configurations are stored in your FMC " however i want to migrate from ASA which have SFR configure with respect to FMC how we can perform that ? in this scenario we need to create every ips policy manually.

nspasov · ‎11-07-2024

The link that I shared in my previous comment outlines the steps for your exact scenario.

Thank you for rating helpful posts!