Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
266
Views
0
Helpful
4
Replies

ASA to FTD migration

rushispace
Level 1
Level 1

‎07-03-2024 12:44 PM

hey there i am trying to migrate my old ASA Cluster firewall to a new FTD via FMC using FTM tool so i tried a demo for the same with same configuration on FTM however FTM gives me error for interface

there is total 113 Logical Interfaces like 'interface Port-channel10.197' this

 
error:
Blocked
FTD 3110 has only 16 physical interfaces available but the source configuration has 84 interfaces. Please choose a different FTD device to proceed.
0 Helpful
4 Replies 4

rushispace
Level 1
Level 1
In response to MHM Cisco World

‎07-03-2024 01:14 PM

so as per the documentation we need to create interface, port-channel manually right ?

/

  • During migration, the Secure Firewall migration tool resets the interface configuration. If you use these interfaces in policies, the Secure Firewall migration tool cannot reset them and hence the migration fails.

  • The Secure Firewall migration tool can create subinterfaces on the native instance of the threat defense device based on the ASA configuration. Manually create interfaces and port channel interfaces on the target threat defense device before starting migration. For example, if your ASA configuration is assigned with the following interfaces and port channels, you must create them on the target threat defense device before the migration:

    • Five physical interfaces

    • Five port channels

    • Two management-only interfaces

 

0 Helpful

Ruben Cocheno
Spotlight
Spotlight

‎07-03-2024 05:17 PM

@rushispace 

You will need to create the Port-Channels and Subinterfaces on the FTD, and use the tool again to perform the mapping.

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Ruben Cocheno

‎07-03-2024 08:50 PM

It depends on how you onboarded the 3110 into FMC. If you are managing the chassis from FMC (vs. just the native FTD instance) then you will need to first create portchannels. The subinterfaces should auto-create. I just did a migration that's similar but I had onboarded the native FTD (and not the 3110 chassis). The target interface portchannel and associated subinterfaces auto-created in that case (based on the physical interface mapping I did in the migration tool)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card