Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
14927
Views
12
Helpful
29
Replies

Can FMC running in vsphere be migrated to AWS?

Go to solution
SIMMN
Spotlight

‎03-12-2022 09:47 AM

I plan to migrate a FMC running in vsphere to AWS. Initially I plan to: 1. Build the FMC in AWS as brand new; 2. Backup the existing FMC (running v7 already) and then restore the backup in AWS FMC; 3. Login to AWS FMC serial console to change the MGMT IP address.

 

But after reading the FMC migration guide below, I am not too sure my planned process would work…

https://www.cisco.com/c/en/us/td/docs/security/firepower/fmc_model_migration/b_FMC_Model_Migration_Guide.html 


It shows Azure is not supported but what about AWS? From the guide, the supported migration path doesn’t seem support FMCv as the target no matter what is the source model…

 

So if I read the guide correctly, will I have to do policy export and import in order have the configuration migrated? Plus I donot know if the AWS ec2 serial console would work for FMC instance…

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-14-2022 03:25 AM - edited ‎03-14-2022 03:26 AM

You can temporarily "fool" the Firepower Model Migration Tool by configuring the target FMCv in AWS as a hardware model - an FMC 1600- for example. There is a script that you can run to do this. Run it as root: /var/sf/etc/model-info/configure-model.sh, change the model of the AWS FMC to FMC 1600 and import the backup. After that, rerun the script and revert it to the FMCv for AWS.

root@firepower:/var/sf/backup# /var/sf/etc/model-info/configure-model.sh 

To reset this Cisco Firepower Management Center for VMware to a new model the Cisco Firepower Management Center for VMware
will be stopped and rebooted.

Stop the Cisco Firepower Management Center for VMware to configure new model and reboot? [y/n] y
Stopping Cisco Firepower Management Center for VMware......ok
Please select the model to configure to:

 1) Cisco_Firepower_Management_Center_for_VMware
 2) Cisco_Firepower_Management_Center_for_AWS
 3) Cisco_Firepower_Management_Center_for_KVM
 4) Cisco_Firepower_Management_Center_1000
 5) Cisco_Firepower_Management_Center_2500
 6) Cisco_Firepower_Management_Center_4500
 7) Cisco_Firepower_Management_Center_1600
  Cisco_Firepower_Management_Center_2600
 9) Cisco_Firepower_Management_Center_4600
10) Cisco_Firepower_Management_Center_for_Azure
11) Cisco_Firepower_Management_Center_for_GCP
12) Cisco_Firepower_Management_Center_for_VMWare_300
13) Cisco_Firepower_Management_Center_for_OCI
14) Cisco_Firepower_Management_Center_for_OpenStack
Please select model configure to: 7

Configuring for Cisco Firepower Management Center 1600.

Proceeding with reboot of new Cisco Firepower Management Center 1600.


Broadcast message from root@firepower (pts/0) (Wed Mar  9 14:12:08 2022):

The system is going down for reboot NOW!
root@firepower:/var/sf/backup#

View solution in original post

29 Replies 29

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎03-12-2022 10:32 AM

I have done deployment in AWS, as per document you get console :

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/fmcv/fpmc-virtual/fpmc-virtual-aws.html#id_71276

 

Your steps seem to reasonable, you need to the same version, register FTD with the new FMC, before you remove OLD one.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
SIMMN
Spotlight
In response to balaji.bandi

‎03-12-2022 10:37 AM

Cool! It is mainly the migration path doc confused me…

 

so the way to access the AWS FMC serial console would the same as other Linux based EC2 instance?

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to SIMMN

‎03-12-2022 10:51 AM

I believe you get the ability of the same to do the task.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-14-2022 03:25 AM - edited ‎03-14-2022 03:26 AM

You can temporarily "fool" the Firepower Model Migration Tool by configuring the target FMCv in AWS as a hardware model - an FMC 1600- for example. There is a script that you can run to do this. Run it as root: /var/sf/etc/model-info/configure-model.sh, change the model of the AWS FMC to FMC 1600 and import the backup. After that, rerun the script and revert it to the FMCv for AWS.

root@firepower:/var/sf/backup# /var/sf/etc/model-info/configure-model.sh 

To reset this Cisco Firepower Management Center for VMware to a new model the Cisco Firepower Management Center for VMware
will be stopped and rebooted.

Stop the Cisco Firepower Management Center for VMware to configure new model and reboot? [y/n] y
Stopping Cisco Firepower Management Center for VMware......ok
Please select the model to configure to:

 1) Cisco_Firepower_Management_Center_for_VMware
 2) Cisco_Firepower_Management_Center_for_AWS
 3) Cisco_Firepower_Management_Center_for_KVM
 4) Cisco_Firepower_Management_Center_1000
 5) Cisco_Firepower_Management_Center_2500
 6) Cisco_Firepower_Management_Center_4500
 7) Cisco_Firepower_Management_Center_1600
  Cisco_Firepower_Management_Center_2600
 9) Cisco_Firepower_Management_Center_4600
10) Cisco_Firepower_Management_Center_for_Azure
11) Cisco_Firepower_Management_Center_for_GCP
12) Cisco_Firepower_Management_Center_for_VMWare_300
13) Cisco_Firepower_Management_Center_for_OCI
14) Cisco_Firepower_Management_Center_for_OpenStack
Please select model configure to: 7

Configuring for Cisco Firepower Management Center 1600.

Proceeding with reboot of new Cisco Firepower Management Center 1600.


Broadcast message from root@firepower (pts/0) (Wed Mar  9 14:12:08 2022):

The system is going down for reboot NOW!
root@firepower:/var/sf/backup#

Go to solution
SIMMN
Spotlight
In response to Marvin Rhoads

‎03-14-2022 06:50 AM

Thanks, will give it a try.

0 Helpful

Go to solution
SIMMN
Spotlight
In response to Marvin Rhoads

‎03-14-2022 12:40 PM - edited ‎03-14-2022 12:47 PM

@Marvin Rhoads If I set the FMC model to be something else other than the FMCv for AWS, say I set it to FMCv for VMware. Wouldnt I be able to just simply restore my backup captured from the FMC running in VMware?

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to SIMMN

‎03-14-2022 08:03 PM

Possibly, but I've never tried that.

On the other hand, I have used the method I suggested successfully on two different FMCs in the past month.

0 Helpful

Go to solution
SIMMN
Spotlight
In response to Marvin Rhoads

‎03-15-2022 06:25 AM

Thanks for the confirmation!

0 Helpful

Go to solution
bill.whelan
Level 1
Level 1
In response to Marvin Rhoads

‎08-29-2023 11:00 AM

Will this method work when migrating from an FMC 1000 to FMCv?

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Freemen

‎03-01-2024 04:21 AM

@Freemen yes - that is correct. Once you are able to migrate using that work around, revert the new FMC to its actual model.

0 Helpful

Go to solution
rayumang
Level 1
Level 1
In response to Marvin Rhoads

‎02-14-2024 11:58 PM

I have tried this approached but after uploading the backup file, I cannot reach the AWS FMC. Sorry but I am just new to this. Read also that you need to access the console of the AWS to replace the management IP. How to do this? 

Appreciate the reply.

Thanks,

Don

 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to rayumang

‎02-15-2024 08:19 AM

You would have to log into the VM console in AWS and use the configure-network script as root user in expert mode to update the FMC management address.

sudo /usr/local/sf/bin/configure-network

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top