Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
498
Views
0
Helpful
2
Replies

Cisco ASA Configs to FMC FTD Device

keithcclark71
Level 3
Level 3

‎06-09-2022 03:31 AM

I am doing a migration of existing HQ and Tail site ASA;s primarily 5506-X to new FTD 1010's managed by FMC 6.6.5. I was curious as to how the best approach would be. In the past I manually went through all ASA;s and documented all the network\service objects rules, ipsec tunnel elements etc and then manually built the new FTD 1010's to match. I was wondering is there is any way to export the configs off the ASA platform and then like import it into the FMC managed FTD Devices? This would be so helpful and time saving if such a toolset exists that actually worked. Is there any such thing? What is the best approach here?

0 Helpful
2 Replies 2

Rob Ingram
VIP
VIP

‎06-09-2022 03:41 AM - edited ‎06-09-2022 03:53 AM

@keithcclark71 yes, there is the Firepower Migration Tool that can migrate from ASA to FMC managed FTD, this will export ACL, NAT, objects, VPN configuration, interfaces etc

 

https://www.cisco.com/c/en/us/products/security/firewalls/firepower-migration-tool.html

 

The release notes list what is supported as part of the migration

https://www.cisco.com/c/en/us/td/docs/security/firepower/migration-tool/fp-migtool-release-notes.html

 

0 Helpful

smailmilak
Level 4
Level 4

‎06-09-2022 07:54 AM

Hi,

 

I have to migrate from ASA to FTD. The migration tools is asking for FMC or CDO. 

With FMC I have to manage it with FMC only and when I revert back to FTD the config is deleted.

With CDO, FTD is still used for management as far I can see.

 

Now to the problems.
We got CDO because in the guide it says that FTD can be added with registration token without Secure Device Connector (SDC).

Until today there was no option to add FTD on my dashboard.

Today FTD appeared but when I click on it I get the message "Cloud-Delivered Firewall Management Center now available!".

All I can do is to request for it, which I don't want.

 

In the guide it says clearly that FTD can be added to CDO with the Cloud Connector, but I don't have this option. https://edge.us.cdo.cisco.com/content/docs/g-onboard-devices-and-services.html#!c-connect-cisco-defense-orchestratortor-the-secure-device-connector.html

All I want is to easily migrate the config from ASA to FTD, that is all. How can I do it?

Preview file
82 KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card