Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
605
Views
1
Helpful
7
Replies

Cisco Secure Firewall 3100 Series

kirank10
Level 1
Level 1

‎07-31-2024 11:30 PM

hi , 
I am doing first time this project and there is no senior member in our team , I have to replace cisco asa 5500 series with FPR 3120. Can you guys help me with instruction plan to data center engineer 

1 person had this problem
0 Helpful
7 Replies 7

balaji.bandi
Hall of Fame
Hall of Fame

‎08-01-2024 12:15 AM

Replace with ASA with FTD - not that as expected easy task as per your experience.

But not that hard as it is, but couple of things you need to consider,

1. what features in ASA you are using ? is this configuration can be migrated to FTD ?

2. Cisco have ASA to FTD Migration tool (which does 80% of the work, again depends on the how ASA configured)

https://www.cisco.com/c/en/us/products/security/secure-firewall-migration-tool/index.html

3. Other side Upgrade the FTD with latest version,. and choose the right GUI , FDM vs FMC ( FDM on box, FMC out of the box Managment solution)

4. Physical cables and routing stuff. (If you like to use same IP then you need to test Offline and replace the device when you have maintenance and replace and test it)- if any issue role back to old ASA or fix and move forward depends on how critical this device in the network.

You can extract each steps more dependencies based on your requirement, make sure test is keen here before you live and all working.

Note : i will also clean up any FW ACL not required in ASA so you do not carry any Legacy non-used policies to new environment.

If you think this is big, then contact any integration engineer who can do small project and migrate for you, you can shadow and learn, so you can do yourself next time.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

kirank10
Level 1
Level 1
In response to balaji.bandi

‎08-01-2024 02:21 AM

Hi sir , 
this asa firewall only getting used for  policy implementation
we are not migrating to cisco ftd

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to kirank10

‎08-01-2024 05:51 AM 

we are not migrating to cisco ftd

then what is the point of buying - FPR 3120 , FPR 3120 using ASA code, that is very simple then

just install same version of ASA  code on new FPR 3120 and copy the config from old ASA and paste on the new code, if the ASA have old code, after configuration done, upgrade ASA to stable code before you cut over to new FPR 3120

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

mary456jackson
Level 1
Level 1

‎08-01-2024 02:38 AM - edited ‎08-02-2024 04:09 AM

This information is beneficial for those who need it. I hope you will make many more posts like this...
NY State of Health

0 Helpful

MHM Cisco World
VIP
VIP

‎08-01-2024 05:54 AM

Do you use fmc for ftd ?

There is migrate tool of asa to ftd you can use it

MHM

0 Helpful

kirank10
Level 1
Level 1

‎08-02-2024 01:07 AM

FPR3120 has got SFP port which sfp i need to use another end of the switch to make them working . can anyone help 

0 Helpful

johnlloyd_13
Level 9
Level 9
In response to kirank10

‎08-02-2024 02:03 AM

hi,

i use SFP-10G-SR on my 3100 to nexus switch.

buy cisco genuine SFP to avoid headache/compatibility issue when using third party SFP.

Name: "Ethernet 1/9", DESCR: "10gbase-sr"

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card