Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
298
Views
0
Helpful
6
Replies

CONFIGURATION MIGRATION BETWEEN FMCs

fmugambi
Spotlight
Spotlight

‎05-14-2024 01:13 AM

fmugambi_0-1715674242756.png

Hello Team, on site A i have one virtual fmc managing 2 physical ftd - site A, and one virtual ftd site-B. Both ofcourse have different policies since they are in different sites.

I have introduced a virtual fmc on site B, and would wish to have virtual ftd currently managed by fmc on site A to be managed by this new virtual fmc on site b.

are there ways to migrate vftd specific configs to the new fmc? 

kindly provide a guideline if any.

Thank you.

0 Helpful
6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

‎05-14-2024 01:56 AM

You can take backup of FMC and restore in new FMC and Site-B (change the IP address and other stuff related new FMC IP of Site B)

de-register FTD  from OLD FMC and re-register with new FMC. and you can test pushing sample policy from new FMC to FTD.

Once this is success you can remove FTD from OLD FMC.

Note : always take configuration backup out of the box. make sure new FMC code also run same as old one code.

You may need bit home work to remove the devices and unrelated config  which is not required when you restore on new FMC (do it offline before you add branch FTD to new FMC).

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

fmugambi
Spotlight
Spotlight
In response to balaji.bandi

‎05-14-2024 11:33 PM

I did setup the new fmc uniquelly, exported configs specific to the virtual ftd i wish to migrate, i imported them to the new fmc.

i as well did device backup- i plan to import it on the new fmc. what are the expected outcomes? will i get back/restore all device configs likes of ipsec vpn, RA VPN and their policies?

read somewhere when i add the new manger on this virtual ftd, expected behaviour is to lose the device configurations. is this still so?

And if i loose them, since i did a device backup, when i restore, while i get everything back as was, or i will need to build things manually again?

thanks.

 

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to fmugambi

‎05-15-2024 06:58 AM

If you do a device restore and make sure the new FMC has the Access Control Policy, NAT Policy, Platform Policy and VPN configuration(s) (including certificates for SSL VPN) targeting the migrated devices; there should not be any manual work required to recreate configuration.

0 Helpful

fmugambi
Spotlight
Spotlight
In response to Marvin Rhoads

‎05-15-2024 10:48 PM

import/export does not seem to give provisions for s2s and RA vpns. any guidelines on how to go about this?

since i noticed when i was trying to delete the ftd from the old fmc, it was complaining about me needing to delete some vpn configs first.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to fmugambi

‎05-16-2024 05:37 AM

The context in which I was answering assumed you have restored the old FMC configuration onto the new, as recommended already by @balaji.bandi . If you have that, then just make sure those configurations are associated with the device newly registered on the new FMC.

0 Helpful

fmugambi
Spotlight
Spotlight

‎05-15-2024 05:56 AM

hi fam, any insights on this?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card