05-14-2024 01:13 AM
Hello Team, on site A i have one virtual fmc managing 2 physical ftd - site A, and one virtual ftd site-B. Both ofcourse have different policies since they are in different sites.
I have introduced a virtual fmc on site B, and would wish to have virtual ftd currently managed by fmc on site A to be managed by this new virtual fmc on site b.
are there ways to migrate vftd specific configs to the new fmc?
kindly provide a guideline if any.
Thank you.
05-14-2024 01:56 AM
You can take backup of FMC and restore in new FMC and Site-B (change the IP address and other stuff related new FMC IP of Site B)
de-register FTD from OLD FMC and re-register with new FMC. and you can test pushing sample policy from new FMC to FTD.
Once this is success you can remove FTD from OLD FMC.
Note : always take configuration backup out of the box. make sure new FMC code also run same as old one code.
You may need bit home work to remove the devices and unrelated config which is not required when you restore on new FMC (do it offline before you add branch FTD to new FMC).
05-14-2024 11:33 PM
I did setup the new fmc uniquelly, exported configs specific to the virtual ftd i wish to migrate, i imported them to the new fmc.
i as well did device backup- i plan to import it on the new fmc. what are the expected outcomes? will i get back/restore all device configs likes of ipsec vpn, RA VPN and their policies?
read somewhere when i add the new manger on this virtual ftd, expected behaviour is to lose the device configurations. is this still so?
And if i loose them, since i did a device backup, when i restore, while i get everything back as was, or i will need to build things manually again?
thanks.
05-15-2024 06:58 AM
If you do a device restore and make sure the new FMC has the Access Control Policy, NAT Policy, Platform Policy and VPN configuration(s) (including certificates for SSL VPN) targeting the migrated devices; there should not be any manual work required to recreate configuration.
05-15-2024 10:48 PM
import/export does not seem to give provisions for s2s and RA vpns. any guidelines on how to go about this?
since i noticed when i was trying to delete the ftd from the old fmc, it was complaining about me needing to delete some vpn configs first.
05-16-2024 05:37 AM
The context in which I was answering assumed you have restored the old FMC configuration onto the new, as recommended already by @balaji.bandi . If you have that, then just make sure those configurations are associated with the device newly registered on the new FMC.
05-15-2024 05:56 AM
hi fam, any insights on this?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide