Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1689
Views
15
Helpful
10
Replies

Export Firepower policies to another Firepower

Go to solution
mikemanz83
Level 1
Level 1

‎06-28-2022 06:16 AM

Greetings my friends,

 

I have 3 Cisco firepowers

Model : Cisco Firepower 1150 Threat Defense

Software: 7.1.0-90
 
In one of them i configured nearly 50 policies and i want to replicate the same policies and objects to the other two, is there an easy way to do that??
M.M.
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP
In response to mikemanz83

‎06-28-2022 06:55 AM

@mikemanz83 CDO is Cisco Defense Orchestrator - it the cloud management tool, it can manage multiple FTD's.

 

Get a trial (see link below) then onboard the devices, you can then share the configuration and deploy the same settings to multiple devices..

 

https://www.cisco.com/c/en_uk/products/security/defense-orchestrator/index.html

 

View solution in original post

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to mikemanz83

‎06-28-2022 07:01 AM

@Rob Ingram is on track here. I would take it a step further and recommend if you want to keep the policies and objects in sync going forward that CDO (Cisco Defense Orchestrator - the cloud-based firewall management platform from Cisco) would be the way to go.

You can buy three device licenses relatively inexpensively for these small firewalls. The list price for one is US$750 per year (part number L-FPR1150-P= with subscription SKU L-FPR1150-P-1Y). Once they are CDO managed you can do just about everything from the cloud-based web interface - manage all policies, object, upgrades etc. from one place.

View solution in original post

10 Replies 10

Go to solution
Rob Ingram
VIP
VIP

‎06-28-2022 06:24 AM

@mikemanz83 I assume these FTD's are managed locally using FDM and not FMC? If using FMC it's easy as the objects are shared, but less so with FDM management. A couple of options:

 

Get a eval of CDO, onboard the FTD's and import the configuration policies, objects etc from the working FTD and deploy the required objects and policies to the other FTDs.

Alternatively I had a customer backup a working FTD and restore the configuration on another FTD.

Or write a python script to export the objects and polices and then re-import.

 

I think the CDO option is probably the easiest option.

0 Helpful

Go to solution
mikemanz83
Level 1
Level 1
In response to Rob Ingram

‎06-28-2022 06:49 AM

Hi Rob, thanks for your answer!

 

Im new with the firepowers world, so, yes, im managing the firepower locally with FDM, could you explain to me what is CDO? 

 

Thanks for your patience 

M.M.
0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to mikemanz83

‎06-28-2022 06:55 AM

@mikemanz83 CDO is Cisco Defense Orchestrator - it the cloud management tool, it can manage multiple FTD's.

 

Get a trial (see link below) then onboard the devices, you can then share the configuration and deploy the same settings to multiple devices..

 

https://www.cisco.com/c/en_uk/products/security/defense-orchestrator/index.html

 

Go to solution
mikemanz83
Level 1
Level 1
In response to Rob Ingram

‎06-28-2022 06:58 AM

Ok, and without this CDO, what option i got left?

M.M.
0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to mikemanz83

‎06-28-2022 07:03 AM

@mikemanz83 the options are listed above....though not ideal.

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to mikemanz83

‎06-29-2022 06:40 AM

Without CDO your only other option to automate this would be to script it.  Depending on how savvy you are with programming this might be an easy or hard task.  I personally find it interesting and challenging creating such scripts.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
petrokorkov
Level 1
Level 1
In response to Rob Ingram

‎06-29-2022 04:50 AM - edited ‎06-29-2022 04:58 AM

@Rob Ingram написал:

@mikemanz83CDO — это Cisco Defense Orchestrator — это инструмент управления облаком, он может управлять несколькими FTD.

 

Получите пробную версию (см. ниже), затем подключите устройство, затем выберите большую плотность и разверните несколько отдельных участков и тех же на некоторых участках.

 

https://ziare.com/afaceri/stiri-afaceri/masuri-anticriza-modul-in-care-imm-urile-sunt-mentinute-pe-linia-de-plutire-in-finlanda-1669649

 

Thank you! And for how long is the trial version given?

0 Helpful

Go to solution
mikemanz83
Level 1
Level 1
In response to petrokorkov

‎06-29-2022 07:36 AM

30 Days

M.M.
0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to mikemanz83

‎06-28-2022 07:01 AM

@Rob Ingram is on track here. I would take it a step further and recommend if you want to keep the policies and objects in sync going forward that CDO (Cisco Defense Orchestrator - the cloud-based firewall management platform from Cisco) would be the way to go.

You can buy three device licenses relatively inexpensively for these small firewalls. The list price for one is US$750 per year (part number L-FPR1150-P= with subscription SKU L-FPR1150-P-1Y). Once they are CDO managed you can do just about everything from the cloud-based web interface - manage all policies, object, upgrades etc. from one place.

Go to solution
mikemanz83
Level 1
Level 1

‎06-28-2022 07:17 AM

Wow! i didnt know that. Im going to present this idea to my suprevisor, is an amazing tool.

 

In the meantime, im going to try to backup and download the config of the device im working up and upload it to the other two.

 

Thanks both @Rob Ingram @Marvin Rhoads 

M.M.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card