cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1198
Views
1
Helpful
5
Replies

firepower 1140 and firepower migration tool 4.0

sistemi10
Level 1
Level 1

Hi to all,

I've try to import an ASA configuration to firepower 1140 using the firepower migration tool 4.0.

I can upload the ASA configuration correctly, but when try to connect to firepower the migration tool show an error like it:

Bllocked Invalid FMC credentials, Please try again.

I've used the same credential of FDM (and it work correctly), but with FMT fail to access to the firepower.

Please can help me to solve te issue?

Best regards

1 Accepted Solution

Accepted Solutions

@sistemi10 you can use Cisco Defense Orchestrator (CDO) to migrate ASA to FDM. Perhaps get an evaluation to perform the migration or buy the CDO license.

https://www.cisco.com/c/en/us/td/docs/security/firepower/migration-tool/migration-guide-CDO/ASA2FTD_Using_CDO/ASA2FTD_with_FP_Migration_Tool_cdo_chapter_011.html

 

View solution in original post

5 Replies 5

manabans
Cisco Employee
Cisco Employee

Using the Firepower Migration tool (FMT), the below migrations are possible,

  • Migration of ASA configurations to Firewall Management Center (FMC)
  • Migration from ASA with Firepower Services (FPS) to Firewall Threat Defense (FTD)
  • Migration from Firewall Device Manager (FDM) to Firewall Management Center (FMC)
  • Migration from third-party firewalls: Check Point, Palo Alto Networks, Fortinet

Reference: https://www.cisco.com/c/en/us/products/security/secure-firewall-migration-tool/index.html 

Migration from ASA to FTD (managed locally, via FDM) doesn't seem to be possible using the FMT tool.

Hi, thank you for the answer,
but there is a way for transfer automatically the configuration from ASA to FPR 1140 with FTM or other tools?

Thank you for your support

Best regards

@sistemi10 you can use Cisco Defense Orchestrator (CDO) to migrate ASA to FDM. Perhaps get an evaluation to perform the migration or buy the CDO license.

https://www.cisco.com/c/en/us/td/docs/security/firepower/migration-tool/migration-guide-CDO/ASA2FTD_Using_CDO/ASA2FTD_with_FP_Migration_Tool_cdo_chapter_011.html

 

sistemi10
Level 1
Level 1

Hi to all,
I've contacted the cisco support for try the migration from ASA to FDM using CDO, but the support answer to me it:
"Thank you for your patience! Currently for FDM devices deployed to cdFMC via CDO the ASA FTD cannot be migrated using the feature on the CDO, it’s still being worked upon to include. "

And so the migration feature isn't available and actually Rob's suggestion don't seems a viable solution.
The cisco support tell me this way for ASA to FTD migration:

To perform the ASA to FTD can be migrated using the FMT tool, this can be downloaded to your windows machine, then install and complete the migration as per the guides:
 

But I've tried the tool in late march and it don't work, and so I'm in a loop, I hope the new version of the tool (it's date 2 may 23) now try this new version.
I hope to are more lucky, but I'm losing hope.

Regards

 

@sistemi10 who mentioned anything about using cdFMC? That's the Cloud Based FMC hosted in CDO. You just need to use CDO (without the cdFMC).

The link already provided guides you through the steps - Migrating an ASA to an FDM-Managed Device Using Cisco Defense Orchestrator

 

 

Review Cisco Networking for a $25 gift card