Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1204
Views
5
Helpful
2
Replies

firepower cutover plan

Go to solution
Abd Mhd
Level 1
Level 1

‎05-15-2018 09:15 AM - edited ‎02-21-2020 07:46 AM

dear all,

as I have to replace two of asa with two of firepower

regardless in configuration issue

can you help in cutover plan to avoid downtime

BR,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marius Gunnerud
VIP
VIP

‎05-16-2018 04:03 AM

 

There will always be a drop in traffic when you migrate. however this can be minimized in certain situations.  So there are two ways you can do this.  First you can do a clean cutover, or you can migrate in phases (ASA and FTD are online parallel). 

For a clean cutover do the following:

1. migrate configuration from ASA to FTD

2. connect FTD to the network (remember to keep the interfaces in a shutdown state either on the FTD or on the switch it connects to or you will have IP address conflicts)

3. Shutown interfaces going to ASA

4. No shutdown interfaces going to FTD

5. check connectivity and troubleshoot if needed

 

For running in parallel:

1. migrate configuration from ASA to FTD

2. Change interface IPs on FTD (IPs should be in the same subnet and VLANs as the IPs on the ASA)

3. connect FTD to the network

4. Change default gateway on PCs and/or servers  (when doing this, if you have webservers you would need to take into account that you might need to migrate the public IPs at the time of migration unless you are also able to allocate a new IP and just update DNS)

5. check connectivity and troubleshoot if needed

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

2 Replies 2

Go to solution
Florin Barhala
Level 6
Level 6

‎05-16-2018 12:05 AM

First of all, can you detail HW and SW for old models and new models?
0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP

‎05-16-2018 04:03 AM

 

There will always be a drop in traffic when you migrate. however this can be minimized in certain situations.  So there are two ways you can do this.  First you can do a clean cutover, or you can migrate in phases (ASA and FTD are online parallel). 

For a clean cutover do the following:

1. migrate configuration from ASA to FTD

2. connect FTD to the network (remember to keep the interfaces in a shutdown state either on the FTD or on the switch it connects to or you will have IP address conflicts)

3. Shutown interfaces going to ASA

4. No shutdown interfaces going to FTD

5. check connectivity and troubleshoot if needed

 

For running in parallel:

1. migrate configuration from ASA to FTD

2. Change interface IPs on FTD (IPs should be in the same subnet and VLANs as the IPs on the ASA)

3. connect FTD to the network

4. Change default gateway on PCs and/or servers  (when doing this, if you have webservers you would need to take into account that you might need to migrate the public IPs at the time of migration unless you are also able to allocate a new IP and just update DNS)

5. check connectivity and troubleshoot if needed

--
Please remember to select a correct answer and rate helpful posts
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card