cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

777
Views
5
Helpful
2
Replies
Abd Mhd
Beginner

firepower cutover plan

dear all,

as I have to replace two of asa with two of firepower

regardless in configuration issue

can you help in cutover plan to avoid downtime

BR,

1 ACCEPTED SOLUTION

Accepted Solutions
Marius Gunnerud
VIP Advisor

 

There will always be a drop in traffic when you migrate. however this can be minimized in certain situations.  So there are two ways you can do this.  First you can do a clean cutover, or you can migrate in phases (ASA and FTD are online parallel). 

For a clean cutover do the following:

1. migrate configuration from ASA to FTD

2. connect FTD to the network (remember to keep the interfaces in a shutdown state either on the FTD or on the switch it connects to or you will have IP address conflicts)

3. Shutown interfaces going to ASA

4. No shutdown interfaces going to FTD

5. check connectivity and troubleshoot if needed

 

For running in parallel:

1. migrate configuration from ASA to FTD

2. Change interface IPs on FTD (IPs should be in the same subnet and VLANs as the IPs on the ASA)

3. connect FTD to the network

4. Change default gateway on PCs and/or servers  (when doing this, if you have webservers you would need to take into account that you might need to migrate the public IPs at the time of migration unless you are also able to allocate a new IP and just update DNS)

5. check connectivity and troubleshoot if needed

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

2 REPLIES 2
Florin Barhala
Frequent Contributor

First of all, can you detail HW and SW for old models and new models?
Marius Gunnerud
VIP Advisor

 

There will always be a drop in traffic when you migrate. however this can be minimized in certain situations.  So there are two ways you can do this.  First you can do a clean cutover, or you can migrate in phases (ASA and FTD are online parallel). 

For a clean cutover do the following:

1. migrate configuration from ASA to FTD

2. connect FTD to the network (remember to keep the interfaces in a shutdown state either on the FTD or on the switch it connects to or you will have IP address conflicts)

3. Shutown interfaces going to ASA

4. No shutdown interfaces going to FTD

5. check connectivity and troubleshoot if needed

 

For running in parallel:

1. migrate configuration from ASA to FTD

2. Change interface IPs on FTD (IPs should be in the same subnet and VLANs as the IPs on the ASA)

3. connect FTD to the network

4. Change default gateway on PCs and/or servers  (when doing this, if you have webservers you would need to take into account that you might need to migrate the public IPs at the time of migration unless you are also able to allocate a new IP and just update DNS)

5. check connectivity and troubleshoot if needed

--
Please remember to select a correct answer and rate helpful posts
Create
Recognize Your Peers
Content for Community-Ad