Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
798
Views
0
Helpful
6
Replies

Firewall Migration Tool - Policy+evaluation+failed+for+this+request

chillburgh
Level 1
Level 1

‎01-02-2024 07:46 AM

Hello,

I'm having issues getting the Firewall Migration Tool to run.  I have the Duo app configured as 2FA for my cisco.com profile and that is working to authenticate me into cisco.com.

When I try to install / run the Cisco Firewall Migration Tool it gives me a screen that just says "null" with a URL of:

http://localhost:8888/api/callback?state=63LUWJHTGREWH8YQEY&error=access_denied&error_description=Policy+evaluation+failed+for+this+request%2C+please+check+the+policy+configurations.

I have tried this with FMT versions 5.0-8699 and 5.0.1-9282 with the same result.

2 people had this problem
0 Helpful
6 Replies 6

Ruben Cocheno
Spotlight
Spotlight

‎01-02-2024 07:55 AM

@chillburgh 

Perhaps try on a different OS system MAC/Windows, unless you tested on both already

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-02-2024 08:02 AM

I have heard other people report similar issues.

You should be able to open a TAC case against the FMT using your FMC support contract for entitlement.

0 Helpful

chillburgh
Level 1
Level 1
In response to Marvin Rhoads

‎01-02-2024 08:13 AM

Thanks. I just started with a new company and all of their network equipment is EOL with no active support (hence the need to migrate to a new platform using the FMT).  I spoke with TAC and they told me to post in the community forums for support with the Firewall Migration Tool.

I don't have another OS to run the tool.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to chillburgh

‎01-02-2024 08:20 AM

The new platform you are migrating to doesn't have any support contract? It's very unusual for someone to buy a new firewall or FMC without Smartnet.

0 Helpful

chillburgh
Level 1
Level 1
In response to Marvin Rhoads

‎01-02-2024 08:47 AM

There is no new equipment - everything is EOL. I am evaluating replacement platforms now, and Cisco is not exactly impressing me with experiences like this. 

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to chillburgh

‎01-03-2024 06:41 AM

I se. the SSO in the FMT should be using the Cisco Security Cloud backend service. If you have never used that with Duo, it might be that your user account is not setup correctly.It works fine for me, including MFA using Cisco's Duo instance.

If you have a local Cisco account SE (Systems Engineer - a technical resource who handles presales issues) or partner SE, they may be able to assist in either getting your account setup of logging in on your behalf so that you can run the tool.

FWIW, I have used the FMT on well over a dozen migrations and it works just fine.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card