Re: Firewall Migration Tool

Colby LeMaire · ‎10-11-2023

Migrating ASA 8.4(7) to FMC 7.2(5) using the Firewall Migration Tool. Tried both version 5.0.0 and 4.0.3. Manually uploading the ASA config file from show running-config. It stays stuck at "Parsing in progress. Please refer to console logs for more details." I let it sit there for about an hour and nothing happens. The logs do not show any errors or anything. Windows 10 x64 with Chrome as default browser. Config file is ".txt" and starts with "ASA Version 8.4(7)" and ends with ": end" just after the checksum. Verified that there are no "<more>" lines. I used Putty to grab the config and set "pager lines 0" before running the "show running-config" command. Copied the configuration to Notepad and saved as a text file. Tried running the tool as Administrator as well. Same result. Cleared browser history, cookies, etc. Screenshot of the error is attached. Also, the log is attached. Any help would be greatly appreciated!

Regards,

Colby

Marvin Rhoads · ‎10-11-2023

As long as it meets these requirements it should work:

https://www.cisco.com/c/en/us/td/docs/security/firepower/migration-tool/migration-guide/ASA2FTD-with-FP-Migration-Tool/m-getting-started-with-the-secure-firewall-migration-tool.html#Cisco_Reference.dita_8ae4e384-0fc1-46d9-aa9b-eab32a4c22f3

Have you tried an alternate ASA config to ascertain whether it is the tool instance vs. the ASA config file at hand?

Colby LeMaire · ‎10-12-2023

Thank you for the reply Marvin! I did verify the requirements in the link you sent. Everything is good. I also tried to trim the configuration file down to a basic configuration and it behaves the same way. No errors or anything in the console logs. Just hangs. I tried running the tool as Administrator and even tried to disable the Windows Defender firewall. Again, just hangs with no errors. I did remove the version information from the config file just as a test and sure enough, it errors out and complains that the version information is missing. Do you have an idea of how long it could take on average for the parsing process? I tried letting it sit for a couple of hours but nothing. Am I just not waiting long enough? Again, this is only for the parsing of the ASA config after uploading it.

Regards,

Colby

Marvin Rhoads · ‎10-13-2023

Parsing an ASA config - even one with 2-3k lines - usually takes only a minute or less. I've done over a dozen and don't think I've ever seen it take over 2 minutes.

Colby LeMaire · ‎10-24-2023

Update - I was able to get the configuration to upload/parse. The issue was related to the first few lines of the config. Following is what the config header was initially and did not work:

Old ASA Config Header (DOES NOT WORK!):

: Saved

: Written by enable_15 at 13:06:38.846 CDT Mon Oct 23 2023

!

ASA Version 8.4(7)

!

New ASA Config Header (DOES WORK!):

: Serial Number: JMXxxxxxxxxx

: Hardware: ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1600 MHz

:

!

ASA Version 8.4(7)

!

I guess the tool wants to see the hardware information in there.

Hope this helps someone else out there banging their head on their desk!

Regards,

Colby