Re: FMC policy migration to FTDs

Aymon Mahmoud · ‎11-18-2025

I'm in the process of migrating from older ASA's to FTD's (1220-CXs). I currently have policies on an FMC. I wanted to know if i can migrate existing policies from the FMC to the FTD's?

I don't want to build out the access policies on the FMC if i can't migrate them to the new FTDs. Or will i need to build out policies across each FTD and then add them to FMC?

Thanks!

Ben Weber · ‎11-18-2025

Hey @Aymon Mahmoud

FMC has a native capability to convert ASA configurations (i.e. objects, policies) into appropriate, relevant FTD configurations. This tool is called FMT.

Refer to this link for a full migration guide using FMT: Migrating Cisco Secure Firewall ASA to Cisco Secure Firewall Threat Defense with the Migration Tool - ASA to Threat Defense Migration Workflow [Cisco Secure Firewall ASA] - Cisco

Good luck!

- BW
Please rate posts if they have been helpful.

Aymon Mahmoud · ‎11-18-2025

Hello Ben,

Thanks for the prompt response. I'm aware of the FMT migration tool. However, this tool requires access to a cloud sign in which is not allowed within our environment. Is there an offline version of the FMT tool that is available?

Ben Weber · ‎11-18-2025

Yep, as per this FAQ there is an airgapped FMT tool available. You will have to get in touch with TAC to get it though, as it is not publicly available.

Firewall Migration Tool (FMT) - FAQ - Cisco Community

Let me know if you have any issues getting your hands on it (feel free to PM).

- BW
Please rate posts if they have been helpful.