03-31-2020 10:07 AM
Does anyone have a tested, validated, and trustworthy migration procedure to convert an FDM-managed FTD appliance to being managed by FMC?
My FMCv is located in AWS. FTD doesn't support management over VPN easily, if at all. I can only manage my FTD devices from their external interface from specific source IPs.
I have a set of deployed FTD devices in London up and running, managed only by FDM. I need to move the management over to FMCv, but based on previous experiences with FTD, I simply do not trust that these devices won't fail and cause significant on-site tech-support to recover.
Also, if the management transfer fails, is there any reason I should not be able to still access FDM from the external interface (since you cannot make local changes outside 'Lina')?
03-31-2020 10:45 AM
There's not currently any Cisco tool or procedure for moving a device configuration from FDM-managed to FMC-managed.
Have you looked into CDO? It can manage multiple FTD devices via their public interface if you use token-based onboarding (6.4 or later) - everything is encrypted in transit via TLS 1.2 as well as at rest. You also get the advantage of object sharing, comparing for inconsistencies, etc.
03-31-2020 10:49 AM - edited 03-31-2020 11:00 AM
Yes, I've been trying to test-drive CDO for 4 months now. I'm not kidding when I say, it seems nobody at Cisco understands how to set this up for me. I've gained access to the CDO Okta portal, but never can get beyond that without going into a fruitless "request access" loop between the portal and the Cisco CDO agents. Nobody seems to have been trained on any of it, and the agents take well over a week to get back to me at times.
I'd also like to add, the "support" link in the CDO welcome portal connects to a mailbox that is no longer monitored. This scares me as a customer, because if that doesn't work, what other major details of CDO have been overlooked?
03-31-2020 11:46 AM
I've found it to be pretty stable and useful. But I have the advantage of being in a beta program and thus have the ear of the beta manager who has access to the developers for the harder questions.
Are you unable to onboard any devices?
03-31-2020 12:08 PM
04-01-2020 07:09 AM
Hi Brian: Appreciate the patience and per our discussion this AM you are now in CDO. If you run into an issue again, please send a note to cdosales@cisco.com and I will get it addressed for you. Note you can also launch support direct from CDO by going to the "?" in top right of page and hitting support.
Thank you
Derek
Derek Young
CDO - Business Development Manager
Cisco Defense Orchestrator
dereyoun@cisco.com
Mobile: 603-312-5385
06-30-2021 09:23 AM
Is it possible to copy objects from FDM to FMC ?
Rest- API ? or Export / Import ?
06-30-2021 10:41 AM
Theoretically you could via REST API. It would be a science devnet project though and not something that's as easy as click, click click done.
There's no Export/Import option.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide