cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6209
Views
15
Helpful
7
Replies

From FDM to FMC Conversion

Does anyone have a tested, validated, and trustworthy migration procedure to convert an FDM-managed FTD appliance to being managed by FMC?

 

My FMCv is located in AWS. FTD doesn't support management over VPN easily, if at all. I can only manage my FTD devices from their external interface from specific source IPs.

I have a set of deployed FTD devices in London up and running, managed only by FDM. I need to move the management over to FMCv, but based on previous experiences with FTD, I simply do not trust that these devices won't fail and cause significant on-site tech-support to recover.

Also, if the management transfer fails, is there any reason I should not be able to still access FDM from the external interface (since you cannot make local changes outside 'Lina')?

RFC 1925
7 Replies 7

Marvin Rhoads
Hall of Fame
Hall of Fame

There's not currently any Cisco tool or procedure for moving a device configuration from FDM-managed to FMC-managed.

Have you looked into CDO? It can manage multiple FTD devices via their public interface if you use token-based onboarding (6.4 or later) - everything is encrypted in transit via TLS 1.2 as well as at rest. You also get the advantage of object sharing, comparing for inconsistencies, etc.

Yes, I've been trying to test-drive CDO for 4 months now. I'm not kidding when I say, it seems nobody at Cisco understands how to set this up for me. I've gained access to the CDO Okta portal, but never can get beyond that without going into a fruitless "request access" loop between the portal and the Cisco CDO agents. Nobody seems to have been trained on any of it, and the agents take well over a week to get back to me at times.

 

I'd also like to add, the "support" link in the CDO welcome portal connects to a mailbox that is no longer monitored. This scares me as a customer, because if that doesn't work, what other major details of CDO have been overlooked?

RFC 1925

I've found it to be pretty stable and useful. But I have the advantage of being in a beta program and thus have the ear of the beta manager who has access to the developers for the harder questions.

Are you unable to onboard any devices?

Actually, I can't even get access to the CDO portal, and nobody from Cisco so far has been helpful to get may account associated.
RFC 1925

Hi Brian:   Appreciate the patience and per our discussion this AM you are now in CDO.   If you run into an issue again, please send a note to cdosales@cisco.com and I will get it addressed for you.  Note you can also launch support direct from CDO by going to the "?" in top right of page and hitting support.

 

Thank you

Derek

 

Derek Young
CDO - Business Development Manager
Cisco Defense Orchestrator
dereyoun@cisco.com
Mobile: 603-312-5385

Is it possible to copy objects from FDM to FMC ? 

 

Rest- API ? or Export / Import ?

Theoretically you could via REST API. It would be a science devnet project though and not something that's as easy as click, click click done.

There's no Export/Import option.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: