Solved: FTD Migraton Uisng FMC

benolyndav · ‎10-11-2024

Hi

I dont have access to a lab so am asking a couple of questions'

I want to migrate from one FTD to an HA pair, On the FMC thats is currently managing the single FTD there is a sub doamin for the FTD but on the new FMC where I want to migrate the FTD policies to for the new HA pair there is just global domain, will the policy import fail due to this.????

also is it ok if VDB levels dont match ??

Rob Ingram · ‎10-16-2024

@benolyndav I tested the following scenario in my lab. I created a Policy under a custom domain (not Global) and exported that policy. I then deleted all domains, leaving just "Global". I then imported the policy, this was succesfully imported to "Global".

View solution in original post

balaji.bandi · ‎10-11-2024

if i were you, i first take the backup and upload to new environment with FMC and FTD, then check all the configuration working, then you can add them to HA - that is best way to do.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

benolyndav · ‎10-14-2024

@balaji.bandi

How does that work the new FTD will have a different management IP Address, not sure your understanding, we have an existing FTD manged by a FMC, I want o migrate the FTDs configs to anothe FTD manged by another FMC

Rob Ingram · ‎10-14-2024

@benolyndav you could try and export the policies from the current FMC and import to the new FMC, rather than doing a backup and restore of the FMC.

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/admin/710/management-center-admin-71/tools-import-export.html

Liamlucas · ‎10-15-2024

@Rob Ingram wrote:
@benolyndavyou could try and export the policies from the current FMC and import to the new FMC, rather than doing a backup and restore of the FMC.
https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/admin/710/management-center-admin-71/tools-import-export.html

Great point. cleaner and more controlled approach

benolyndav · ‎10-15-2024

@Rob Ingram

Hi Yes tjis is my prefered method, I was wondering on the od FMC its Global domain, then internet sub-domain for internet facing Firewalls, on the new FMC we arent planning a sub domain just global domain would this affect the import of the policies on the new FMC.??

Rob Ingram · ‎10-15-2024

@benolyndav I don't believe so. I do not have access to my lab to check atm, if you wish me to I can test at somepoint?

benolyndav · ‎10-16-2024

@Rob Ingram
Thankyou that would be great

Rob Ingram · ‎10-16-2024

@benolyndav I tested the following scenario in my lab. I created a Policy under a custom domain (not Global) and exported that policy. I then deleted all domains, leaving just "Global". I then imported the policy, this was succesfully imported to "Global".

benolyndav · ‎10-17-2024

Excellent I just tried on our FMCs and worked for me

Thanks

balaji.bandi · ‎10-14-2024

May be that was not clear its going to new IP Address, then in that case i go with suggestion made @Rob Ingram only export policies.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help