Hello Marvin,

The tool you pointed out worked very well and brought me to v9.2(1).

I was trying to do it myself in Perl - had trouble with a lot of corner cases, and the scripts kept growing.

Indeed, the interfaces assignation (and bundling into port-channels) are done from the chassis.

Fixing the subinterface names & cleanup was trivial.

I will also look up the tools at tunnelsup.

Thank you very much for your help !!!

Thank you Marvin.

Hello Marvin

Migration from FWSM  to  Firepower 9300 FTD 6.1.

I have a very big configuration file any advice or thoughts. 

thanks

Yes, that can be done also. I'd recommend the following:

1. Work with your Cisco SE or a partner (if you aren't already one) to run things through FWM tool. Scrub things with tunnelsup and an experienced eye to review it all.

2. There is another brand new partner / internal tool for migration from ASA to FTD.

If it's part of a large deal you may even be able to convince Cisco to give you a loaner 5585-X to vet the ASA migration prior to moving it onto FTD.

Hello Marvin,

I have FWSM module on 6500 switch. I need to upgrade FWSM to firepower 4140. please I need your recommendation on this .

much appreciated.

thanks,

Haitham Jneid

Hello,

We are planning to migrate from

=======================================================================

Cisco Adaptive Security Appliance Software Version 9.1(5)1

Device Manager Version 7.4(2)

Compiled on Fri 04-Apr-14 16:15 PDT by builders

System image file is "disk0:/asa915-1-smp-k8.bin"

Config file at boot was "startup-config"

hqasasmfw01 up 51 days 15 hours

failover cluster up 51 days 15 hours

Hardware:   WS-SVC-ASA-SM1, 24576 MB RAM, CPU Xeon 5600 series 2000 MHz, 2 CPUs (24 cores)

Internal ATA Compact Flash, 8192MB

BIOS Flash M25P32 @ 0x0, 64KB

====================================================================================

Model Cisco Firepower Management Center 3500 (66)

To Firepower 6.0.1.1-1023

Can you provide some guidance on what is the best way to approach this.

Thank you,

Geoffrey Zakayo

Sr. Cloud & Data Center Engineer

Kelly Services

Cell: 425.753.4379 | Email: GEOZ905@kellyservices.com

hi marvin,

i used this tool before few years ago on a 5510 8.2 > 5525-X 9.x but it only had a handful NAT and ACL to be converted, so it's still manageable.

i have an ASA 5520 8.2 config to convert a 9.1 (for a 5555-X) using the FWM tool but this time it has a lot of NAT/ACL config which manual conversion isn't going to be practical (using the tunnelsup.com tool). and given only a few days to get this done (closing projects before 2018 ends).

my question is, how accurate is the FWM tool given with a lot of 8.2 NAT/ACL to convert? is it 100%

did you run into a problem where a NAT or ACL was converted wrongly (or missed)?

I've not had any issue with the FWM tool's migration accuracy. That said, I've only done about 5-6 migrations using it so I have a limited sample size. I've not done any huge (e.g., 10,000+ line configuration files) with it. My customers tend to have smaller configurations.

thanks marvin!

i would say the 8.2 ACL/NAT config would not exceed 100+ lines. so i'm quite hesitant using this tool.

but there's also time constraint, so i'm forced to use this tool.

Good afternoon,

Does anybody still have a copy of the FWM Tool that they could share with me. 

thanks in advance

Ian

FWM was referring to a Cisco portal for staff and partners to use. It was at fwm.cisco.com. However it has long since been deprecated in favor of the Secure Firewall Migration tool. It no longer supports the old ASA Security modules (ASASM). Supported source ASA platforms can be found here:

https://www.cisco.com/c/en/us/td/docs/security/firepower/migration-tool/migration-guide/ASA2FTD-with-FP-Migration-Tool/m-getting-started-with-the-secure-firewall-migration-tool.html#id_70647

The tool is freely downloadable from Cisco.