Solved: Re: How can I Switch from Fdm to Fmc

cemrecanaltinel · ‎12-01-2023

A customer of mine has a Cisco Firepower 1120 firewall. I use FTD via FDM and my customer has a network closed to the internet.
1) He told me that he does not have a license for FDM, he only has a license for FMC, so he can only produce tokens for FMC and Firepower. Is this possible? Can I use one of the Firepower and FMC tokens to register the device to the software manager via FDM?
2) If I want to use FMC instead of FDM on the same physical device, which commands should I apply in FTD? Can you help me?

Rob Ingram · ‎12-01-2023

@cemrecanaltinel if you buy the basic hardware you get the right to use FDM local management without additional cost.

FMC is separate and must be install on a Virtual Machine or dedicated FMC hardware. https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/fmcv/fpmc-virtual/fpmc-virtual-intro.html

If you wish to switch from FDM to FMC management you will have to manually reconfigure the FTD, you cannot migrate the policies.

View solution in original post

Marvin Rhoads · ‎12-01-2023

FDM itself does not require a separate license. As @Rob Ingram noted, FMC does require a license for the manager.

Either way, your FTD requires a license (can be several depending on features). Base (free, included), Threat, URL Filtering, Malware, and Secure Client (previous AnyConnect) are the basic license types for FTD. FTD licenses can be registered either via FDM or, when used, the managing FMC. In either case the registration is via a token from CSSM (at software.cisco.com) (or, rarely, via Permanent License Registration (PLR) for Cisco-approved accounts only).

View solution in original post

Rob Ingram · ‎12-01-2023

@cemrecanaltinel if you buy the basic hardware you get the right to use FDM local management without additional cost.

FMC is separate and must be install on a Virtual Machine or dedicated FMC hardware. https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/fmcv/fpmc-virtual/fpmc-virtual-intro.html

If you wish to switch from FDM to FMC management you will have to manually reconfigure the FTD, you cannot migrate the policies.

cemrecanaltinel · ‎12-01-2023

many thanks rob for your reply,Well, as far as I understand, I can use the firepower token for license FDM.

cemrecanaltinel · ‎12-01-2023

many thanks rob for your reply,Well, as far as I understand, I can use the firepower token to license FDM.

tvotna · ‎12-01-2023

I believe that FMT can help you with config migration from FDM to FMC: https://www.cisco.com/c/en/us/td/docs/security/firepower/migration-tool/migration-guide-fdm/fdm-to-threat-defense-using-the-migraton-tool/m-getting-started-with-the-secure-firewall-migration-tool.html

There are limitations though and you need to run latest software versions.

Marvin Rhoads · ‎12-01-2023

FDM itself does not require a separate license. As @Rob Ingram noted, FMC does require a license for the manager.

Either way, your FTD requires a license (can be several depending on features). Base (free, included), Threat, URL Filtering, Malware, and Secure Client (previous AnyConnect) are the basic license types for FTD. FTD licenses can be registered either via FDM or, when used, the managing FMC. In either case the registration is via a token from CSSM (at software.cisco.com) (or, rarely, via Permanent License Registration (PLR) for Cisco-approved accounts only).