cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3740
Views
0
Helpful
8
Replies

how to change sfo file after using firepower migration tool

I am converting ASA to firepower. The problem is that I need to remove the zones and int ip addresses from the original config as they are being removed and replaced with a new ip schemes. 

Is there a way to edit the new sfo file to add the new int ip addresses?

8 Replies 8

khalid.meraj
Level 1
Level 1

i don't believe there is any way doing it. Until and unless you are very good with REST-API and from there you can update your bulk of policies and objects using python scripts.

walter baziuk
Level 5
Level 5

i have the same issue

 

after migrating the the FMC/FTD model i have lost functionality

 

object and policies were easy to in CLI

 

with FTD/FMC, no more CLI "conf t" allowed

 

a group of  objects took me seconds to deploy in CLI, now they can many minutes  per object

 

there is no means to see the config as in CLI

now it just outputs SFO file which i cant open

 

this direction by Cisco is POOR and might make me move to another OEM

You can still see the running-config in FTD. Just "show running-config" from the cli. You just cannot makes many changes that way.

 

I agree deployments are (too) slow! Keep giving that feedback to Cisco - I know they have been working on it but the more customers that complain, the higher priority a fix it will be.

Hi @Marvin Rhoads We are facing lot of complaints from customer regrading below issues. Is there any forum to report these kind of issues to enhance. 

Deployment time, Search time, No live logs, MFA for VPN (integration to thirdparty MFA servers) etc.

 

HTH

Abheesh

There's no public forum.

 

I recommend contacting your Cisco account manager or partner account manager. If you are a partner, also be sure to attend the partner training sessions given by the product TMEs and/or the bi-annual Security SEVT and be sure to bring up your feedback there.

 

Also, if you attend any Cisco Live, go up to the product reps and speak with them directly. What they hear there goes directly into the business unit in helping prioritizing work going forward.

Thank you

Hello Marvin

 

I did that this year @ CL18 in Orlando.

 

I spoke to 6-10 different people TAC, BU,  ASA session, LABS etc

all CISCO employee agree with what i told them.

 

now is 6 months after talking

i asked my SE about the updated for ASA FTD/FMC. Everything thing that i asked, was NOT in the new asa update.

 

poor support from asa  BU (;

 

 

k.nandakumar
Level 1
Level 1

There is no documented way to modify the SFO file. 

These are the two below Option which i think possible, both required manual effort. 

 

Option 1: Modify in .cfg file before importing to migration tool.

You may change the IP address on the .cfg file (Config of ASA) before importing to Migration tool. 

 

Option 2: Modify the Interface IP on FMC

Once you import the SFO file to FMC and assigned to an FTD, you can go to Device setting and modify manually. 

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: