Showing results for 
Search instead for 
Did you mean: 


Migrate Firepower Management Center from one global domain to multiple domains

I am trying to move to multi-tenancy with our Firepower system because it has been decided that different groups need different access at this point. I have not been able to find much documentation on migrating this way. I do see that I need to remove all of the VPN connections before I can even begin. But I was wondering what the best approach would be on the initial migration. Do I migrate all devices into one leaf then create a second leaf and migrate the devices to the new leaf for the ones that I want to separate? Or do I create two leafs and then migrate the devices to them? I don't think that I can do that because once there is a leaf, from my understanding of the documentation, you can't have any devices in global. Or is it preferred to create both leafs at the same time and put the devices you want in each one? Anther point is on the remote access VPN, can I just remove the assignment for the device and re-add after the migration? And can I just remove the device assignments on the site-to-site VPN configs and just re-add the devices after? Can I wait on deploying everything until after the full migration of the system to multi-tenancy or do I need to do it in steps? and if I need to do it in steps where do I need to deploy the changes at what times?

I found this request for enhancement to move objects between domains to make migration possible with minimum amount of pain.

I'm trying to move to multi tenancy to allow admin in each domain separately & have a TAC case with Cisco as there does NOT appear to be any documentation on how to achieve this. Looks like Cisco expected that decision when FMC is built


Anyone have any info on this ?