Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1053
Views
2
Helpful
3
Replies

Migrate from FTD 2140 to 3110

Go to solution
Arun2022
Level 1
Level 1

‎08-07-2023 03:44 PM

Hi Experts,

I am looking for some options to migrate and FTD 2140 managed by an existing FMC over to a new FTD 3110 which will be managed by a new FMC.

I've been having a look at the migration tool and I see that all the options are only form FDM managed and not an appliance that is already managed by an FMC.

I am having a look at the CDO as well.

Any suggestions are much appreciated.

 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Milos_Jovanovic
VIP Alumni
VIP Alumni

‎08-08-2023 02:13 AM

Hi @Arun2022,

FMT is designed to migrate non-FTD/FMC device to FMC. Migration from FMC to FMC should be much simpler.

What I would do (in high level) would be:

  • Do backup/restore or policies export from existing FMC and import it to new FMC. This would give you all necessary policies and objects that are currently in use. Make sure to export all relevant policies which are in use currently on existing FPR2140.
  • Do initial device registration of new FPR3100 and recommended SW upgrades/patches.
  • Configure manually device configuration on new FPR3100 (e.g. interfaces, zone assignment, routes, etc.), but keep new interfaces in shutdown state (you don't want conflicts on the network).
  • Apply relevant policies to new FPR3100 devices and you are ready for migration (interfaces shut on existing FPR2100, and unshut on FPR3100).

Kind regards,

Milos

View solution in original post

3 Replies 3

Go to solution
Milos_Jovanovic
VIP Alumni
VIP Alumni

‎08-08-2023 02:13 AM

Hi @Arun2022,

FMT is designed to migrate non-FTD/FMC device to FMC. Migration from FMC to FMC should be much simpler.

What I would do (in high level) would be:

  • Do backup/restore or policies export from existing FMC and import it to new FMC. This would give you all necessary policies and objects that are currently in use. Make sure to export all relevant policies which are in use currently on existing FPR2140.
  • Do initial device registration of new FPR3100 and recommended SW upgrades/patches.
  • Configure manually device configuration on new FPR3100 (e.g. interfaces, zone assignment, routes, etc.), but keep new interfaces in shutdown state (you don't want conflicts on the network).
  • Apply relevant policies to new FPR3100 devices and you are ready for migration (interfaces shut on existing FPR2100, and unshut on FPR3100).

Kind regards,

Milos

Go to solution
Arun2022
Level 1
Level 1
In response to Milos_Jovanovic

‎08-08-2023 06:25 PM

Thanks @Milos_Jovanovic, I appreciate your quick response. In an FMC managed FTD is there any way to login to the appliance directly and take a backup of the config (like any other NGFW vendor). I believe this can be done only via external authentication and not using the local admin account. If I can obtain that config, I can still use FMT, upload the config file manually and push it onto the few FTD/FMC.

0 Helpful

Go to solution
Milos_Jovanovic
VIP Alumni
VIP Alumni
In response to Arun2022

‎08-09-2023 12:00 AM

Yes, you can SSH into device, either with local FTD credentials or with AAA account (depending on your setup, but both are possible technically) and issue "show running-config", as you would do it on ASA. You would get ASA-like output. However, I'm not confident that you could re-import that config into FMT again, as concepts are bit different on FTD then on ASA (there is no more interface specific ACL, rather just one, applied globally), so I'm not sure that it would work.

Kind regards,

Milos

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card