cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4113
Views
5
Helpful
2
Replies

Migrating ASA to FTD with high Availability and without FMC

jhontoc24
Level 1
Level 1

Dear Team

We are in the process of migrating our legacy Active/Standby ASA 5512X to a new FTD ASA 5516-X with firepower and base license.

is it possible to configure Active/Standby HA with firepower device manager only without installing firepower manager center? Because we don't have a server with a resource to install the FMC only I have my laptop with an FMC demo for the first implementing but after the post-installation, I carry on my laptop.

in addition, the legacy ASA has 600 lines of ACLs, so to convert from ASA to FTD we need a firepower migration tool but it only supports with FMC again.

is there another available tool to convert from ASA to firepower?

Best regards,

Jhon

 

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

As of 6.3 (released December 2018) you can use FDM to configure an HA pair of FTD devices.

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/630/relnotes/firepower-release-notes-630/new_features.html#concept_D3A005FB2B0E45BBBDF5392C4D1DD138

 

However if you want to use the migration tool then you need to have FMC. It works via pushing the output as policies to FMC via API. You then deploy those policies to the managed device(s). There's no other automated method or tool as far as I know.

View solution in original post

2 Replies 2

Sheraz.Salim
VIP Alumni
VIP Alumni

FTD 5516-X can be configured as Stand alone without FMC. however, if you want to configure the HA FTD in that case you need a FMC.

 

check this post too. very useful

 

Reference from https://community.cisco.com/t5/firepower/features-sacrificed-if-asa-ftd-without-fmc/td-p/3176233

FMC_WIHOUT.PNG

 

please do not forget to rate.

Marvin Rhoads
Hall of Fame
Hall of Fame

As of 6.3 (released December 2018) you can use FDM to configure an HA pair of FTD devices.

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/630/relnotes/firepower-release-notes-630/new_features.html#concept_D3A005FB2B0E45BBBDF5392C4D1DD138

 

However if you want to use the migration tool then you need to have FMC. It works via pushing the output as policies to FMC via API. You then deploy those policies to the managed device(s). There's no other automated method or tool as far as I know.

Review Cisco Networking for a $25 gift card