I'll be doing a migration from a pair of 5520's in active/standby to 5520-X's. My firewall knowledge is very rusty so I have a few basic questions.
1. I'm going from asa firmware 8.4 to 9.8. Will this be a simple copy and paste job or will i come across any command config issues?
2. Can the public and private certificates be copied and pasted over too? Will they simply work as long as I have the same hostname and ip addresses or will i need to generate new public certificates? (a guide on how to do this would be great)
3. I will be configuring and firepower module and AMPS on top for the new firewalls. Never done this. Is this easy enough to do? or should I expect to experience a lot of pain?
4. Anything else i should be weary of before attempting this huge feat? :)
Thanks for the reply.
Would it just be easier if I copied the 8.4 config to an ASA 5520, then upgraded to the last version of ASA which is 9.1 on the 5520 and then pasted this into the 5525X with ver 9.8? I read somewhere there were some ACL changes but i cant remember what version.
You may be thinking of 9.0(1) which changed the ACL syntax slightly to unify IPv4 and IPv6 ACLs.
So if you upgrade the old ASA to 9.0 you should then be able to paste the config directly into the new 5525-X.
Firepower is a separate undertaking but a basic setup is pretty easy. Just read through some of the getting started guides, Cisco Live presentations and the many how to videos on youtube and sme blogs (labminutes.com and network-node.com are particularly good).