Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
660
Views
2
Helpful
3
Replies

Migration ASA to FTD

KayaaKashyap
Level 3
Level 3

‎01-27-2026 04:08 AM

Hi, 
Please suggest migration tool, prerequisite and how effective it is in production environment.

current : ASA5545

new : FTD3210 (Locally managed or Cisco Security cloud control managed, both option i want to explore).

also I want to know can we migrate configuration from FDM to Cisco security cloud control via any tool or by exporting and importing? 

 

0 Helpful
3 Replies 3

nspasov
Cisco Employee
Cisco Employee

‎01-28-2026 05:28 AM

Have you explored the Secure Firewall Migration Tool:

https://www.cisco.com/site/us/en/products/security/firewalls/secure-firewall-migration-tool/index.html

This is the official documentation with all of the supported migration scenarios: https://www.cisco.com/c/en/us/td/docs/security/firepower/roadmap/fp_migration_tool_roadmap.html#Cisco_Concept.dita_d5eb5fda-f2b0-4240-b38d-4e258ccdc99c

Thank you for rating helpful posts!

Thank you for rating helpful posts!

ahollifield
VIP
VIP

‎01-29-2026 08:15 AM

Yeah you can use the FMT but like most automatic migration utilities there is always some manual items and confirmation. A migration like this is also a perfect time to perform a rule audit an clean up as needed. I'm sure your preferred Cisco partner would love to help you with a manual migration as well.

jim65richards
Community Member

‎01-29-2026 09:55 PM

The primary tool for this transition is the Cisco Secure Firewall Migration Tool (FMT). To migrate an ASA 5545 to a new FTD 3120, your prerequisites include ensuring the ASA is running version 8.4 or later and that you have a target management platform—either an on-premises Firewall Management Center (FMC) or a Cisco Security Cloud Control (formerly Cisco Defense Orchestrator/CDO) tenant. In a production environment, the tool is highly effective for bulk-migrating complex objects, ACLs, and NAT rules, which are the most time-consuming manual tasks. However, it is not "plug-and-play" for everything; you should expect to manually verify and re-configure dynamic routing (OSPF/BGP) and Site-to-Site VPNs, as these often require manual mapping or post-migration tweaks to ensure traffic flow.

Empower-Retirement
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card