Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
84
Views
0
Helpful
1
Replies

Migration using FMT with different FMC

dimdim12
Level 1
Level 1

‎11-28-2025 01:39 AM

Hello everyone,

I’m currently performing a migration from Cisco ASA with FirePOWER Services (ASA + SFR) to Cisco FTD using the Secure Firewall Migration Tool (version 7.7.10.4), and I’ve run into a limitation that I’m not sure how to properly handle.

Environment

  • Source Firewall: ASA with FirePOWER Services

  • Source FMC (managing the SFR module): FMC version 7.2

  • Target Firewall: FTD (already deployed and registered)

  • Target FMC: FMC version 7.6

  • ASA currently handles:

    • Site-to-Site IPSec VPN

    • Gateway interfaces

    • Routing

    • DHCP server

Issue

When selecting the FMC during the migration process, the tool displays the message:

“The Source and the Target FMC has to be the same FMC unit.”

dimdim12_0-1764322719190.jpeg

This means I cannot select the new FMC (7.6) where my FTD is currently registered.
If I choose “Proceed without FTD”, the tool warns that interfaces, routing, and S2S VPNs will not be migrated, which is a critical requirement for my environment.

Questions

  1. Is it supported to temporarily unregister the FTD from FMC 7.6 and register it to FMC 7.2 only for the purpose of running the migration?

  2. After the migration and deployment are completed, can I safely unregister the FTD from FMC 7.2 and register it back to FMC 7.6 without losing the migrated configuration?

  3. Is there any official Cisco documentation confirming this workflow?

  4. Is there a recommended or alternative best practice for this scenario when the source and target FMC versions are different?

Any guidance or best practices from the community would be highly appreciated.
Thank you!

0 Helpful
1 Reply 1

sakathik
Cisco Employee
Cisco Employee

‎11-28-2025 06:18 AM

This is the default behavior of FMT, where the source and target FMC must be the same device.

Please refer to the ASA with FPS migration workflow guide:
https://www.cisco.com/c/en/us/td/docs/security/firepower/migration-tool/migration-guide-fps/fmt-migration-guide-asa-fps/asawithfps2ftd-with-fp-migration-tool/b_Migration_Guide_ASA2FTD_chapter_0111.html#id_68145

It is not recommended—and generally not supported—to temporarily unregister an FTD from FMC 7.6 and register it to an older FMC version (such as FMC 7.2), even for migration or FPS-policy mapping. Doing so may cause registration failures, version incompatibilities, or unsupported behavior.

As a workaround, please migrate the ASA configuration to the target FMC/FTD and then manually configure the FPS rules on the FMC/FTD.

Note that device-level configurations (Interfaces, Routes, S2S VPN, DHCP, and SNMP) will not be migrated if the ‘without FTD’ option is used.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card