cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2661
Views
0
Helpful
6
Replies

Move configuration from one FTD interface to another (same FTD)

John Hinckley
Level 1
Level 1

Greetings,

 

I have an FTD 1140 that is already configured etc but I need to turn up a new internet connection on one of the other interfaces (fiber hand off so I need SFP) and it needs to become my new edge/outside interface.  Is it at all possible to move the related configuration from the old outside ifc (copper) to the new (SFP)?  In the past I've had to rebuild almost everything from scratch when this happens.  

 

Both FMC and FTD are running version 6.6.1.  

 

TIA!

 

-John

1 Accepted Solution

Accepted Solutions

John-

Everything that you mentioned above (ACL, NAT and VPN) is all based on zones and not individual interface. Thus, all you should not need to do is add your new interface to the appropriate zone, give it its basic config (IP, mask, etc.), and the remove the existing interface that you are re-purposing from that same zone. 

Thank you for rating helpful posts!

View solution in original post

6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

Suggest to take backup first 

 

1. when you move the interface config, you need to move the related config also (or associated rules)

2. if that is part of the zone that should work as expected.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thanks but this doesn't really answer my question. 

 

I need to know if there is a way for me to move the related config to the new interface without having to do it manually.  By manually, I mean having to migrate all of the individual configurations that are tied to the existing interface, including the SSL and L2L vpn configurations etc.  If I have to do it manually then there is no point in exploring this discussion any further because I already know how to do that.  

 

Thanks,

-John

Sure  - and i do not believe or known myself any mechanism that moves all related config (by automatically as magic) when you move the interface ( or maybe available I have not tested).

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

It seems crazy to me that an interface configuration can't be re-homed to another interface.  What happens when someone encounters a a situation like mine where they can't use the old interface for their internet handoff?  The only option is to rebuild *everything* manually on the new interface?  That is absurd.  

 

On an ASA it's stupid easy from manual:

 

- Turn up new interface

- Edit default route to point at new GW IP

- Edit NAT statements using find/replace with old/new interfaces

- Change ACL, access-group statement to use new interface

- Change crypto map statement to use new interface

- Reenable webvpn on new interface

- Done

 

I can do all this ^ in about 10 minutes or less.  There is no comparable method in FMC that I know of to make these kind of changes in a reasonable amount of time.  I feel like we are going backwards.  

 

Thanks,

-J

John-

Everything that you mentioned above (ACL, NAT and VPN) is all based on zones and not individual interface. Thus, all you should not need to do is add your new interface to the appropriate zone, give it its basic config (IP, mask, etc.), and the remove the existing interface that you are re-purposing from that same zone. 

Thank you for rating helpful posts!

Nspasov,

 

I figured if there was a solution it would involve zones.  This is exactly what I was looking for.  Thank you so much for saving me a headache! 

 

Cheers,

-John

Review Cisco Networking for a $25 gift card