Solved: Moving from ASA SourceFire 6.2.2 to FirePower Threat Defense

ammartalal · ‎12-05-2017

We are planning to move from ASA SourceFire 6.2.2 to FirePower Threat Defense.

Our concern

1) AnyConnect

2) Quality of Service

3) NAT

4) IPv6

Are these features supported & What do you advice?

What migration tools should I use? Is there any point to focus on while migrating? Is it going to be automated, or is there any manual procedure included? Could you share any articles that would help in this regards?

Thank you in advance.

mikael.lahtela · ‎12-06-2017

Hi,

Manual migration depends on you ASA today, there is a migration tool.

1. Limitations see:
https://www.cisco.com/c/en/us/td/docs/security/firepower/621/configuration/guide/fpmc-config-guide-v621/firepower_threat_defense_remote_access_vpns.pdf
https://www.cisco.com/c/en/us/td/docs/security/firepower/622/relnotes/Firepower_Release_Notes_622/Firepower_Release_Notes_622_chapter_01.html#topic_cdv_kfy_wy
2. There is QoS support
3. NAT is almost the same as in latest ASA software.
4. There is IPv6 support, but haven't used it live.

Here is a migration documentations from ASA to FTD:
https://www.cisco.com/c/en/us/td/docs/security/firepower/620/asa2ftd-migration/asa2ftd-migration-guide-620/asa2ftd_intro.html

br, Micke

View solution in original post

mikael.lahtela · ‎12-06-2017

Hi,

Manual migration depends on you ASA today, there is a migration tool.

1. Limitations see:
https://www.cisco.com/c/en/us/td/docs/security/firepower/621/configuration/guide/fpmc-config-guide-v621/firepower_threat_defense_remote_access_vpns.pdf
https://www.cisco.com/c/en/us/td/docs/security/firepower/622/relnotes/Firepower_Release_Notes_622/Firepower_Release_Notes_622_chapter_01.html#topic_cdv_kfy_wy
2. There is QoS support
3. NAT is almost the same as in latest ASA software.
4. There is IPv6 support, but haven't used it live.

Here is a migration documentations from ASA to FTD:
https://www.cisco.com/c/en/us/td/docs/security/firepower/620/asa2ftd-migration/asa2ftd-migration-guide-620/asa2ftd_intro.html

br, Micke

ammartalal · ‎12-06-2017

Thank you Micke for the fast response. That was really helpful.

Best regards,

@mikael_Lahtela wrote:
Hi,

Manual migration depends on you ASA today, there is a migration tool.

1. Limitations see:
https://www.cisco.com/c/en/us/td/docs/security/firepower/621/configuration/guide/fpmc-config-guide-v621/firepower_threat_defense_remote_access_vpns.pdf
https://www.cisco.com/c/en/us/td/docs/security/firepower/622/relnotes/Firepower_Release_Notes_622/Firepower_Release_Notes_622_chapter_01.html#topic_cdv_kfy_wy
2. There is QoS support
3. NAT is almost the same as in latest ASA software.
4. There is IPv6 support, but haven't used it live.

Here is a migration documentations from ASA to FTD:
https://www.cisco.com/c/en/us/td/docs/security/firepower/620/asa2ftd-migration/asa2ftd-migration-guide-620/asa2ftd_intro.html

br, Micke