Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
952
Views
0
Helpful
8
Replies

Moving HA 4115 FTD to new FMC

gihernandezn91
Level 1
Level 1

‎04-11-2023 07:27 PM

Hi

Im tasked to move an HA 4115 FTD to a new FMC. We are going from Physical to Virtual so sadly this does not comply with the supported fmc model migration path shown here:

https://www.cisco.com/c/en/us/td/docs/security/firepower/fmc_model_migration/b_FMC_Model_Migration_Guide/about_fmc_model_migration.html#id_111597

Instead I would need to break HA and join the secondary FTD to the new FMC and configure manually the interfaces and routes. This is based in the following post:

https://community.cisco.com/t5/security-blogs/firepower-threat-defense-ftd-migrations-from-one-fmc-to-another/ba-p/3956939

Just to be clear im not missing anything. This firewalls contains over 20 site to site vpns and several anyconnect portals. Does this migration include re-configuring these vpns manually in the new FMC?

Thanks

 

 

0 Helpful
8 Replies 8

balaji.bandi
Hall of Fame
Hall of Fame

‎04-11-2023 07:30 PM

what is the version of FMC and FTD running ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

gihernandezn91
Level 1
Level 1
In response to balaji.bandi

‎04-11-2023 07:35 PM

7.0.4 both FMC/FTD

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to gihernandezn91

‎04-12-2023 12:28 AM

As per i know that is not support virtual to Azure and other 

My suggestion is to install the new appliance and configure it offline (if you looking to use the same IP address) - if a different IP address is easy for Migration.

Follow the below guides :

https://www.cisco.com/c/en/us/td/docs/security/firepower/fmc_model_migration/b_FMC_Model_Migration_Guide/migrate_your_fmc.html

https://antonioyan.wordpress.com/2021/10/05/how-to-migrate-fmc-to-a-new-hardware-appliance/

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

gihernandezn91
Level 1
Level 1
In response to balaji.bandi

‎04-12-2023 05:35 AM

Thanks!

But these guides do not apply to my scenario since im migrating from pyshical to virtual. if it were from virtual to physical or to a higher capacity FMC it would work using the migration script.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to gihernandezn91

‎04-12-2023 06:22 AM - edited ‎04-12-2023 06:23 AM

There is a script on FMC that allows you to "fool" the system into thinking it is a different model. If you use that, you can then use the FMC model migration tool.

A couple of threads have previously described this method and I have used it personally a couple of times successfully.

https://community.cisco.com/t5/network-security/replace-old-fmc-2000-to-new-fmc-1600/m-p/4621736

https://community.cisco.com/t5/network-security/migration-from-vfmc-to-fmc-appliance/td-p/3680345

 

0 Helpful

gihernandezn91
Level 1
Level 1
In response to Marvin Rhoads

‎04-12-2023 06:41 AM

Thanks!

This is the workaround i was looking for.

But my original question still stands. If i were to migrate the FMC withhout using this script. Would I need to migrate all the vpn configuration manually?

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to gihernandezn91

‎04-12-2023 06:51 AM

You're welcome.

If you don't use the script you would indeed need to rebuild everything manually.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to gihernandezn91

‎04-12-2023 08:05 AM

oh i was thinking other way around, as suggest @Marvin Rhoads  script should do your work.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card