04-11-2023 07:27 PM
Hi
Im tasked to move an HA 4115 FTD to a new FMC. We are going from Physical to Virtual so sadly this does not comply with the supported fmc model migration path shown here:
Instead I would need to break HA and join the secondary FTD to the new FMC and configure manually the interfaces and routes. This is based in the following post:
Just to be clear im not missing anything. This firewalls contains over 20 site to site vpns and several anyconnect portals. Does this migration include re-configuring these vpns manually in the new FMC?
Thanks
04-11-2023 07:30 PM
what is the version of FMC and FTD running ?
04-11-2023 07:35 PM
7.0.4 both FMC/FTD
04-12-2023 12:28 AM
As per i know that is not support virtual to Azure and other
My suggestion is to install the new appliance and configure it offline (if you looking to use the same IP address) - if a different IP address is easy for Migration.
Follow the below guides :
https://antonioyan.wordpress.com/2021/10/05/how-to-migrate-fmc-to-a-new-hardware-appliance/
04-12-2023 05:35 AM
Thanks!
But these guides do not apply to my scenario since im migrating from pyshical to virtual. if it were from virtual to physical or to a higher capacity FMC it would work using the migration script.
04-12-2023 06:22 AM - edited 04-12-2023 06:23 AM
There is a script on FMC that allows you to "fool" the system into thinking it is a different model. If you use that, you can then use the FMC model migration tool.
A couple of threads have previously described this method and I have used it personally a couple of times successfully.
https://community.cisco.com/t5/network-security/replace-old-fmc-2000-to-new-fmc-1600/m-p/4621736
https://community.cisco.com/t5/network-security/migration-from-vfmc-to-fmc-appliance/td-p/3680345
04-12-2023 06:41 AM
Thanks!
This is the workaround i was looking for.
But my original question still stands. If i were to migrate the FMC withhout using this script. Would I need to migrate all the vpn configuration manually?
04-12-2023 06:51 AM
You're welcome.
If you don't use the script you would indeed need to rebuild everything manually.
04-12-2023 08:05 AM
oh i was thinking other way around, as suggest @Marvin Rhoads script should do your work.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide