Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
99
Views
1
Helpful
0
Replies

Partial Success and Optimize ACL Feature with Firewall Migration Tool

gopaks
Cisco Employee
Cisco Employee

‎05-11-2025 11:49 PM - edited ‎05-12-2025 12:02 AM

Migrating firewall configurations can be a daunting task, especially when dealing with complex policies and large configurations. Cisco's Secure Firewall Migration Tool (FMT) offers a streamlined solution to migrate configurations from various firewalls, including Cisco ASA, Palo Alto Networks, Checkpoint and Fortinet, to Cisco's Secure Firewall Threat Defense (FTD)

Key Features of Cisco's Firewall Migration Tool

  • Comprehensive Migration Support: FMT supports the migration of configurations from Cisco ASA, FDM, and third-party firewalls like Check Point, Fortinet and Palo Alto Networks
  • Validation and Reporting: The tool provides validation throughout the migration process, ensuring that configurations are parsed and pushed correctly. It also offers comprehensive pre and post-migration reports to help users understand what has been successfully migrated and what requires manual intervention

 Partial Success Feature: A new feature has been added as part of the 7.0.1 release and refined with the current FMT 7.7 release. This feature provides an option to continue migration, leaving a set of configurations that may prevent further migration.

To provide more insight, when a bulk configuration push is being done, the migration tool throws a warning, prompting the user to abort the migration to fix the error manually or to continue the migration leaving out the incorrect configurations. The user can choose to view the configurations that have errors and then select Continue with migration or Abort. If "Abort" is selected, the user can download the troubleshooting bundle and share it with Cisco TAC for analysis. While the user continues the migration, the migration tool will treat this migration as a partial success migration. At the end of the migration, the user can download the post-migration report to view the list of configurations that were not migrated due to a push error. This way, a user can continue migrating the major portion of the configuration, leaving the partial config that requires manual intervention post migration.

It has been observed that customers have started benefiting from this partial success feature. Without this feature, these migrations would have been marked as a failure. This feature provides an option for the user to look through and perform manual configuration for a subset of config, instead of starting the migration process from the beginning. This way, the partial success feature reduces the time and effort for a user in starting the migration from the beginning post correcting the source configuration.

Optimize ACL: We are pleased to announce that the optimization feature has been significantly enhanced since its initial release as a Beta version in the 6.0.1 release. With the latest FMT 7.7 release, this feature has been further improved, and the Beta tag has been removed, making it suitable for use in production migration.

This powerful optimization feature is designed to identify redundant and shadow ACLs, allowing for the optimization of ACL rules during the migration process. Additionally, customers have the option to download an optimization report that provides detailed ACL information. This report will help customers identify any rules that were not migrated while utilizing the optimization feature.

Benefits of Using FMT

  • Time Efficiency: The tool automates the parsing and validation of configurations, significantly reducing the time required for migration.
  • Reduced Downtime: By ensuring configurations are validated before deployment, FMT minimizes the risk of operational issues and network downtime during migration.

Cisco's Secure Firewall Migration Tool is a powerful ally in the transition to more advanced firewall solutions, offering both comprehensive support and flexibility to accommodate partial migrations. This ensures that even complex configurations can be migrated with confidence, paving the way for enhanced security and operational efficiency.

A dedicated playlist available on YouTube covering the Migration, Refresh and Upgrade.  Navigate to the following link to access the playlist: https://www.youtube.com/playlist?list=PL_VvDNvGnyZ3UTKMm7CtImSJPsrzRkDCD 

Migration, Refresh, and Upgrade
Migration, Refresh, and Upgrade
youtube.com/playlist?list=PL_VvDNvGnyZ3UTKMm7Ct...
Share your videos with friends, family, and the world
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card