Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1064
Views
15
Helpful
3
Replies

PIX to FTD

kostasthedelegate
Level 4
Level 4

‎05-06-2021 11:52 PM

Hello, 

 

I have a PIX-515E and I will install a new Firepower managed locally. 

 

Is there any possibility for automated migration or the only solution is the manual one. 

 

In the manual what should I be aware of?

 

Thanks and regards, 

Konstantinos

0 Helpful
3 Replies 3

Rob Ingram
VIP
VIP

‎05-07-2021 12:14 AM

@kostasthedelegate 

I am not aware of a PIX to FTD migration tool. PIX has been EOL for a long time.

Potentially you could migrate PIX to ASA, then use the FMT to migrate ASA to FTD...but realistically it might just be quicker to manually configure the FTD.

 

Pix to ASA migration information https://www.cisco.com/en/US/docs/security/asa/migration/guide/pix2asa.html#wp279448 (I don't believe the migration tool is even available on cisco website any longer, you might be able to google it). 

 

balaji.bandi
Hall of Fame
Hall of Fame

‎05-07-2021 05:15 AM

PIX to FTD - very Long Journey like 15 years going back.

 

If not big and mass access line, i make advantage of install new FTD, manually create and make or remove redundant rules ? so your new setup is tidy and neat moving forward.

 

PIX- ASA - FTD manythings changed, i do not see its is straight forward work.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-07-2021 08:33 AM

I would generally agree than a manual configuration is the way to go. Too many things have changed to rely on tool-based migration even if you could do it.

If you are really determined, an older ASA 5500 series could potentially load a Pix config into a post-8.3 version so that pre-8.3 NAT rules are converted. You could then load the converted config into an ASAv (trial license) with 9.x and finally use CD) (another trial license) to pull the config from ASAv into FTD (managed locally with FDM but temporarily using CDO trial license as well).

That's not a path I'd recommend but it is technically possible - it's more of a "Rube Goldberg" solution and making it happen would be time better spent analyzing and migrating the configuration manually.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card