Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1536
Views
0
Helpful
5
Replies

Registering FTD (FDM) to FMC

Not applicable

‎08-03-2017 01:57 PM - last edited on ‎03-12-2019 02:46 AM by

Hi, I know there have been some posts similar to this, but I couldn't find the one that exactly fits my scenario.

I recently upgraded my ASA to unified FTD image. I am locally managing FTD with FDM and configured basic ACLs, static routes and basic inside-outside NAT going for initial internet access for users.

I also have FMC with no configuration and I'm planning on applying defualt 'base policy' when I'm registering FTD to FMC.

My concern is, I'm not sure when registering, my locally created ACL(under Policies->Access Control), static routes, NAT, port configuration will be wiped and users will lose access internet/servers until I re-configure all those again through FMC. 

Labels:
0 Helpful
5 Replies 5

Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-03-2017 07:05 PM

When you change an FTD device from local management (FDM) to FMC management all policies are wiped out.

Unfortunately that's a constraint of the system design at this point (i.e. as of 6.2.x).

0 Helpful

Not applicable
In response to Marvin Rhoads

‎08-04-2017 08:36 AM

are the static routes, interface configuration wiped, as well?

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to

‎08-04-2017 08:59 AM

I haven't had a chance to test that so I'm not sure.

I've been told by Cisco staff that everything beyond the initial bootstrap settings are removed.

I'd say it would be a good lab study (or worth a TAC case if you can't lab it).

0 Helpful

Amjad_Khan
Level 1
Level 1
In response to Marvin Rhoads

‎03-08-2018 07:51 AM

Marvin,

 

Can you confirm if this is still valid. Can you provide a link that explains this. Thanks. 

0 Helpful

dbogdan
Level 1
Level 1
In response to Amjad_Khan

‎09-02-2021 08:02 AM

I'm in the same boat.  I opened a TAC case and they are not very helpful.  I'm in the situation to where the ASA has a basic configuration from the setup routine, but there are no routes.  I can ping the device from my FMC, but cannot ping from the ASA to the FMC, because there is no route.  If I use the local UI to configure,  that works, but as soon as I revert to adding the FMC, those routes are wiped and I'm back to square one.   FMC gives me a very generic response on why it can't register it.  I'm guess, that because there is no route the conversation is one direction, meaning the ASA can't reply to the registration process.

 

Any help would be greatly appreciated.

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card