Solved: Replace FWSM with Firepower Appliance

Scott_22 · ‎02-18-2021

After migrating the configuration from the FWSM module to an FTD appliance, is there a specific process that needs to be followed so the traffic no longer flows to the FWSM? Is there a shutdown command, or do I simply shutdown each interface?

Marvin Rhoads · ‎02-19-2021

You can and should shut down the module.

hw-module module <module number> shutdown

Typically the FWSM had an association with the IOS-defined VLANs and was also the gateway for one or more subnets.

Assuming you have shutdown the L3 interfaces on the FWSM because you have moved them to FTD, you should still remove the VLAN associations in the IOS configuration.

no firewall module <module number> vlan-group <group number>
no firewall vlan-group <group number> <included VLANs>

View solution in original post

Marvin Rhoads · ‎02-19-2021

You can and should shut down the module.

hw-module module <module number> shutdown

Typically the FWSM had an association with the IOS-defined VLANs and was also the gateway for one or more subnets.

Assuming you have shutdown the L3 interfaces on the FWSM because you have moved them to FTD, you should still remove the VLAN associations in the IOS configuration.

no firewall module <module number> vlan-group <group number>
no firewall vlan-group <group number> <included VLANs>

Scott_22 · ‎02-19-2021

Exactly what I was looking for. Thank you!