Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1029
Views
0
Helpful
2
Replies

Replacing a FPR 2120 with 2110s: Quick way to copy config across?

matty-boy
Level 1
Level 1

‎01-27-2020 12:08 PM - edited ‎02-21-2020 09:52 AM

Hi,

 

Don't ask why I have to replace a 2120 with a pair of 2110s - it's irrelevant :)

The fact is, that I do indeed need to replace a 2120 with a pair of 2110s.

The current 2120 is locally managed with FDM and the replacement HA pair of 2110s will also be locally managed with FDM.

 

Anyway, to the point..... I'm pretty sure I cannot backup the 2120 and restore that backup onto the 2110s because it is different hardware. Which is annoying.

 

I really don't want to manually create all the objects and NATs on the new FWs. That will be too painful and will take an entire day!

 

Does anyone have any bright ideas on how I can transfer the config with as little effort as possible?

 

Many thanks in advance,

Matt.

 

Labels:
0 Helpful
2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-27-2020 01:47 PM

You could possibly use CDO and at least share the objects in common. It coexists nicely with FDM-based management as both use the Firepower API to interact with the managed devices.

 

0 Helpful

matty-boy
Level 1
Level 1
In response to Marvin Rhoads

‎01-27-2020 03:26 PM - edited ‎01-27-2020 03:48 PM

Hi Marvin,

 

Thank you for the suggestion. I actually stumbled on this link which might do exactly what I'm after....

https://www.cisco.com/c/en/us/td/docs/security/firepower/ftd-api/guide/ftd-rest-api/ftd-api-import-export.html

I'll report back when I've given it a shot....

 

- Update: Exporting the config through the built in API explorer was simple as pie. Results in a zip file containing the text file with all the config in JSON format which you can open and view/edit. Now I have to wait for the 2110s to arrive before I can attempt the import.

 

Cheers,

Matt.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card