Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1063
Views
0
Helpful
4
Replies

Replacing ASA 5525 with 1150

Go to solution
That guy
Level 1
Level 1

‎04-16-2023 01:13 PM

We have two ASA 5525-x firewalls managed using FMC and we're in the process of replacing them with two 1150 firewalls. Our vendor recommended to setup a completely new FMC for the new firewalls since the current FMC setup is quite behind on updates. Is there is any issue with running two FMC concurrently to we fully migrate over to the new firewalls?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP
In response to That guy

‎04-16-2023 02:11 PM

@That guy well depends if you use different IP addresses for inside and outside, in which case you can fully run in parallel. If not you can at least prep the configuration, then cutover in a change window.

I'd recommend deploying version 7.0.5 or 7.2.3.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Rob Ingram
VIP
VIP

‎04-16-2023 01:28 PM

@That guy no issue running 2 FMCs in parallel, just more work to setup the new FMC initially.

Does the current FMC only manage the Firepower Module/FTD image on those ASA 5525 or other FTDs? Assuming the existing FMC manages only the existing 2 x 5525 then you could decommission the old FMC when you decommission the old firewalls once migrated.

FYI, you now have the option to use Cloud Delivered FMC if you didn't want to deploy a new on premise FMC.

 

0 Helpful

Go to solution
That guy
Level 1
Level 1

‎04-16-2023 02:06 PM

Hi Rob,

Thanks for the reply. Yes, they only manage the module/FTD on the ASA 5525 firewalls. Originally this was not my project, but my coworker is leaving and I am having to try and figure this out on the fly. I'll have to check out using FMC on the cloud. Might be cleaner to go that route.

One last question. What would the migration process look like. Would you also have the two sets of firewalls running in parallel to cutover?

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to That guy

‎04-16-2023 02:11 PM

@That guy well depends if you use different IP addresses for inside and outside, in which case you can fully run in parallel. If not you can at least prep the configuration, then cutover in a change window.

I'd recommend deploying version 7.0.5 or 7.2.3.

0 Helpful

Go to solution
That guy
Level 1
Level 1
In response to Rob Ingram

‎04-16-2023 02:13 PM

Thanks, Rob. I appreciate the help.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card