Seeking Advice on FMC and ASA/FTD migration.

MSN · ‎09-02-2024

Seeking Advice on FMC and ASA/FTD migration:

Current Infrastructure:

FMC-1000 (Version 7.0.4): Managing FTD 4110 (HA) with Version 7.0.4.
FMCv (Version 7.0.4): Managing FTD 2130 with Version 7.0.4 and FTD 2110 with Version 7.0.4.
FMC 1600 (Version 7.2.4): Managing FTD 4112 (HA) with Version 7.2.4 and a sensor module with Version 6.6.7.
ASA 5545 (HA) with Version 9.14: Also includes the sensor module mentioned above.

Recent Purchase:
FMC 1700
FTD 4112
Our initial plan with the acquisition of the FMC 1700 and FTD 4112 units was to migrate the ASA to the new FTDs, with the FMC 1700 managing them.

Based on recommendations from my team, we are considering the following approach:

Decommission the FMC-1000 and FMCv.
Moving the FTD 4110, currently managed by the FMC-1000, to the FMC 1600.
Migrate the ASA to the new FTD 4112 and add it to the FMC 1600.
FMCv migration to FMC 1700series to manage FTD 2130 & FTD 2110

Does this plan is ok? Any suggestions to improve this approach would be greatly appreciated.

Marius Gunnerud · ‎09-02-2024

I would suggest waiting with decommisioning the FMCs until you have moved the FTDs to the new FMC. Especially for the FMC 1000 that has an FTD pair in HA setup.

As for the order to perform the tasks in it is really up to you. Though remember that you are NOT migrating the ASAs to the FTD 4112 first and then onboard to the FMC. This is assuming there are no other FTDs already managed by the FMC1700 you would first onboard the FTD 4112 to the FMC and then run the FTD migration tool to move configuration from the ASA to the FMC / FTDs.

I posted the migration steps that I would suggest in your other post. Granted you can use the migration tool to migrate FMC to FMC, though I have never used it. I have spoken with others that have used it and they have had varying success with it.

--
Please remember to select a correct answer and rate helpful posts