Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1228
Views
0
Helpful
1
Replies

Transfer a device AND policies to a new, unrelated FMC

Go to solution
cco@leferguson.com
Level 1
Level 1

‎05-19-2020 12:21 PM

Scenario: Several ASA's with SFR's managed by an FMC for one entity, with one policy deployed with various whitelists, URL rules, etc. 

 

We may want to transfer administrative ownership of only one ASA to another entity, along with a new FMC with just that ASA. Complicating it slightly we are running in linux/vm and they would be vmware.

 

I see a backup/restore, but it is unclear if that will properly move across architectures (there is a caveat from cisco that might or might not apply).  I also see no way to export components of policies, other than a whitelist which I can get as a text file. 

 

I realize there may be issues merging policies if you moved a device between SFR's and wanted to keep it the same, but in this case we would be creating a new FMC (or someone would), although with a change of architecture. 

 

Is there a proper way to do this?   Or does one need to start over, maybe look at one screen and recreate policies on the other? 

 

I realize licenses will need to be re-issued from the new FMC, not too worried about that, would like to understand how close we can get to "here it is, with all the rules the same as it was"? 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-19-2020 08:31 PM

Generally you cannot do this from within the product. You can migrate an older platform FMC (with all policies and settings) to a newer x600 series but that use case isn't what you need.

Technically the API could probably be used to extract what you need but it would probably be easier to generate a report of the Access Control Policy and note the device settings and recreate them manually on the new FMC.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-19-2020 08:31 PM

Generally you cannot do this from within the product. You can migrate an older platform FMC (with all policies and settings) to a newer x600 series but that use case isn't what you need.

Technically the API could probably be used to extract what you need but it would probably be easier to generate a report of the Access Control Policy and note the device settings and recreate them manually on the new FMC.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card