cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
422
Views
0
Helpful
2
Replies

Where to migrate SFR redirect rules on FTD appliance

jmeetze
Level 1
Level 1

We are migrating from ASA with SFR modules to new FTD appliances.  We used the migration tool, but did not select the option to migrate ASA with FPS.  After looking over the configuration, I'm wondering if we should have chosen the option to migrate with FPS as our rules for SFR redirect were not migrated.  I really don't want to go back and migrate again, so I'm hoping someone can tell me where would be the best place to manually add these rules to our new FTD policy if they are even needed.  Should I place them in a prefilter policy with Fastpath as the action?  Where would these rules have been placed had I chosen the option to migrate my ASA with FPS?

 

Thanks in advance!

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

In the Firepower image the old redirect rules for Firepower service module are not required as the Snort engine is fully integrated in the FTD model.

Normally we migrate all ASA rules in an FTD Access Control Policy and only move into prefilter things we want to completely exempt from Snort and Security Intelligence. For example, trusted flows between internal segments or IPsec traffic flowing through the firewall.

View solution in original post

2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

In the Firepower image the old redirect rules for Firepower service module are not required as the Snort engine is fully integrated in the FTD model.

Normally we migrate all ASA rules in an FTD Access Control Policy and only move into prefilter things we want to completely exempt from Snort and Security Intelligence. For example, trusted flows between internal segments or IPsec traffic flowing through the firewall.

Great thanks Marvin.  That's what I figured but appreciate you clarifying it for me.  

Review Cisco Networking for a $25 gift card