Re: Cisco ASA to Firepower Migration

malhotra_suneet · ‎01-15-2020

Hi

I am replacing a moduler Cisco SVC-ASA-SM1 which is installed on my Cisco 6500 switch, replacing with a Firepower 4120 model (Next generation Firewall),

is there any tool to migrate it ? GUI ?

Or everything needs to be done on CLI from the scratch ?

balaji.bandi · ‎01-15-2020

You mean FWSM to FTD ?

there is not straight forward upgrade from FWSM to FTD

you need to do as below :

1. FWSM to ASA 9.X

2. ASA to FTD ( you have migration tool) CCO has access for that tool.

If the rule base not big, i would suggest start manually working on new FTD and do cutover.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

malhotra_suneet · ‎01-16-2020

Thanks for the quick reply, here is some of the details of the device hardware/inventory and software version,

Am I good to use the Migration Tool in this case ?

Source Device

Name: "module 3", DESCR: "WS-SVC-ASASM-1 Adaptive Security Appliance Service Module"

admin# show version

Cisco Adaptive Security Appliance Software Version 9.4(4)36 <context>

Destination Device

Firepower 4120 , Version: Latest (as per Cisco's recommendation)

As per the data sheet of the Cisco Firepower, there are is a list of device that are supported for migration.. and all of them are standalone ASA device.

So just to be sure, can I use the Migration tool for the mentioned source and destination devices ?

balaji.bandi · ‎01-16-2020

yes the tool is usefull for you.

As suggested if it less than few hundreds i do manually, how many ACL rules you try to migrate ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help