Exporting FTD Config to move to new FTD

Garry Cooper · ‎06-10-2022

We have 2 Firepower 4120's in HA. up and running.

IT want to put another 4120 at our DR site and replicate the configuration so in an DR event we will bring up the DR firewall manually.

My issue is with the site to site VPN's we have setup, it would mean I would have to duplicated the VPN's with DR FW interfaces, in FMC.

In FMC there is the GET and PUSH option, but the issue is the DR firewall does not have the same amount of interfaces.

What is the easiest way to get the config from the FTD and import it to the DR FW. I understand there will need to be some changes to the config.

Have looked at REST on the FTD but exporting the config just does not work. ( errors with authentication) and all the info is so vague.

balaji.bandi · ‎06-10-2022

If the config is not same, then you need manually edit the config and make necessary change and restore in DR.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Garry Cooper · ‎06-10-2022

Hi balaji

Thanks for the reply but I cannot get the config from the FTD, using REST does not work.

Mohammed al Baqari · ‎06-10-2022

Hi,

export/import of configs is supported in FMC 7.1. Before that, there is an
RMA procedure to restore configs but since you have different interfaces
that won't work.

***** please remember to rate useful posts

Garry Cooper · ‎06-13-2022

Mohammed.

THanks for the reply, do you know if export / import will allow you to change the config to the new hardware. so I can get the ftd up and running.

We are looking at moving to 7.* just need to get a few ikev1 site to site vpn's changed.

Mohammed al Baqari · ‎06-13-2022

Hi,

I am not sure if that is possible. The config will be exported as object
file and editing it might break the integrity which will be rejected when
you import it.

***** please remember to rate useful posts

Garry Cooper · ‎06-13-2022

Ok thanks for the headsup.