Migrate FMC 2500 to FMC 2700

Andres Martin Herrero · ‎09-13-2024

Hi all!

We are trying to migrate an from FMC 2500 deployment to SFMC 2700. Our scenario in our 2500 FMC is the following:

- Version 7.0.5
- devices managed by this FMC:
· FTD v7.0.6.2
· SFR ASA5516-X v7.0.6
· SFR ASA5500-X v6.6.7.1

Reading the official documentation about the migration from FMC 2500 chassis to 2700 chassis

https://www.cisco.com/c/en/us/td/docs/security/firepower/fmc_model_migration/b_FMC_Model_Migration_Guide/m_fmc_migration_workflow.html

we have to upgrade the FMC 2500 version to the special release 7.4 for taking a backup and restore it in the new chassis.

The problem is the following, we need the FMC 2500 in version 7.0 to keep the service given to the SFR ASA 5500-X in version 6.6.7.1. We can't upgrade this FMC 2500. Only we can work with the backup for a restore or the Import/Export objects.

Could you help me giving us your best procedure to take the configuration from FMC 2500 in version 7.0 and import it in the new FMC 2700 chassis in version 7.4?

Thank you!!

Regards

Marvin Rhoads · ‎09-13-2024

Is the policy for 6.6.7.1 pretty basic (i.e. just a Firepower service module with a few ACP entries)? If so, I would just keep run that on an FMCv 7.0.x that you stand up for only as long as the time until you retire that past-end-of-support device. May even for both sets of devices with SFR modules.

Then do the model migration as noted for the rest of the devices (FTD and possibly the 5516-X firepower modules).

Massimo Baschieri · ‎09-13-2024

Hi Marvin,

I take the chance for a question of mine

In caso of migration to FMC2700 the upgrade to 7.4 is needed because target FMC doesn't support release 7.0, but in case of migration from FMC2500 to, for example, FMCv300, is it allowed to migrate maintaining same 7.0 release?

Marvin Rhoads · ‎09-14-2024

That's correct - you can do model migration within the same release to any supported model.

The problem with the 2700 is that versions prior to 7.4 aren't supported on it.

Peter Beshay · ‎11-01-2024

i have the FMC2500 on version 7.0.6.2 and i could not update it to 7.4.0.118 special release for migration
it shows this error "Unable to upgrade DC while some Sensor versions are too old(< 7.0.0)."

Do anyone have solution for that ?

marce1000 · ‎11-01-2024

- @Peter Beshay FYI : https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvz92275

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Marvin Rhoads · ‎11-01-2024

@Peter Beshay What models and versions are your managed devices?

Peter Beshay · ‎11-01-2024

From FMC2500 to FMC 2700

Peter Beshay · ‎11-01-2024

i am on FMC2500 7.0.6.2 moving to FMC2700 7.4.0.118
i tried the fix for that bug and does not work for some reason , give access denied even i use the admin
https://bst.cisco.com/bugsearch/bug/CSCvv13619?rfs=qvred

Marvin Rhoads · ‎11-01-2024

@Peter Beshay the managed device models and versions are what I am asking, not the FMC.

Peter Beshay · ‎11-01-2024

Firepower 4110 with the same version 7.0.6.2

Peter Beshay · ‎11-01-2024

Problem found, I found 1 sensor in the old 6.0.7 version that has been added recently with an update to 7.0.x
I updated and am now able to upgrade FMC2500 to 7.4.0.118