Managed IT provider | San Francisco | LookingPoint

Firepower Migration Tool

Written by Rick Wong | Jan 22

 

Platform requirements

The migration tool requires the following to run:

  • Windows 10 or MacOS 10.13 or higher
  • Google Chrome

 

Limitations

Here are the limitations of the migration tool:

The following configuration are not migrated because it is not supported by the FTD:
    • Route based VPNs are not support by FTD.
    • Local user accounts.
    • Nested object-groups.

 

The following configuration are not migrated and requires manual configuration after the migration:
    • VPNs: Anyconnect client vpn or site-to-site vpn
    • Dynamic routing
    • IP SLAs and tracking
    • Device specific configurations such as snmp, syslog, netflow, radius, tacacs, ldap, etc

      ASA version needs to be 8.4 and higher.

 

Migration Process

  1. Download the migration tool for the desired platform from cisco.com using a CCO account.
  2. Run the executable

    Note: Do not close the cmd window.  Closing this window will exit the migration tool.
  3. Login with a CCO account to share statistics with Cisco or use the local default account to login

    Default local account:

    Username: admin

    Password: Admin123

  4. Select a source for the migration.

  5. Select manual upload of the configuration or connect to  ASA as the source of the configuration.


    The migration will parse the data from the ASA configuration.

  6. Connect to the FMC where the FTDs are registered. You can still use the tool if there are no FTDs registered.  Interfaces and routes will not be migrated if no FTD is present.

  7. Select a target FTD to apply the migrated configuration. If no FTD devices are registered with the FMC, interfaces and routes will not be migrated.  

  8. Select the features to be migrated and start the conversion.

  9. Download and review the pre-migration report.

  10. Map the ASA interfaces and to FTD interfaces and security zones. This section only applies if an FTD is the target device from step 7.


    If no FTD target device is selected the Map FTD Interface option is not available.

  11. Review and validate the migrated configuration. Any errors reported during validation will need to be corrected before proceeding.

  12. Push the configuration to the FMC after successful validation.

  13. Download and review the migration report after the migration is complete.

  14. Login to the FMC. NATs, ACLs and Objects are now populated by the migration tool.

 

As always if you have any questions on getting Cisco's Firepower set up for you and your business and would like to schedule a free consultation with us, please reach out to us at sales@lookingpoint.com and we’ll be happy to help!

 
View full post