Updated 4/15/2019: Cisco Releases New ASA to Firepower Threat Defense (FTD) Migration Tool

4

Update to this post 4/15/2019

Cisco is going to be releasing a new FTD migration tool soon.

  • Cisco has added optimizations to the tool, to help users drop objects that are not reference in any of the rules, or to disable rules that have not been hit over time.
  • Firepower Migration Tool is the one that is REST. It processes data and communicates to the FMC using REST only
  • Prefilter rules support will be added.┬áCisco is just waiting on REST APIs for the feature. From what we know, 6.5 will start supporting it

Migrating ASA to Firepower Threat Defense with the Firepower Migration Tool, v1.0.0

Cisco has just releases the latest new version of their ASA to FTD Migration tool. Check it out!

The Firepower Migration Tool (Migration Tool) converts the configuration of a supported ASA platform to a supported Firepower Threat Defense platform. With the Migration Tool, you can automate the migration of supported ASA features and policies, but you might need to migrate some features manually.

After you reach the Review and Validate screen, the Migration Tool saves your progress and allows you to resume the migration at a later time. If you close the Migration Tool before that screen, your progress is not saved.

Console

The console opens when you launch the Migration Tool. The console provides detailed information about the progress of each step in the Migration Tool. The contents of the console are also written to the Migration Tool log file.

The console must stay open while the Migration Tool is open and running.

Logs

The Migration Tool creates a log of each migration. The logs include details of what occurs at each step of the migration and can help you determine the cause if a migration fails.

You can find the log files for the Migration Tool in the following location: <migration_tool_folder>\log

Resources

The Migration Tool saves a copy of the pre-migration and post-migration reports in the Resourcesfolder.

You can find the Resources folder in the following location: <migration_tool_folder>\resources

Unparsed File

The Migration Tool logs information about the configuration lines that it ignored in the unparsed file. This Migration Tool creates this file when it parses the ASA configuration file.

You can find the unparsed file in the following location: <migration_tool_folder>

Search in the Migration Tool

You can search for items in the tables displayed in the Migration Tool, such as those on the Review and Validate screen.

To search for an item in any column or row of the table, click the search icon (search icon) above the table and enter the search term in the field. The Migration Tool filters the table rows and displays only those that contain the search term.

To search for an item in a single column, enter the search term in the field at the top of the column below the column title. The Migration Tool filters the table rows and displays only those that match the search term.

Licensing for the Migration Tool

The Migration Tool is free and does not require a license. However, for the Migration Tool to push the configuration to Firepower Management Center, it must have the required licenses for the related Firepower Threat Defense features.

You can finds more about the tool here:

https://www.cisco.com/c/en/us/td/docs/security/firepower/migration-tool/10/migration-guide/ASA2FTD-with-FP-Migration-Tool-10.html

 

 

4 Comments

    1. Yes, it is okay. I am not a fan of migration myself, as all of my customers had pain after a migration and they all wish they would have just done a clean install.
      Get an ASA configuration, and practice putting this on a FTD device. You can either just copy the configuration from a .txt file or connect the ASA and push is over.
      The new tool does not allow you to put rules in the prefilter any more as the old one did.
      So if you can do a fresh install, do that, if not then test with this new tool first if you can.
      thanks!
      Todd

Leave a Reply

Your email address will not be published. Required fields are marked *