R1.3 of the Cisco ASA to FTD Migration tool is out and it’s a Winner!

3

Here are some of the new features added to this release:

  • IPv6 support
  • Flexibility to clear CSM Inline grouping
  • Selective Migration for NAT and routes (Do not migrate option)
  • REST API for programmability
  • 6.4 version support
  • Support for new hardware (1000 series)

Version 1.3

  • The Migration Tool allows you to connect to an ASA using the admin credentials and Enable Password as configured on the ASA.

    If ASA is not configured with Enable Password, you can leave the field blank on the Migration Tool.

  • You can now configure the batch size limit for Bulk Push in the app_config file as follows:

    • For Objects, the batch size cannot exceed 500. The Migration Tool resets the value to 500 and proceeds with the bulk push.

    • For ACLs, Routes, and NAT, the batch size cannot exceed 1000 each. The Migration Tool resets the value to 1000 and proceeds with the bulk push.

  • The Migration Tool allows you to parse the CSM or ASDM managed configurations.

    When you opt to clear the inline grouping or ASDM managed configurations, the predefined objects are replaced with the actual object or member name.

    If you do not clear the CSM or ASDM managed configurations, the predefined object names will be retained for migration.

  • Provides customer support to download log files, DB, and configuration files during a migration failure. You can also raise a support case with the technical team through an email.

  • Support for migration of IPv6 configurations in Objects, Interfaces, ACL, NAT and Routes.

  • The Migration Tool allows you to map an ASA interface name to a physical interface on the FTD object types—physical interfaces, port channel, and subinterfaces. For example, you can map a port channel in ASA to a physical interface in FMC.

  • The Migration Tool provides support to skip migration of the selected NAT rules and Route interfaces. The previous versions of the Migration Tool provided this option for Access Control rules only.

  • You can download the parsed Access Control, NAT, Network Objects, Port Objects, Interface, and Routes configuration items from the Review and Validate Configuration screen in an excel or CSV format.

Plus everything from v2 of course!

3 Comments

  1. Hi Todd, I was reading the new migration tool article, and was wondering if the below was a typo or the actual limitation of the new tool:

    “For Objects, the batch size cannot exceed 500. The Migration Tool resets the value to 50 and proceeds with the bulk push.”

    Does the tool reset the value to 50 or should be 500?

    It is a good article though, and thanks for the effort you put to share Firepower tips and tricks. Love them.

    Aref

  2. Hi Todd,

    Thanks for the post. Can th emigration tool migrate an ASA physical interface to a logical interface on FMC? I have fewer available interfaces on FTD(7) than the actual interfaces on ASA(8).

Leave a Reply

Your email address will not be published. Required fields are marked *