Migrate an FTD from One FMC to another FMC

Available Languages

Download Options

  • PDF     (686.6 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (810.4 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (613.2 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:October 17, 2024
Document ID:222480

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes how to migrate a Cisco Firepower Threat Defense (FTD) device between Firepower Management Centers.

    Prerequisites

    Before starting the migration process, ensure that you have these prerequisites in place:

    • Access to both the source and destination FMCs.
    • Administrative credentials for both FMCs and FTD.
    • Backup the current FMC configuration.
    • Make sure that the FTD devices running a compatible software version with the destination FMC.
    • Make sure that the destination FMC has the same version as the source FMC.

    Requirements

    • Both FMCs must be running compatible software versions.
    • Network connectivity between the FTD device and both FMCs.
    • Adequate storage and resources on the destination FMC to accommodate the FTD device.

    Components Used

    The information in this document is based on these software and hardware versions:

    Cisco Firepower Threat Defense Virtual (FTDv) Version 7.2.5

    Firepower Management Center Virtual (FMCv) Version 7.2.5

    The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

    Background Information

    Migrating an FTD device from one FMC to another involves several steps, including deregistering the device from the source FMC, preparing the destination FMC, and re-registering the device. This process ensures that all policies and configurations are correctly transferred and applied.

    Configure

    Configurations

    1. Log in to the source FMC.

    Log In FMC

    2. Navigate to Devices > Device Management and select the device to be migrated.

    Device Manager

    3. Within the device section, navigate to device and click export to export your device settings.

    Device Export

    4. Once the configuration has been exported, you must download it.

    Download Export Config

    note-icon

    Note: The downloaded file must contain the .SFO extension and contains device configuration information such as IP addresses, security zones, static routes, and other device settings.

    5. You must export the policies associated with the device, navigate to System > Tools > Import/Export, select the policies you want to export and click export.

    System Tools Import Export

    Policies to Export

    note-icon

    Note: Make sure that the .SFO file has been downloaded successfully. The download is done automatically after clicking on export. This file contains the access control policies, platform settings, NAT policies, and other policies which are indispensable for the migration since they are not exported together with the device configuration and have to be uploaded manually to the destination FMC.

    6. Deregister the FTD device from the FMC, navigate to Devices > Device management, click the three vertical dots on the right side and select delete.

    Delete Device

    7. Prepare the Destination FMC:

    • Log in to the destination FMC.
    • Make sure that the FMC is ready to accept the new device by importing the source FMC policies you downloaded in step 5. Navigate to System > Tools > Import/Export and click upload package. Upload the file to import and click upload.

    Upload Package

    Choose Package Name

    8. Select the policies to import in the destination FMC.

    Items to Import

    9. In the import manifest, select a security zone or create a new one to assign to the interface object and click import.

    Import Manifest Obj

    10. Register the FTD to the Destination FMC:

    • On the destination FMC, navigate to Device > Management tab and select Add > Device.

    • Complete the registration process by responding to the prompts.

    Add Device

    Device Information

    For additional details, check the Firepower Management Center Configuration Guide, Add Devices to the Firepower Management Center

    11. Navigate to Device > Device Management > select the FTD > Device and click import. A warning shows asking for your confirmation to replace the device configuration, click yes.

    Import Device

    Confirmation Import

    12. Select the import configuration file which must be .SFO extension, click upload, and you see a message appears indicating that the import has started.

    File to Import

    Device Config Import

    13. Finally, an alert is displayed and a report is generated automatically when the import is complete, allowing you to review the objects and policies that have been imported.

    Confirmation Task

    Import Report

    Verify

    After completing the migration, verify that the FTD device is correctly registered and functioning with the destination FMC:

    • Check the device status on the destination FMC.
    • Make sure that all policies and configurations are correctly applied.
    • Perform a test to confirm that the device is operational.

    Troubleshoot

    If you encounter any issues during the migration process, consider these troubleshooting steps:

    • Verify network connectivity between the FTD device and both FMCs.
    • Make sure that the software version on both FMCs are the same.
    • Check the alerts on both FMCs for any error message or warnings.

    Related Information

    Revision History

    Revision Publish Date Comments
    1.0
    17-Oct-2024
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • Andres Cancino Cubias
      Technical Consulting Engineer

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products