ASA to FTD policy Migration process

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello welcome to five power defence training video series I'm Linda in this video we are going to look at how to migrate AC policy to firepower threat defense with FTD 6.22 you can migrate AC policy from 48.4 onwards the policy which can be migrated to fiber threaded defense are a seals that are associated with interface group or the globe global rule and all the NAT policies along with this or the network object and objective and service object on object group which are associated with a seals or NAT will be migrated to fiber thread defense the unsupported policies within a C's our AC East which has time range s Gideon our local username local group or users and Sgt minister of Jammu and a CL which are not part of interface or global rules will not be migrated to fmz when you migrate ecl's to five power defence the east ACA seems has two simple actions one is permit and then other lenders deny if you migrate a silver AC policies to FM c you can either migrate to pre filter policy or access control policy if you choose as a pre-filter policy then you have two option is CII's which has deny as a rule will be migrated to block all the AC which has a AC permit there has two options either those permit a seals can be either migrated as fast path or are the pre-filter analyzed similarly if the AC else you want to migrate as an access control policy when you might get a xanax escort policy the ACLS which as a denied rule will be migrated as block the EC's which has permit as a action can be either Mitra's trust or alone in order to micro 8a c to FTD I need these components your FM C which is your production FM C which is managing your fiber thread defense and you need one more virtual FM C which can be installed on your the VMware or a KVM on this FM C we are going to ear do few commands which is going to make this FM C as a migration migrating tool once you have this to FM C tool ready then you can import AC configuration either it can be in a dot txt file or dot CFG file once you import this this migrating FM C is going to give you dot SF o file which thus with with this file you are going to import this to your production FM C which is good to get those policy converted to fire power management center policy which you can use it or near fiber thread defense so now I'm now I'm logging in to the virtual FM C which is going to which I am going to convert to a marketing tool I have logged in so there are two commands that I have to give in order to convert this as a marketing tool before that let's go to that same FM C&C from the browser it looks at typical normal FM C but let's see Haftar these two commands from what what what it gets changed so these are the two commands that we have two issues sudo from - su - elevate you as a growth user and then give the script enable microwave a migration to dot PL which is going to make this an FM C as a migrating tool after completing this execution of the script you can go back to the browser and then do a refresh so after refresh it is going to show you for saying that this tool has been has been enabled as a migration tool which can be used to convert the a sip policy note this tool this MMC can no more be used to manage your firepower or five four three difference so this is a configuration that I'm going to use it to migrate the EZLN add policy to FMC so as you could see that we have lots of policy and policies here but the policies that are going to migrate are only the objects ACLs and then an add rules so even the ACL this but creation which is not associated with any of the interface or global rule will not be migrated the ACL which are associated with access group only will be migrated let's go and see what are the steps required to migrate so on this FMC which has been my converted as a migration tool i have to go to system tool and then input an export click upload package and choose the ISO file that you want to migrate so choosing the file AC dot conflict or text and then click upload now you have two options either it can be migrated as a tree filter policy or or access control policy as we spoke during the presentation as you could refer back this slide the AC policy can be either migrated as a pre-filter policy or access control policy so that's what you can choose either one pre-filter or access control if you choose pre-filter then you have all the ecl's which are marked as deny will be migrated as a block all the a seals which has permit can be migrated either as fast path analyze the ACLs which has a permit as an action on the EC ACL can be either migrated as a fast path or analyzed the way you choose here is going to convert the policy similarly if you choose the AC AC else to be might have to access control policy then you have either option trust or allow all the AC else which has an action permit can be either translated as trust or allow on access from the policy so far now let me choose as a pre-filter policy and then mark the action as fast path and then click OK so now it gives you an information that AC migration is not under progress and then you can check the status on the taskbar so click then Stas status button and then check the taskbar and you can see that migration is under progress so this one says that case is it's actually migrated and then it is currently under prob now we have so far file that is generated all I can do is click this and then you download the file to my PC and then upload this file back to the FMC so now that I have have the file is exported I can go to my production FMC and this is my production FMC I can go the system - same import/export click upload and select the dot as so find that I want to so it sees that it has found access ACM policy and then nad policy let's import this so now now that the policy is getting important it is saying that I need to map the case they say interfaces to the FMC so I can either so these it has found them interfaces on the AC computation of like outside DMZ inside and outside I can use the existing a say inter FMC interfaces the interface group to method or create a new one so I'm going to reuse the existing one from manually mapping and then say import so it says a successfully imported let's go and verify the policy first let's go and verify their access control policy since we save that to imported as a pre-filter policy it could have created up people to policy or you can see that this created access from the policy but it has it could have created a pre-filter policy which as all the ACS that we have imported so as you can see that it has created a pre-filter policy and then math and the name is here it's gone verifying people fall asleep so then they imported a seals are created under this key to the policy so we have about five ACLs and with the first four for as a fast path and then a Lhasa as a clock let's go to the here we have five ACLs and then the first for our permit this as we said the preference that permit again comma Martha's first and then the denial has been marked as blog and similarly we can go and verify the NAT policy so again it has created an ad policy so here we have seven NAT policies as you could see here before NAT and then that is tuned before man unit and the three automat and to half mammal after night so that again has been populated here all we have to do is click assign policy and then assign to your desire 503 defense same thing on access control policy you can assign this assistant to policy to your desired 503 defense well then save and then deploy the policy tutor and device similarly you can experiment with other policies like reporting against a CL as access condo policy and then and the per module I see the first are aligned with us we have come to the end of this video I hope you liked it see you soon in the next video until then please subscribe to the video channel thank you bye bye
Info
Channel: Securing Networks with Cisco Firepower Threat Defense
Views: 10,306
Rating: undefined out of 5
Keywords: FTD Migration, FMC Mi, ASA to FTD Migration, ASA to FMC policy Migration, migrating ASA to FTD, Migrating ASA to FMC, ASA ACL NAT migration, FMC migration tool
Id: N06xXat59B0
Channel Id: undefined
Length: 11min 56sec (716 seconds)
Published: Tue Sep 19 2017
Related Videos
Understanding Prefilter policy in FTD
Securing Networks with Cisco Firepower Threat Defense
15K
Firepower Management Center Migration Tool
Cisco
7K
Lesson 16: How to Take Control of a Firewall Migration Project
AlgoSec
6.5K
Cisco FirePOWER Access Control Policies - Todd Lammle Training Series
Todd Lammle
82K
Cisco ASA with FirePOWER Services vs Palo Alto Next-Generation Firewall
Plixer
66K
Cisco Secure Firewall Migration Tool - ASA to FTD
Cisco Secure Firewall
1.3K
Routing Troubleshooting Ticket 1 | Static Routing | Routing Loop
Network Engineer Stuff
3.3K
Firepower 1010 & Firepower Device Manager
Aaron McDaniel
16K
Introduction to FlexConfig on FMC
Securing Networks with Cisco Firepower Threat Defense
8.7K
IPS (Intrusion Policy) with FMC - Lab || (Hacking Attack included)
Doctor Networks
5.1K
FTD Site to Site VPN with ASA
Securing Networks with Cisco Firepower Threat Defense
8.5K
Cisco ASA to FTD Migration
Jason Maynard
13K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.