Cisco Secure Firewall Migration Tool

Simplified migration to Cisco Secure Firewall

Cisco Secure Firewall Migration Tool enables you to migrate your firewall configurations to the Cisco Secure Firewall Threat Defense. No matter how complex your current firewall policy is, the migration tool can convert configurations from any Cisco Adaptive Security Appliance (ASA) or Firewall Device Manager (FDM), as well as from third-party firewalls Check Point, Palo Alto Networks, and Fortinet.

Features and capabilities

New features:

  • Merging of configurations from multiple contexts into a single instance
  • Demo mode to perform tests without a Cisco Secure Firewall Management Center
  • Accelerated parsing performance and reliability enhancements
  • Migrating configurations from on-box device manager to a Cisco Secure Firewall Management Center
  • Fixes of defects identified in the prior versions of migration tools

Key features:

  • Network, service, time range, FQDN based objects and groups
  • Access rules, Cisco Security Manager object grouping, wildcard masks
  • Static routes, BGP, EIGRP, ECXMP, PBR, NAT, IPv6
  • Physical interface, port channels, bridge groups (transparent only)
  • Site-to-site VPN, remote-access VPN

Extensive support

Value-add during migration:

  • Policy optimization
  •     o  Remove the shadowed and redundant access control rules

        o  Selective migration of access control rules and NAT rules

        o  Reuse objects, identify the access control element counts

  • Enablement of L7 firewalling capabilities
  • Comprehensive reports (before and after migration)

Supported platforms:

  • Cisco Secure Firewall Management Center (FMC), all models, including cloud-delivered FMC through Cisco Defense Orchestrator (CDO)
  • Cisco Secure Firewall Device Manager
  • Cisco Secure Firewall ASA (all models)
  • Cisco Secure Firewall ASA 5500-X with Firepower Services
  • Palo Alto Networks, Fortinet, Check Point (R75 to R77, R80)

Benefits of Cisco Secure Firewall Threat Defense

Regain visibility and control over encrypted traffic without decryption.

Reduce time to detect and respond to threats across networks, clouds, applications, users, and endpoints.