Explore Cisco
How to Buy

Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Cisco Secure Firewall Migration Tool

Simplified migration to Cisco Secure Firewall

Cisco Secure Firewall Migration Tool enables you to migrate your firewall configurations to the Cisco Secure Firewall Threat Defense. No matter how complex your current firewall policy is, the migration tool can convert configurations from any Cisco Adaptive Security Appliance (ASA) as well as third-party firewalls from Check Point, Palo Alto Networks, and Fortinet.

What's new in the latest migration tool v3.0

Support of software version 7.2 and VPN features

  • Migrations to cloud-delivered FMC
  • Validated and tested migration path to Threat Defense 7.2
  • RA VPN connection profile, group policy, IKEv2, AAA, address pools, Trustpoint, certificate map
  • AnyConnect client profiles, DAP, and Hostscan profiles
  • S2S VPN: pre-shared key fetch and port if configuration is loaded with more system:running-config config format

Optimization of rules during migration

  • Identify redundant and shadowed rules and provide users with the following rule options: remove, migrate disabled, or migrate fully
  • Comprehensive reporting on configuration optimization for access rules and objects
  • Streamlined object optimizations: remove unreferenced objects, reuse existing objects, and resolve inconsistent objects

Extensive migration support

Key features:

  • Network, service, time range, and fully qualified domain name (FQDN) objects and groups
  • Access rules, Cisco Security Manager object grouping, wildcard masks
  • NAT (Network Address Translation), static routes, IPv6
  • Physical interface, port channels, bridge groups (transparent only)

Supported platforms:

  • Cisco Secure Firewall Management Center (all models)
  • Cisco Secure Firewall ASA (all models)
  • Cisco Secure Firewall ASA 5500-X with FirePOWER Services
  • Palo Alto Networks, Fortinet, Check Point (R75 to R77, R80)

Why Cisco Secure Firewall Threat Defense

Regain visibility and control over encrypted traffic without decryption.

Reduce time to detect and respond to threats across networks, clouds, applications, users, and endpoints.