Secure Firewall Migration Tool Compatibility Guide

This guide provides Cisco Secure Firewall software and hardware compatibility, including operating system and hosting environment requirements.

Supported Platforms for Migration

The ASA, ASA with FPS, Check Point, PAN, Fortinet, and Firewall Threat Defense platforms that are supported for migration with the Secure Firewall Migration Tool. For more information about the supported threat defense platforms, see Cisco Secure Firewall Compatibility Guide.


Note

The Firewall Migration Tool supports migration of standalone ASA devices to a standalone threat defense device only.

Note

The Firewall Migration Tool supports migration of standalone mode or distributed Check Point configuration to a standalone threat defense device only.

Supported Source ASA Platforms

You can use the Firewall Migration Tool to migrate the configuration from the following single or multi-context ASA platforms:

  • ASA 5510

  • ASA 5520

  • ASA 5540

  • ASA 5550

  • ASA 5580

  • ASA 5506

  • ASA 5506W-X

  • ASA 5506H-X

  • ASA 5508-X

  • ASA 5512-X

  • ASA 5515-X

  • ASA 5516-X

  • ASA 5525-X

  • ASA 5545-X

  • ASA 5555-X

  • ASA 5585-X with ASA only (the Firewall Migration Tool does not migrate the configuration from the ASA FirePOWER module)

  • Firepower 1000 Series

  • Firepower 2100 Series

  • Firepower 4100 Series

  • Firepower 9300 Series

    • SM-24

    • SM-36

    • SM-40

    • SM-44

    • SM-48

    • SM-56

  • ASA Virtual on VMware, deployed using VMware ESXi, VMware vSphere Web Client, or vSphere standalone client

Supported Source ASA models for ASA with FPS migration:

The Cisco ASA FirePOWER module is deployed on the following devices:

  • ASA5506-X

  • ASA5506H-X

  • ASA5506W-X

  • ASA5508-X

  • ASA5512-X

  • ASA5515-X

  • ASA5516-X

  • ASA5525-X

  • ASA5545-X

  • ASA5555-X

  • ASA5585-X-SSP-10

  • ASA5585-X-SSP-20

  • ASA5585-X-SSP-40

  • ASA5585-X-SSP-60

Supported Target Secure Firewall Threat Defense Platforms

You can use the Firewall Migration Tool to migrate a source ASA, ASA with FPS, Check Point, PAN, and Fortinet configuration to the standalone or container instance of the following threat defense platforms:

  • ASA 5506

  • ASA 5506W-X

  • ASA 5506H-X

  • ASA 5508-X

  • ASA 5512-X

  • ASA 5515-X

  • ASA 5516-X

  • ASA 5525-X

  • ASA 5545-X

  • ASA 5555-X

  • Firepower 1000 Series

  • Firepower 2100 Series

  • Firepower 4100 Series

  • Firepower 9300 Series that includes:

    • SM-24

    • SM-36

    • SM-40

    • SM-44

    • SM-48

    • SM-56

  • The threat defense virtual on VMware, deployed using VMware ESXi, VMware vSphere Web Client, or vSphere standalone client

Supported Software Versions for Migration

The following are the ASA, ASA with FPS, Check Point, PAN, Fortinet, and threat defense versions for migration:

Supported ASA Firewall Versions

The Firewall Migration Tool supports migration from a device that is running ASA software version 8.4 and later.

Supported ASA with FPS Firewall Versions

The Firewall Migration Tool supports migration from a device that is running ASA with FPS software version 9.2.2+ and later.

For more details, see ASA FirePOWER Module Compatibility section in the Cisco ASA Compatibility guide.

Supported Check Point Firewall Versions

The Firewall Migration Tool now supports migration to threat defense that is running Check Point OS version r75–r77.30 and r80–r80.40. Select the appropriate Check Point version in the Select Source page.


Note

VSX is not supported.

The Firewall Migration Tool now supports migration from the Check Point Platform Gaia.

Supported Palo Alto Networks Firewall Versions

The Firewall Migration Tool supports migration to threat defense that is running PAN firewall OS version 6.1.x and later.

Supported Fortinet Firewall Versions

The Firewall Migration Tool supports migration to threat defense that is running Fortinet firewall OS version 5.0 and later.

Supported Secure Firewall Management Center Versions for source ASA Configuration

For ASA, the Firewall Migration Tool supports migration to a threat defense device managed by a management center that is running version 6.2.3 or 6.2.3+.


Note

Some features are supported only in the later versions of management center and threat defense.

Note

For optimum migration times, we recommend that you upgrade management center to the suggested release version that can be downloaded from: software.cisco.com/downloads.

Supported Management Center Versions for source ASA with FPS Configuration

For ASA with FPS, the Firewall Migration Tool supports migration to a threat defense device managed by a management center that is running version 6.5+.

Supported Management Center Versions for source Check Point, PAN, and Fortinet Firewall Configuration

For Check Point, PAN and Fortinet firewall, the Firewall Migration Tool supports migration to a threat defense device managed by a management center that is running version 6.2.3.3 or later.


Note

Some features are supported only in the later versions of management center and threat defense. For example, Time-based ACLs in Fortinet is supported from management center 6.6 or later.

Note

The migration to 6.7 threat defense device is currently not supported. Hence, migration may fail if the device is configured with data interface for management center access.

Supported Threat Defense Versions

The Firewall Migration Tool recommends migration to a device that is running threat defense, version 6.2.3 and later.

For detailed information about the Secure Firewall software and hardware compatibility information, including operating system and hosting environment requirements, for threat defense, see the Cisco Secure Firewall Compatibility Guide.

Platform Requirements for the Firewall Migration Tool

The Firewall Migration Tool has the following infrastructure and platform requirements:

  • Runs on a Windows 10 64-bit operating system or on a macOS version 10.13 or higher

  • Has Google Chrome as the system default browser

  • (Windows) Has Sleep settings configured in Power & Sleep to Never put the PC to Sleep, so the system does not go to sleep during a large migration push

  • (macOS) Has Energy Saver settings configured so that the computer and the hard disk do not go to sleep during a large migration push

Related Documentation

This section summarizes the Firewall Migration Tool related documentation.