Cisco Firepower Migration Tool Compatibility Guide

This guide provides Cisco Firepower software and hardware compatibility, including operating system and hosting environment requirements.

Supported Platforms for Migration

The ASA, ASA with FPS, Check Point, PAN, Fortinet, and Firepower Threat Defense platforms that are supported for migration with the Firepower Migration Tool. For more information about the supported Firepower Threat Defense platforms, see Cisco Firepower Compatibility Guide.


Note

The Firepower Migration Tool supports migration of standalone ASA devices to a standalone Firepower Threat Defense device only.

Note

The Firepower Migration Tool supports migration of standalone mode or distributed Check Point configuration to a standalone Firepower Threat Defense device only.

Supported Source ASA Platforms

You can use the Firepower Migration Tool to migrate the configuration from the following single or multi-context ASA platforms:

  • ASA 5510

  • ASA 5520

  • ASA 5540

  • ASA 5550

  • ASA 5580

  • ASA 5506

  • ASA 5506W-X

  • ASA 5506H-X

  • ASA 5508-X

  • ASA 5512-X

  • ASA 5515-X

  • ASA 5516-X

  • ASA 5525-X

  • ASA 5545-X

  • ASA 5555-X

  • ASA 5585-X with ASA only (the Firepower Migration Tool does not migrate the configuration from the ASA FirePOWER module)

  • Firepower 1000 Series

  • Firepower 2100 Series

  • Firepower 4100 Series

  • Firepower 9300 Series

    • SM-24

    • SM-36

    • SM-40

    • SM-44

    • SM-48

    • SM-56

  • ASAv on VMware, deployed using VMware ESXi, VMware vSphere Web Client, or vSphere standalone client

Supported Source ASA models for ASA with FPS migration:

The Cisco ASA FirePOWER module is deployed on the following devices:

  • ASA5506-X

  • ASA5506H-X

  • ASA5506W-X

  • ASA5508-X

  • ASA5512-X

  • ASA5515-X

  • ASA5516-X

  • ASA5525-X

  • ASA5545-X

  • ASA5555-X

  • ASA5585-X-SSP-10

  • ASA5585-X-SSP-20

  • ASA5585-X-SSP-40

  • ASA5585-X-SSP-60

Supported Target Firepower Threat Defense Platforms

You can use the Firepower Migration Tool to migrate a source ASA, ASA with FPS, Check Point, PAN, and Fortinet configuration to the standalone or container instance of the following Firepower Threat Defense platforms:

  • ASA 5506

  • ASA 5506W-X

  • ASA 5506H-X

  • ASA 5508-X

  • ASA 5512-X

  • ASA 5515-X

  • ASA 5516-X

  • ASA 5525-X

  • ASA 5545-X

  • ASA 5555-X

  • Firepower 1000 Series

  • Firepower 2100 Series

  • Firepower 4100 Series

  • Firepower 9300 Series that includes:

    • SM-24

    • SM-36

    • SM-40

    • SM-44

    • SM-48

    • SM-56

  • Firepower Threat Defense Virtual on VMware, deployed using VMware ESXi, VMware vSphere Web Client, or vSphere standalone client

Supported Software Versions for Migration

The following are the ASA, ASA with FPS, Check Point, PAN, Fortinet, and Firepower Threat Defense versions for migration:

Supported ASA Firewall Versions

The Firepower Migration Tool supports migration from a device that is running ASA software version 8.4 and later.

Supported ASA with FPS Firewall Versions

The Firepower Migration Tool supports migration from a device that is running ASA with FPS software version 9.2.2+ and later.

For more details, see ASA FirePOWER Module Compatibility section in the Cisco ASA Compatibility guide.

Supported Check Point Firewall Versions

The Firepower Migration Tool now supports migration to Firepower Threat Defense that is running Check Point OS version r75–r77.30 and r80–r80.40. Select the appropriate Check Point version in the Select Source page.


Note

VSX is not supported.

The Firepower Migration Tool now supports migration from the Check Point Platform Gaia.

Supported Palo Alto Networks Firewall Versions

The Firepower Migration Tool supports migration to Firepower Threat Defense that is running PAN firewall OS version 6.1.x and later.

Supported Fortinet Firewall Versions

The Firepower Migration Tool supports migration to Firepower Threat Defense that is running Fortinet firewall OS version 5.0 and later.

Supported Firepower Management Center Versions for source ASA Configuration

For ASA, the Firepower Migration Tool supports migration to a Firepower Threat Defense device managed by a Firepower Management Center that is running version 6.2.3 or 6.2.3+.


Note

Some features are supported only in the later versions of FMC and FTD.

Note

For optimum migration times, we recommend that you upgrade Firepower Management Center to the suggested release version that can be downloaded from: software.cisco.com/downloads.

Supported Firepower Management Center Versions for source ASA with FPS Configuration

For ASA with FPS, the Firepower Migration Tool supports migration to a Firepower Threat Defense device managed by a Firepower Management Center that is running version 6.5+.

Supported Firepower Management Center Versions for source Check Point, PAN, and Fortinet Firewall Configuration

For Check Point, PAN and Fortinet firewall, the Firepower Migration Tool supports migration to a Firepower Threat Defense device managed by a Firepower Management Center that is running version 6.2.3.3 or later.


Note

Some features are supported only in the later versions of FMC and FTD. For example, Time-based ACLs in Fortinet is supported from FMC 6.6 or later.

Note

The migration to 6.7 FTD device is currently not supported. Hence, migration may fail if the device is configured with data interface for FMC access.

Supported Firepower Threat Defense Versions

The Firepower Migration Tool recommends migration to a device that is running Firepower Threat Defense, version 6.2.3 and later.

For detailed information about the Cisco Firepower software and hardware compatibility information, including operating system and hosting environment requirements, for Firepower Threat Defense, see the Cisco Firepower Compatibility Guide.

Platform Requirements for the Firepower Migration Tool

The Firepower Migration Tool has the following infrastructure and platform requirements:

  • Runs on a Windows 10 64-bit operating system or on a macOS version 10.13 or higher

  • Has Google Chrome as the system default browser

  • (Windows) Has Sleep settings configured in Power & Sleep to Never put the PC to Sleep, so the system does not go to sleep during a large migration push

  • (macOS) Has Energy Saver settings configured so that the computer and the hard disk do not go to sleep during a large migration push

Related Documentation

This section summarizes the Firepower Migration Tool related documentation.

  • Cisco Firepower Compatibility Guide—Describes Cisco Firepower software and hardware compatibility, including operating system and hosting environment requirements.

  • Cisco ASA Compatibility—Lists the Cisco ASA software and hardware compatibility and requirements.

  • Cisco Firepower 4100/9300 FXOS Compatibility—Lists software and hardware compatibility information for the Firepower eXtensible Operating System (FXOS), Cisco Firepower 9300 and Cisco Firepower 4100 series security appliances, and supported logical devices.