First Published: May 13, 2026

Secure Firewall Migration Tool

The Secure Firewall Migration Tool enables you to migrate your firewall configurations to a supported Secure Firewall Threat Defense managed by a management center. The migration tool supports migration from Secure Firewall ASA, ASA with FirePOWER Services (FPS), FDM-managed devices, as well as third-party firewalls from Microsoft Azure, Check Point, Palo Alto Networks, and Fortinet.

This document provides critical and release-specific information about the Secure Firewall Migration Tool. Even if you are familiar with Secure Firewall releases and have previous experience with the migration process, we recommend that you read and thoroughly understand this document.

New features

Learn about the features included in this release.

Release Version

Feature

Descriptions

10.0.3

Migration Support for Cisco Firepower 2100 Series Devices

This release of Firewall Migration tool adds support for migrating Cisco Firepower 2100 Series device to Firewall Threat Defense.

Application-Default Service Support

The Firewall Migration Tool allows you to migrate application-default service to Firewall Management Center. This feature applies only to Firewall Management Center version 10.0 or later.

Supported migrations: Palo Alto Networks Firewall

Open and resolved issues

The following table lists resolved migration bugs for Firewall Migration Manager version 10.0.3.
Table 1. Resolved Issues

Bug ID

Description

CSCwu13567

Deployment in Firewall Management Center fails after migration from ASA to Firewall Threat Defense.

CSCwu02965

During migration from ASA to Firewall Threat Defense, ACLs are migrated incorrectly. This issue is observed only when CSM/Inline Grouping option is enabled.

CSCwu00094

During migration from ASA to Firewall Threat Defense, ACLs are getting migrated partially when CSM/Inline grouping option is enabled and target management center is in multi-domain.

Open and resolved caveats

The open caveats for this release can be accessed through the Cisco Bug Search Tool. This web-based tool provides you with access to the Cisco bug tracking system, which maintains information about bugs and vulnerabilities in this product and other Cisco hardware and software products.


Note
You must have a Cisco.com account to log in and access the Cisco Bug Search Tool. If you don’t have one, you can register for an account on Cisco.com. For more information on Bug Search Tool, see Bug Search Tool Help.

Use the Open and Resolved Caveats dynamic query for an up-to-date list of open and resolved caveats in Secure Firewall Migration Tool.

Release features overview video

The Cisco Secure Firewall Migration Tool Release Overview video offers a comprehensive summary of this release, including:

  • The key capabilities introduced in the update

  • Notable new features and improvements

  • Clear explanations of the benefits provided by the latest enhancements

You can view the video at: Cisco Secure Firewall Migration Tool – Release Overview

We recommend you to watch this video to gain a thorough understanding of the release and optimize your experience with the updated product.

Infrastructure and platform requirements

The Secure Firewall Migration Tool requires the following infrastructure and platform:

  • Windows 10 64-bit operating system or on a macOS version 10.13 or higher

  • Google Chrome as the system default browser


    Tip

    We recommend that you use full screen mode on the browser when using the migration tool.

  • A single instance of the Secure Firewall Migration Tool per system

  • Management Center and Threat Defense must be version 6.2.3.3 or later


Note
Remove the previous build before downloading the newer version.

Related documentation

For information on the history of Secure Firewall Migration Tool, see:

Migration workflow

For information on the migration workflow of the Secure Firewall Migration Tool, see:

Migration reports

The Secure Firewall Migration Tool provides these reports in HTML format with details of the migration:

  • Pre-Migration Report

  • Post-Migration Report

Secure Firewall Migration Tool capabilities

The Secure Firewall Migration Tool provides these capabilities:

  • Validation throughout the migration, including parse and push operations

  • Object re-use capability

  • Object conflict resolution

  • Interface mapping

  • Auto-creation or reuse of interface objects (ASA name if to security zones and interface groups mapping)

  • Auto-creation or reuse of interface objects

  • Auto-zone mapping

  • User-defined security zone and interface-group creation

  • User-defined security zone creation

  • Subinterface limit check for the target threat defense device

  • Platforms supported:

    • ASA Virtual to Threat Defense Virtual

    • FDM Virtual to Threat Defense Virtual

    • Same hardware migration (X to X device migration)

    • X to Y device migration (Y having higher number of interfaces)

  • ACL optimization for source ASA, FDM-managed device, Fortinet, and Checkpoint for ACP rule action.

Link to Firewall Migration Tool documents