About the Firepower Migration Tool
All the information in this book Migrating ASA to Firepower Threat Defense with the Firepower Migration Tool refers to the most recent version of Firepower Migration Tool. Follow the instructions in Download the Firepower Migration Tool from Cisco.com to download the most recent version of the Migration Tool.
This book covers information about the Migration Tool, right from downloading the tool to completing the migration. It also provides troubleshooting tips to help you overcome migration issues. To facilitate better understanding on the end-to-end migration process, this book provides a sample migration procedure using Firepower 2100 series as an example target device. See Appendix B: Migration Workflow - An Example .
The Firepower Migration Tool
The Firepower Migration Tool (Migration Tool) converts the configuration of a supported ASA platform to a supported Firepower Threat Defense platform. With the Migration Tool, you can automate the migration of supported ASA features and policies. You may have to manually migrate the unsupported features.
The tool gathers ASA information, parses it, and finally pushes it to Firepower Management Center. During the parsing phase, the Migration Tool generates a pre-migration report that identifies the following:
ASA configuration items that are fully migrated, partially migrated, unsupported for migration, and ignored for migration.
ASA configuration lines with errors, lists the ASA CLIs that the tool cannot recognize; this blocks migration.
If there are parsing errors, you can rectify the issues, re-upload a new configuration, connect to the destination device, map the ASA interfaces to FTD interfaces, map security zones and interface groups, and proceed to review and validate your configuration. You can then migrate the configuration to the destination.
The Migration Tool saves your progress and allows you to resume migration at two stages during the migration process:
Post successful completion of parsing the source ASA configuration file
If there is a parsing error or you exit before parsing, the tool requires you to redo the activity from the beginning.
Review and Validate screen
Exit and relaunch of the tool at this stage displays the Review and Validate screen.
The console opens when you launch the Migration Tool. The console provides detailed information about the progress of each step in the Migration Tool. The contents of the console are also written to the Migration Tool log file.
The console must stay open while the Migration Tool is open and running.
When you exit the Firepower Migration Tool by closing the browser on which the web interface is running, the console continues to run in the background. To completely exit the Migration Tool, exit the console by pressing the Command key + C on the keyboard
The Migration Tool creates a log of each migration. The logs include details of what occurs at each step of the migration and can help you determine the cause if a migration fails.
You can find the log files for the Migration Tool in the following location: <migration_tool_folder>\log
The Migration Tool saves a copy of the pre-migration and post-migration reports in the resources folder.
You can find the resources folder in the following location: <migration_tool_folder>\resources
The Migration Tool logs information about the configuration lines that it ignored in the unparsed file. This Migration Tool creates this file when it parses the ASA configuration file.
You can find the unparsed file in the following location: <migration_tool_folder>
Search in the Migration Tool
You can search for items in the tables that are displayed in the Migration Tool, such as those on the Review and Validate screen.
To search for an item in any column or row of the table, click the search icon () above the table and enter the search term in the field. The Migration Tool filters the table rows and displays only those that contain the search term.
To search for an item in a single column, enter the search term in the field at the top of the column below the column title. The Migration Tool filters the table rows and displays only those that match the search term.
The Firepower Migration Tool supports telemetry when run on either of these 12 ports: ports 8321-8331 and port 8888. By default the Firepower Migration Tool uses port 8888. To change the port, update the port information in the app_config file. After updating, ensure to relaunch the Migration Tool for the port change to take effect. You can find the app_config file in the following location: <migration_tool_folder>\app_config.
Cisco recommends that you use ports 8321-8331 and port 8888, as telemetry is only supported on these ports. If you enable Cisco Success Network, you cannot use any other port for the Firepower Migration Tool.