Seamless Transition: Mastering Migration to Cisco Safe Firewall
Firewall migration is commonly seen as a posh job that requires downtime and different operational disruptions. At Cisco Dwell APJC, Principal Engineer Raghu Kulkarni, an virtually 15-year Cisco veteran, goals to shift this angle. Kulkarni demonstrates that transitioning to Cisco Safe Firewall is an easy and manageable course of when particular actions are addressed proactively. Within the session, Kulkarni explains the three levels to Firewall migration, illustrating that not all migration actions have to be carried out throughout downtime, which is what most prospects concern. In truth, Kulkarni particulars that round 95% of the method might be staged earlier than the precise migration happens.
Earlier than diving into the migration course of, let’s check out three precious questions that Kulkarni solutions throughout this session:
- What are the instruments obtainable for migration? How does Cisco’s Firewall Administration Device (FMT) particularly ease the migration course of?
- What are the pre-checks that may be carried out earlier than migration happens?
- In case you have present Firepower units which have reached finish of life, and they’re managed by the Firepower Administration Heart (FMC), how can their configurations be migrated to newer {hardware}?
Getting began with the migration course of
As a way to guarantee a seamless transition, there are two duties that must be accomplished even earlier than the pre-migration section. Firstly, it’s essential to establish stakeholders who will likely be impacted by migration or who must validate the brand new firewall setting, corresponding to software homeowners and testing groups. Overlooking particular software testing wants could result in problems in post-migration.
Secondly, Kulkarni discusses the significance of staging the setting for readiness. This course of includes organising all the mandatory elements earlier than the migration course of begins. Key components embrace:
- Provisioning the FMC, whether or not on-prem or digital
- Getting ready the brand new Firepower Menace Protection (FTD) {hardware}
- Guaranteeing the FMT is downloaded, put in, and suitable
Key concerns for pre-migration actions
As Kulkarni mentions in his introduction, the pre-migration section is the place a lot of the work occurs, considerably lowering cutover downtime. Cisco’s FMT guides customers by configuration extraction, enabling selective migration of options like entry management lists, community objects, routes, and interfaces. Most significantly, the instrument affords optimization capabilities to establish and resolve points with unreferenced objects or redundant safety guidelines, stopping a bloated configuration.
The total course of performed by the FMT is as follows:
- Extract Configuration Info
- Choose Goal(s)
- Map FTD Interface
- Map Safety Zones
- Software Mapping
- Optimize, Evaluation & Validate
- Full Migration
Furthermore, by way of pre-cutover validation, the FMC’s Packet Tracer permits for replaying packet captures to simulate software habits, whereas Safety Cloud Management affords finest observe suggestions. Collectively, these options and actions present customers with confidence that their migration course of is performing as anticipated. Kulkarni persistently stresses the significance of those options as lowering complexity and limiting cutover downtime.
After completion of the pre-migration course of, the FMT supplies a complete pre-migration report offering key insights into the next areas: configuration strains with error and ignored or unreferenced components. These elements are vital in understanding and resolving points earlier than deployment, and highlighting configurations that weren’t migrated because of irrelevance or lack of help.
Submit-migration course of and migration completion
As soon as the great pre-migration work is full, the FMT initiates the configuration push to the FMC. That is the primary time the FMT actively communicates with the FMC to deploy the optimized configuration. Upon completion, the FMT generates a post-migration report, offering a abstract of things corresponding to: configurations which have been efficiently migrated, configurations that would not be migrated, or any manually chosen components that have been chosen to not be migrated.
This abstract is invaluable for evaluating with the pre-migration report, highlighting variations and validating the migration’s success. Extra particulars on the configuration push and the post-migration course of might be discovered right here.
Study extra by watching the total session
Kulkarni demonstrates that the transition to Cisco Safe Firewall might be easy when contemplating vital actions, utilizing Cisco’s migration instruments, and guaranteeing validation and optimization at each step. Firewall migration doesn’t must be a posh and daunting job, and Cisco strives to substantiate this notion.
If you wish to study extra about Cisco Safe Firewall, or watch Raghu Kulkarni’s full session, comply with the hyperlinks beneath.
Cisco Safe Firewall | Firewall Migration Device | AIOps for Cisco Safe Firewall
