Seamless Transition: Mastering Migration to Cisco Safe Firewall
Firewall migration is commonly seen as a fancy process that requires downtime and different operational disruptions. At Cisco Reside APJC, Principal Engineer Raghu Kulkarnian nearly 15-year Cisco veteran, goals to shift this attitude. Kulkarni demonstrates that transitioning to Cisco Safe Firewall is an easy and manageable course of when particular actions are addressed proactively. Within the session, Kulkarni explains the three levels to Firewall migration, illustrating that not all migration actions must be carried out throughout downtime, which is what most prospects concern. Actually, Kulkarni particulars that round 95% of the method could be staged earlier than the precise migration happens.
Earlier than diving into the migration course of, let’s check out three priceless questions that Kulkarni solutions throughout this session:
- What are the instruments accessible for migration? How does Cisco’s Firewall Administration Software (FMT) particularly ease the migration course of?
- What are the pre-checks that may be carried out earlier than migration happens?
- If in case you have current Firepower gadgets which have reached finish of life, and they’re managed by means of the Firepower Administration Heart (FMC), how can their configurations be migrated to newer {hardware}?
Getting began with the migration course of
With the intention to guarantee a seamless transition, there are two duties that must be accomplished even earlier than the pre-migration part. Firstly, it’s essential to determine stakeholders who will likely be impacted by migration or who have to validate the brand new firewall setting, resembling software homeowners and testing groups. Overlooking particular software testing wants might result in issues in post-migration.
Secondly, Kulkarni discusses the significance of staging the setting for readiness. This course of entails organising all the mandatory elements earlier than the migration course of begins. Key parts embrace:
- Provisioning the FMC, whether or not on-prem or digital
- Making ready the brand new Firepower Risk Protection (FTD) {hardware}
- Making certain the FMT is downloaded, put in, and suitable
Key issues for pre-migration actions
As Kulkarni mentions in his introduction, the pre-migration part is the place many of the work occurs, considerably lowering cutover downtime. Cisco’s FMT guides customers by means of configuration extractionenabling selective migration of options like entry management lists, community objects, routes, and interfaces. Most significantly, the instrument affords optimization capabilities to determine and resolve points with unreferenced objects or redundant safety guidelines, stopping a bloated configuration.
The total course of performed by the FMT is as follows:
- Extract Configuration Info
- Choose Goal(s)
- Map FTD Interface
- Map Safety Zones
- Software Mapping
- Optimize, Evaluate & Validate
- Full Migration
Furthermore, when it comes to pre-cutover validation, the FMC’s Packet Tracer permits for replaying packet captures to simulate software conduct, whereas Safety Cloud Management affords greatest apply suggestions. Collectively, these options and actions present customers with confidence that their migration course of is performing as anticipated. Kulkarni constantly stresses the significance of those options as lowering complexity and limiting cutover downtime.
After completion of the pre-migration course of, the FMT offers a complete pre-migration report offering key insights into the next areas: configuration traces with error and ignored or unreferenced parts. These elements are vital in understanding and resolving points earlier than deployment, and highlighting configurations that weren’t migrated as a result of irrelevance or lack of assist.
Submit-migration course of and migration completion
As soon as the great pre-migration work is full, the FMT initiates the configuration push to the FMC. That is the primary time the FMT actively communicates with the FMC to deploy the optimized configuration. Upon completion, the FMT generates a post-migration report, offering a abstract of things resembling: configurations which have been efficiently migrated, configurations that would not be migrated, or any manually chosen parts that had been chosen to not be migrated.
This abstract is invaluable for evaluating with the pre-migration report, highlighting variations and validating the migration’s success. Extra particulars on the configuration push and the post-migration course of could be discovered right here.
Be taught extra by watching the complete session
Kulkarni demonstrates that the transition to Cisco Safe Firewall could be easy when contemplating vital actions, utilizing Cisco’s migration instruments, and guaranteeing validation and optimization at each step. Firewall migration doesn’t should be a fancy and daunting process, and Cisco strives to verify this notion.
If you wish to study extra about Cisco Safe Firewall, or watch Raghu Kulkarni’s full session, observe the hyperlinks under.
Cisco Safe Firewall | Firewall Migration Software | AIOps for Cisco Safe Firewall
