Seamless Transition: Mastering Migration to Cisco Safe Firewall
Firewall migration is commonly seen as a posh activity that requires downtime and different operational disruptions. At Cisco Stay APJC, Principal Engineer Raghu Kulkarni, an virtually 15-year Cisco veteran, goals to shift this angle. Kulkarni demonstrates that transitioning to Cisco Safe Firewall is an easy and manageable course of when particular actions are addressed proactively. Within the session, Kulkarni explains the three phases to Firewall migration, illustrating that not all migration actions have to be carried out throughout downtime, which is what most prospects concern. In actual fact, Kulkarni particulars that round 95% of the method might be staged earlier than the precise migration happens.
Earlier than diving into the migration course of, let’s check out three helpful questions that Kulkarni solutions throughout this session:
- What are the instruments out there for migration? How does Cisco’s Firewall Administration Software (FMT) particularly ease the migration course of?
- What are the pre-checks that may be carried out earlier than migration happens?
- In case you have current Firepower units which have reached finish of life, and they’re managed via the Firepower Administration Middle (FMC), how can their configurations be migrated to newer {hardware}?
Getting began with the migration course of
In an effort to guarantee a seamless transition, there are two duties that ought to be accomplished even earlier than the pre-migration part. Firstly, it’s essential to establish stakeholders who can be impacted by migration or who have to validate the brand new firewall setting, akin to utility homeowners and testing groups. Overlooking particular utility testing wants could result in issues in post-migration.
Secondly, Kulkarni discusses the significance of staging the setting for readiness. This course of entails establishing all the required parts earlier than the migration course of begins. Key components embody:
- Provisioning the FMC, whether or not on-prem or digital
- Getting ready the brand new Firepower Menace Protection (FTD) {hardware}
- Guaranteeing the FMT is downloaded, put in, and appropriate
Key issues for pre-migration actions
As Kulkarni mentions in his introduction, the pre-migration part is the place many of the work occurs, considerably lowering cutover downtime. Cisco’s FMT guides customers via configuration extractionenabling selective migration of options like entry management lists, community objects, routes, and interfaces. Most significantly, the software presents optimization capabilities to establish and resolve points with unreferenced objects or redundant safety guidelines, stopping a bloated configuration.
The total course of performed by the FMT is as follows:
- Extract Configuration Data
- Choose Goal(s)
- Map FTD Interface
- Map Safety Zones
- Software Mapping
- Optimize, Evaluate & Validate
- Full Migration
Furthermore, by way of pre-cutover validation, the FMC’s Packet Tracer permits for replaying packet captures to simulate utility habits, whereas Safety Cloud Management presents finest observe suggestions. Collectively, these options and actions present customers with confidence that their migration course of is performing as anticipated. Kulkarni persistently stresses the significance of those options as lowering complexity and limiting cutover downtime.
After completion of the pre-migration course of, the FMT offers a complete pre-migration report offering key insights into the next areas: configuration strains with error and ignored or unreferenced components. These components are essential in understanding and resolving points earlier than deployment, and highlighting configurations that weren’t migrated on account of irrelevance or lack of help.
Publish-migration course of and migration completion
As soon as the excellent pre-migration work is full, the FMT initiates the configuration push to the FMC. That is the primary time the FMT actively communicates with the FMC to deploy the optimized configuration. Upon completion, the FMT generates a post-migration report, offering a abstract of things akin to: configurations which were efficiently migrated, configurations that would not be migrated, or any manually chosen components that have been chosen to not be migrated.
This abstract is invaluable for evaluating with the pre-migration report, highlighting variations and validating the migration’s success. Extra particulars on the configuration push and the post-migration course of might be discovered right here.
Study extra by watching the total session
Kulkarni demonstrates that the transition to Cisco Safe Firewall might be easy when contemplating essential actions, utilizing Cisco’s migration instruments, and making certain validation and optimization at each step. Firewall migration doesn’t must be a posh and daunting activity, and Cisco strives to substantiate this notion.
If you wish to be taught extra about Cisco Safe Firewall, or watch Raghu Kulkarni’s full session, comply with the hyperlinks beneath.
Cisco Safe Firewall | Firewall Migration Software | AIOps for Cisco Safe Firewall
