Before you begin
Before you begin the process, ensure that the following prerequisites are met:
A provisioned CDO tenant.
CDO is registered with Smart License.
The management center is onboarded to CDO. Onboarding the management center also onboards all the threat defense devices registered to that management center. See Onboard an FMC.Note
Create a new user in the management center with Administrator role or a custom user role with "Devices" and "System" permissions for onboarding purposes.Caution
If you onboard an on-prem management center to CDO and simultaneously sign in to that on-prem management center management center with the same user name, the onboarding fails.
The threat defense devices must be synchronized and have no pending changes on them. The migration job fails on a device if CDO identifies pending changes on that device.
Management Center should allow outbound HTTP/HTTPS to upload configurations to Amazon S3.
CDO imports Syslog alert object used in the access control policy from the management center. If CDO already contains an alert object with the same name but a different type (SNMP, Email), it is reused during configuration import.
The user must check whether the Syslog object name matches the existing SNMP or Email alert object in CDO. If the name matches, you must rename the Syslog object in the on premise management center before starting the migration process.
If you attempt to migrate firewalls with modified system defined FlexConfig text objects from an on-prem management center to the cloud-delivered Firewall Management Center, the values of the modified system defined FlexConfig text objects are not migrated to the cloud-delivered Firewall Management Center, and the deployment will fail.
To avoid this, perform these tasks before you start the migration:
Copy the modified system defined FlexConfig text object values from the on-prem management center to cloud-delivered Firewall Management Center before migration.
Initiate migration from on-prem management center to cloud-delivered Firewall Management Center after verifying the predefined FlexConfig text objects.
In the navigation bar on the left, click Tools & Services > Migrations > Migrate FTD to Cloud.
Click icon to initiate the threat defense migration process.
In the Select OnPrem FMC step, perform the following:
In the Select Devices step, you will see the threat defense devices that the selected management center manages.
The Last Synced time field indicates the time elapsed since the device configuration synchronized into the management center. You can click Sync from OnPrem FMC Now to fetch the latest device changes.
In the Select Devices step, perform the following:
Click Migrate FTD to Cloud.
Click View Migration to Cloud Progress to see the progress of your job.