Migrate FTD to Cloud Procedure

Before you begin

Before you begin the process, ensure that the following prerequisites are met:

  • A provisioned CDO tenant.

  • CDO is registered with Smart License.

  • The FMC is onboarded to CDO. Onboarding the FMC also onboards all the FTD devices registered to that FMC. See Onboard an FMC.

    Note

    Create a new user in the FMC with Administrator role or a custom user role with "Devices" and "System" permissions for onboarding purpose.

    Caution

    If you onboard an FMC to CDO and simultaneously sign in to that on premise FMC with the same user name, the onboarding fails.

  • The FTD devices must be synchronized and have no pending changes on them. The migration job fails on a device if CDO identifies pending changes on that device.

  • FMC should allow outbound HTTP/HTTPs to upload configurations to Amazon S3.

  • CDO imports Syslog alert object used in the access control policy from the FMC. If CDO already contains an alert object with the same name but a different type (SNMP, Email), it is reused during configuration import.

    The user must check whether the Syslog object name matches the existing SNMP or Email alert object in CDO. If the name matches, you must rename the Syslog object in the on premise FMC before starting the migration process.

Procedure

Step 1

In the navigation bar on the left, click Tools & Services > Migrations > Migrate FTD to Cloud.

Step 2

Click icon to initiate the FTD migration process.

Note
You can initiate only one migration job at one time.
Step 3

In the Select FMC step, you can click the Onboard an FMC link to onboard the on premise FMC if not done already. See Onboard an FMC

Step 4

Select the FMC from the available list and click Next. You will see the FTD devices that the selected FMC manages.

Step 5

In the Select Devices step, select the FTD devices to be migrated.

Note

The devices running on the unsupported versions are not available for selection.

Step 6

In the Select Devices step, you can perform the following:

Note

The devices that are registered for analytics only with the FMC or have pending changes to be deployed are not eligible for migration.

  1. Select the devices you want to migrate.

    Note

    CDO allows the selection of only the active device in a high availability pair. After the active device's manager is changed successfully, CDO automatically changes the standby device's manager and retains the high availability configuration on the devices.

  2. In the Multi-Device Action list, you can choose a common action to apply on all devices.

  3. In the Action column, you can choose one of the following actions for the selected device:

    • Retain on OnPrem FMC for Analytics: After the migration process is completed, the analytics management for selected FTD devices is retained on the FMC.

    • Delete FTD from OnPrem FMC: After the migration process is completed, the selected devices are removed from the FMC and are available for CDO to handle the analytics. You must configure the devices to send events to CDO for managing analytics. Once the devices are deleted from the FMC, they cannot be revoked.

      Note

      The device is not deleted from the FMC unless the changes are committed, either automatic or manual.

Note

The actions specified here are committed automatically after 14 days evaluation period or after the changes are committed manually.

Step 7

Click Migrate FTD to Cloud.

Step 8

Click View Migration to Cloud Progress to see the progress of your job.

What to do next

You can view the overall and individual status of migration jobs and generate a report when a job is completed successfully. See View FTD Migration Jobs.