Migrating Microsoft Azure Native Firewall with the Firewall Migration Tool in Security Cloud Control

Select Source Configuration

On the Select Source Configuration page, choose Microsoft Azure and click Start Migration. Click Upload to choose the Azure configuration file and click Next.

Select Target

In the Select Target page, select the cloud-delivered Firewall Management Center provisioned on your Security Cloud Control tenant, and the threat defense devices managed by that management center are listed. You can choose the threat defense device you wish to migrate the configuration to, and proceed with the migration.

Note that the threat defense devices listed are displayed either as In Use or Available based on whether the device is being used in another migration instance. However, you can perform an override by clicking Change Device Status, selecting the device from the In Use list, and clicking Continue, which will make the device available for being selected as the target. Choosing Proceed without FTD pushes only NAT objects, ACLs, and port objects to the cloud-delivered Firewall Management Center. For more information about the commonly used ASA features and their equivalent threat defense features, see Cisco Secure Firewall ASA to Threat Defense Feature Mapping guide.

The flowchart that follows illustrates the step-by-step procedure for migration of Azure firewall configurations to threat defense devices:

To perform the procedure with more detailed steps, continue to Export the Configuration from Microsoft Azure Native Firewall in Migrating Microsoft Azure Native Firewall to Cisco Secure Firewall Threat Defense with the Migration Tool guide.

	Workspace	Steps
	Security Cloud Control	Log in to your Security Cloud Control tenant, and in the left pane, click Administration > Migration > Firewall Migration Tool and click the blue plus button to start provisioning a new migration instance.
	Security Cloud Control	After your migration instance is ready, click Launch and choose Microsoft Azure.
	Azure Firewall	Export the Azure configuration to the local system. To export the configuration from Azure firewall, see Export the Configuration from Microsoft Azure Native Firewall.
	Secure Firewall Migration Tool	Upload the Azure configuration file exported from Azure firewall, see Upload the Microsoft Azure Configuration File.
	Secure Firewall Migration Tool	In this step, you can specify the destination parameters for the migration. For detailed steps, see Specify Destination Parameters for the Secure Firewall Migration Tool.
	Secure Firewall Migration Tool	Navigate to where you downloaded the pre migration report and review the report. For detailed steps, see Review the Pre-Migration Report.
	Secure Firewall Migration Tool	Optimize and review the configuration carefully and validate that it is correct and matches how you want to configure the threat defense device. For detailed steps, see Optimize, Review and Validate the Configuration to be Migrated.
	Secure Firewall Migration Tool	This step in the migration process sends the migrated configuration to management center and allows you to download the post-migration report. For detailed steps, see Push the Migrated Configuration to Management Center.
	Local Machine	Navigate to where you downloaded the post migration report and review the report. For detailed steps, see Review the Post-Migration Report and Complete the Migration.
	Cloud-Delivered Firewall Management Center	Deploy the migrated configuration from the cloud-delivered Firewall Management Center to threat defense.