User Identity Migration Guidelines and Limitations for Threat Defense Devices
Before you migrate an on-premises Threat Defense to Cloud-delivered Firewall Management Center, you must prepare and also deploy as soon as possible after the migration if any access control policies reference identity objects discussed in this topic. To confirm, click and examine your access control policies and rules.
If none of your access control policies reference identity objects (in particular, users and groups), you can ignore these guidelines.
Before migrating
Before migrating, on the On-Prem Firewall Management Center, click and see if you have any Cisco ISE/ISE-PIC or Passive Identity Agent identity sources defined.
-
If you have Cisco ISE/ISE-PIC or Passive Identity Agent identity sources defined, create the Cisco ISE/ISE-PIC identity sources on Cloud-delivered Firewall Management Center then migrate the device as discussed in the following paragraphs.
-
If no Cisco ISE/ISE-PIC or Passive Identity Agent identity sources are defined, migrate the device as discussed in the following paragraphs.
Migrate the device
Migration is discussed in About Migrating Threat Defense to Cloud-delivered Firewall Management Center. To avoid traffic disruption, when you migrate the device, we strongly recommend you either:
-
Check the Auto deploy to FTDs after successful migration check box.
-
Deploy policies immediately after migration is complete.