Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1038
Views
0
Helpful
5
Replies

Secure Firewall Migration Tool - Login Issue?

fabiobustamante
Level 1
Level 1

‎07-24-2023 02:46 PM

Hi, 

Does anyone know if we need something special on our CCO account in order to use the Secure Firewall Migration Tool? I have installed it, and as soon as I run it, it opens a browser and asks me to authenticate. Afterwards, I got a message saying 

"http://localhost:8888/api/callback?state=08BLTKF6MVHVHZ1918PO&error=access_denied&error_description=User+is+not+assigned+to+the+client+application."

And I basically cannot login, so I never get any option to use it. It looks as if I was not authorized, but I couldn't find any specific requirements to use it.

 

 

2 people had this problem
Labels:
Preview file
151 KB
0 Helpful
5 Replies 5

Divya Jain
Cisco Employee
Cisco Employee

‎08-11-2023 02:13 AM

Hi,
usually  FMT will try to login using Secure-X only for Telemetry, Success Network and stats Cisco wants to collect. This is not required to use FMT.
https://www.cisco.com/c/en/us/td/docs/security/firepower/migration-tool/migration-guide/ASA2FTD-with-FP-Migration-Tool/b_Migration_Guide_ASA2FTD_chapter_01011.html#id_68188
 

To share statistics with Cisco Success Network, click the Login with CCO link to login to your Cisco.com account using your single-sign on credentials. As this is not needed for FMT functionalities, please login using the default credentials.

Username: admin
Password: Admin123

+ This should help you out to using the Firepower Migration Tool.

 

 

 

 

-----------------------------------------
If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.

You can also learn more about Secure Firewall (formerly known as NGFW) through our live Ask the Experts (ATXs) session. Check out Cisco Network Security ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-network-security-ask-the-experts-resources/ta-p/4416493] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
-----------------------------------------

 

 

 

 

 

Regards

Divya Jain

0 Helpful

fabiobustamante
Level 1
Level 1

‎08-11-2023 06:42 AM

HI Divya

Unfortunately the latest version of FMT don't allow to login locally. It is mandatory to login with CCO. I tried version 4.3 and version 5.0, I get the same results with both. On another forum someone said it is necessary to have a valid Firepower contract in order to use the tool. I'm not sure if that could be the issue... because as I said before, no mather what I try, I never manage to use the tool.

Fabio

0 Helpful

Divya Jain
Cisco Employee
Cisco Employee
In response to fabiobustamante

‎08-18-2023 12:26 AM

Hi Fabio,
 

For ver - 4.0.2-8326

The below steps worked :

 

FMT will try to login using Secure-X only for Telemetry, Success Network and stats Cisco wants to collect. This is not required to use FMT. https://www.cisco.com/c/en/us/td/docs/security/firepower/migration-tool/migration-guide/ASA2FTD-with-FP-Migration-Tool/b_Migration_Guide_ASA2FTD_chapter_01011.html#id_68188 

 

To share statistics with Cisco Success Network, click the Login with CCO link to login to your Cisco.com account using your single-sign on credentials. As this is not needed for FMT functionalities, please login using the default credentials. 

 

Username: admin Password: Admin123

 

For the above steps :

 

** delete your current FMT install and reinstall

**  This time, when you do the launch a clean version of FMT and the EULA comes up, scroll to the bottom of the EULA and deselect ‘Enable Cisco Success Network’, then check that you agree with the EULA and click ‘Proceed’.

 

Then you can try login again.

 

 

+++Additional thing to check :

Make sure you cisco account has admin privelages.

 

 

 

 

 

 

 

-----------------------------------------
If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.

You can also learn more about Secure Firewall (formerly known as NGFW) through our live Ask the Experts (ATXs) session. Check out Cisco Network Security ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-network-security-ask-the-experts-resources/ta-p/4416493] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
-----------------------------------------

 

 

 

 

 

 

 

Regards,

Divya Jain
 

0 Helpful

glsparks
Level 1
Level 1

‎01-23-2024 08:11 AM

What are the URL's or IP's to get this to work through a Firewall. A wildcard to *.cisco.com doesn't even seem to be enough.

0 Helpful

eappelboom
Level 1
Level 1
In response to glsparks

‎04-22-2024 11:37 PM

One needs to set http_proxy=  and https_proxy= in the windows system environment variables in order for FMT 6.x to reach https://sign-on.security.cisco.com/oauth2/

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card