Cisco Security Migration

Migrating policies (rules) from the legacy firewall (or competitor’s firewall) to the next generation firewall (Cisco’s ASA)
Project Background
When a firewall reaches end of life, the hardware is upgraded. During the upgrade, policies (rules) from the previous firewall are migrated to the new firewall. This migration was facilitated by the tool that I was working on, Firepower Migration Tool.
Duration
Aug 2018 - Sept 2019
Tools Used
Sketch, InVision, Zeplin
Firepower Migration Tool reached >10K downloads in 10 months
Scope of the project
>6 Million Cisco’s ASA (Firewall) have been sold and counting… Our tool helps them in migrating the policies. The migration business is touching 3 figures (~ $1bn).
My role
I worked as a sole Interaction Designer on the Firepower Migration Tool. I was responsible for the flows, interactions and overall user experience of the tool.
Whom did I work with
The project demanded to work in an agile environment. So, I worked in collaboration with various teams including Research, Engineering, Project Management, Testing, Business Unit, and Legal.
Project Brief
Security Migration is about migrating policies (rules) from the legacy firewall (or competitor’s firewall) to the next generation firewall (Cisco’s ASA), through Firepower Management Center (FMC), using Firepower Migration Tool (FMT).

Our team worked on the design and development of FMT.
Read more on Cisco’s page
Prototype
Can’t share the actual files because of NDA. So, I have created blockframes using Figma to show the interactions and flow of the tool.
Access the blockframe prototype
Or copy-paste in a new tab: https://bit.ly/3561XTf
Users
There were two sets of users of this tool. First, Cisco's Network Consulting Engineers who worked on customers' site. Other set were our customers' Network Engineers, who operated migration process independently.
Cisco's Network Consulting Engineer
Cisco's Network Consulting Engineer would go to the premise of client and provide the support there. He would be responsible for completing the migration.
Customer’s Network Engineer
Network Consulting Engineer from the customer side would have the admin rights to use the tool. She would be responsible for migration if they don’t have the support from Cisco.
Blockframes of the tool
I have tried to use blockframes where I have hidden the content and tried to show the structure, interaction and the flow of the tool, without violating the NDA.
Login for the First Time
1st time experience for the users
Review and accept the End User License Agreement
Carousel would give a sneak-peak into the tool
Refer to the tool documentation
Upload/ Extract Source Information
Connect directly to live ASA or upload config files
Supports the policy extraction from Cisco ASA and competitors including Checkpoint and Palo Alto Networks
Select Context in case of showtech file
Quick parsing of the config files would show Interfaces, Routes, ACL and NAT.
Upload/ Extract Source Information
Connect directly to live ASA or upload config files
Supports the policy extraction from Cisco ASA and competitors including Checkpoint and Palo Alto Networks
Select Context in case of showtech file
Quick parsing of the config files would show Interfaces, Routes, ACL and NAT.
Connect to Firepower Management Center
Manage and push policies it to Firepower Management Center
Get feedback when you connect to the FMC
Accordion view groups the content
Initiate complete parsing of configuration file and download pre-migration report
Map FTD Interface
Maps physical interface of the firewall
Easy mapping of the physical interface of firewall in the tabular view
This step would be skipped if FTD not selected in previous step
Map FTD Interface
Maps physical interface of the firewall
Easy mapping of the physical interface of firewall in the tabular view
This step would be skipped if FTD not selected in previous step
Map Security Zones and Interface Groups
Grouping helps network to manage and classify traffic flow.
Auto create the mapping and review in the tabular structure
New groups created would be pushed to the Firepower Management Center
Review and Validate
Showing all configurations including ACL, NAT, Interfaces and Routes
Search and filter for the policies and take action on them, if required
Have an option to do inline filtering of data
Use expand option to view only tabular data in the viewport
Review and Validate
Showing all configurations including ACL, NAT, Interfaces and Routes
Search and filter for the policies and take action on them, if required
Have an option to do inline filtering of data
Use expand option to view only tabular data in the viewport
Push Configuration
Final step in the process of migration
Push the configuration to start the migration process
Get the progress through progress bar and individual statuses of configurations
Once migration completes/fails, get the summary and download full report.
Working Style
I closely worked with the Product Manager, Engineering Team, Legal Team and Customers while designing Firepower Migration Tool.
Information Architecture
Here's the basic IA for the tool. There were many features added later on which are not included in this IA.
Impact
Firepower Migration Tool reached >10K downloads in 10 months
Customer Quotes
"Pretty handy tool to help out with the bulk of the policies - and making sure policies are not forgotten."
"Firepower Migration Tool makes migration delightful."
"So much better than the laborious method of doing it manually when the FTD firewalls first came out."
Thank you for reading!
Crafted on
(Figma)
and Developed on
(Webflow)