Before onboarding an ASA FirePOWER module, you will need the right kind of SDC to manage it. Consider these three types of ASA FirePOWER module deployments:
If the ASA's management interface uses a public IP address and the ASA FirePOWER module's management interface uses a public IP address, then you can manage the ASA FirePOWER module with Cisco Defense Orchestrator in the cloud.
If the ASA's management interface uses a private IP address and the ASA FirePOWER services module's management interface uses private IP addresses, then you must use an on-premise Secure Device Connector to manage the device. See Deploying an On-Prem CDO Secure Device Connector (SDC) for more information.
If the ASA's management interface has a public address and the ASA FirePOWER module's management interface uses a private IP address, you will need to create a NAT rule to connect the two interfaces. In this case, use the Enabling FirePOWER Services on your ASA procedure.
- Onboard the ASA running the ASA FirePOWER module using the Onboarding Devices and Services procedure. If the ASA FirePOWER module is installed on an ASA running in multi-context mode, onboard the ASA in the admin context.
- In CDO, click Devices & Services, and select the ASA you just onboarded. If the ASA is in multi-context mode, select the IP address for the admin context.
- Click the button in the details pane.
- In the Connect to Device dialog, provide a username and password of an ASA user. If the ASA is in multi-context mode, choose a user with system administrator privileges, level 15. When the ASA is running in multi-context mode, you need the user you choose to have system administrator privileges in order to switch from the admin context to system context.
- Click Connnect.
- Apply a label if you want and click Finish.