Skip to main content

 

 

Cisco Defense Orchestrator

Onboard Secure Firewall Cloud Native

This procedure assumes a Secure Firewall Cloud Native firewall is already deployed on Kubernetes and the firewall is available for onboarding.

Onboarding a Secure Firewall Cloud Native includes two steps:

  1. Obtain Location and Token of Kubernetes Cluster.
  2. Onboard Secure Firewall Cloud Native to CDO.
Before you begin

To onboard to CDO, you need to have administrator access to the Secure Firewall Cloud Native running in AWS. Refer to the "AWS Getting Started section" of "The Cisco Secure Firewall Cloud Native Getting Started Guide".

Obtain Location and Token of Kubernetes Cluster

This procedure describes how to obtain the information you need about a running Secure Firewall Cloud Native cluster from AWS in order to onboard the cluster (or tenants) to CDO. (Optional) You can use the kubectl command line tool to collect this information.

  1. Sign in to the AWS Management Console and open the AWS CloudFormation console at https://console.aws.amazon.com/cloudformation.
  2. On the CloudFormation > Stacks page of the CloudFormation console, select the stack name.
    CloudFormation displays the stack details for the selected stack.
  3. Choose the Outputs tab to copy the required information to onboard the Secure Firewall Cloud Native to CDO. We recommend temporarily pasting the copied information into a note until you are ready to use them:
    • ClusterEndpoint ― Copy the cluster endpoint URL, which corresponds to the location in AWS.

      For example: https://6759987E2CE4580D5.sk1.us-east-1.eks.amazonaws.com

    • CDOToken ― Copy the CDO token required for authenticating the Secure Firewall Cloud Native.

    • Namespace ― Copy the namespace that corresponds to the cluster or tenant. You can find the namespace on the Parameters tab.

The default namespace for the system is sfcn-system, and this is user-configurable during the stack creation. In a multi-tenant deployment, each tenant also has a user-configurable namespace.

Onboard Secure Firewall Cloud Native to CDO

  1. In the navigation pane, click Devices & Services and click the blue plus button blue_cross_button.png .
  2. Click Secure Firewall Cloud Native.
  3. In the Device Name step, select the SDC from which the cluster is reachable and enter a name in the Device Name field. This could be the hostname of the cluster or any other name you choose. 
  4. Click Next.
  5. In the Token step, enter the Kubernetes information copied:
    • Cluster Endpoint: Provide the ClusterEndpoint information copied from AWS.
    • Namespace: Provide the Namespace information copied from AWS.
    • Token: Provide the CDOToken information copied from AWS. 

Note: You can onboard SFCNs belonging to the same Kubernetes cluster, where the namespaces are different but the location is the same.

  1. Click Next
  2. In the Done step, you can add a device label and click Go to Devices & Services page. For more information, see Labels and Filtering.
  • Was this article helpful?