Assign an FDM-Managed Device Interface to a Security Zone

Before you Begin

An interface has the following limitations when adding a security zone:

• The interface must have a name.

• The interface cannot be management-only. This option is enabled and disabled from the Advanced tab of the interface.

• You cannot assign a security zone to a bridge group interface.

• You cannot assign a security zone to an interface configured for switchport mode.

• CDO does not currently support the management, monitoring, or use of Virtual Tunnel Interface (VTI) tunnels on ASA or FDM-managed devices. Devices with configured VTI tunnels can be onboarded to CDO but it ignores VTI interfaces. If a security zone or static route references a VTI, CDO reads the security zone and static route without the VTI reference. CDO support for VTI tunnels is coming soon.