Onboarding Overview

Review the supported models and use cases for cloud-delivered Firewall Management Center.

Supported Devices

You can onboard the following device models:

  • Firepower 1000 series

  • Firepower 2100 series

  • Secure Firewall 3100 series

  • Firepower 4100 series

  • Firepower 9300 series

  • ISA 3000

  • Secure Firewall Threat Defense Virtual

Supported Use Cases

Cloud-Delivered Firewall Management Center currently supports the following device scenarios for onboarding:

  • Devices must be running version 7.0.3, or 7.2.0 and later. To see all supported versions and product compatibility, see Firepower Threat Defense Compatibility Guide for more information.

  • A device configured for local management to be managed by FDM. The device may or may be be logged into prior to onboarding. For devices that have not been logged into, you can onboard the device with low-touch provisioning.

    Note

    If you onboard an FDM-managed device to the cloud-delivered Firewall Management Center, you can no longer manage device with the FDM.

  • A device managed by an on-prem management center.

    If you already have a threat defense device that is managed by an on-prem management center you can migrate the device for cloud management. See Migrate Secure Firewall Threat Defense to Cloud for more information.

Note

The following scenarios occur when you either move or migrate a device to cloud-delivered Firewall Management Center:

  • If you delete a device from an on-prem management center or Secure Firewall Threat Defense FDM to onboard to the cloud-delivered Firewall Management Center, the change of managers wipes any policies configured through the on-prem management center.

  • If you migrate a device from an on-prem management center to the cloud-delivered Firewall Management Center, the device retains the majority of your previously configured policies.

If you do not know if your device is already managed by an alternative manager, use the show managers command in the device's CLI.

Onboarding Methods

Cloud-Delivered Firewall Management Center supports the following onboarding methods:

  • Registration Key - Onboard a device with a registration key. The initial device setup wizard is complete on the device.

  • Low-touch Provisioning - Onboard a new factory-shipped device where the initial device setup wizard has not been performed on the device. Note that this method only supports Firepower 1000, Firepower 2100, or Secure Firewall 3100 devices.

    Note

    Version 7.0.3 does not support low-touch provisioning.

  • Serial Number - Onboard a device that has already been initially configured with its serial number. Note that this method only supports Firepower 1000, Firepower 2100, or Secure Firewall 3100 devices.

    Note

    Version 7.0.3 does not support onboarding with a serial number.