Onboarding Overview

Review the following use cases and supported sofware versions that are compatible with cloud-delivered Firewall Management Center management.

Threat Defense Devices Currently Managed by FDM-Managed

Cloud-delivered Firewall Management Center currently supports the following device scenarios for onboarding:

You can only onboard a threat defense device that is managed by FDM-managed.

  • Devices must be running version 7.0.3, or 7.2.0 and later. To see all supported versions and product compatibility, see Secure Firewall Threat Defense Compatibility Guide for more information.

  • A device configured for local management to be managed by device manager. The device may or may not be logged into prior to onboarding. For devices that have not been logged into, you can onboard the device with low-touch provisioning.

    Note

    If you onboard an FDM-managed device to the cloud-delivered Firewall Management Center, you can no longer manage the device with the device manager.

  • A device managed by an on-prem management center.

    If you already have a threat defense device that is managed by an on-prem management center you can migrate the device for cloud management. See Migrate Secure Firewall Threat Defense to Cloud for more information.

Threat Defense Devices Currently Managed by Cloud-delivered Firewall Management Center

The following scenarios occur when you either move or migrate a device to the cloud-delivered Firewall Management Center:

  • If you delete a device from an on-prem management center or Secure Firewall Threat Defense device manager to onboard to the cloud-delivered Firewall Management Center, the change of managers wipes any policies configured through the on-prem management center.

  • If you migrate a device from an on-prem management center to the cloud-delivered Firewall Management Center, the device retains the majority of your previously configured policies.

Note

If you do not know if your device is already managed by an alternative manager, use the show managers command in the device's CLI.

Onboarding Methods

Cloud-delivered Firewall Management Center supports the following onboarding methods:

  • Registration Key - Onboard a device with a registration key. The initial device setup wizard is complete on the device.

  • Low-touch Provisioning - Onboard a new factory-shipped device where the initial device setup wizard has not been performed on the device. Note that this method only supports Firepower 1000, Firepower 2100, or Secure Firewall 3100 devices.

    Note

    Version 7.0.3 does not support low-touch provisioning.

  • Serial Number - Onboard a device that has already been initially configured with its serial number. Note that this method only supports Firepower 1000, Firepower 2100, or Secure Firewall 3100 devices.

    Note

    Version 7.0.3 does not support onboarding with a serial number.