Onboarding Overview

Supported Devices

You can onboard the following device models:

  • Firepower 1000 series

  • Firepower 2100 series

  • Secure Firewall 3100 series

  • Firepower 4100/9300 series

  • ISA 3000

  • Secure Firewall Threat Defense Virtual

Supported Use Cases

Cloud-Delivered Firewall Management Center currently supports the following device scenarios for onboarding:

  • A device managed by FDM.

  • A device managed by an On-Prem Firewall Management Center.

    If you already have a threat defense device that is managed by an On-Prem FMC you can migrate the device for cloud management. See Migrate Secure Firewall Threat Defense to Cloud for more information.

  • A device that is new, and has never been configured or registered to a manager.

Onboarding a device for cloud-delivered Firewall Management Center will remove any policies, rules, and objects configured through the On-Prem FMC prior to onboarding. If you do not know if your device is already managed by an alternative manager, use the show managers command in the device's CLI.

Onboarding Methods

Cloud-Delivered Firewall Management Center supports the following onboarding methods:

  • Registration Key - Onboard a device with a registration key. The initial device setup wizard is complete on the device.

  • Serial Number - Onboard a device that has already been initially configured with its serial number. This procedure is a simplified method of onboarding the Firepower 1000, 2100, or 3100 series devices. To onboard the device, you need the chassis serial number or PCA serial number of the device and ensure that the device is added to a network that can reach the internet.

  • Low-touch Provisioning - Onboard a new factory shipped device where the initial device setup wizard has not been performed on the device.


    Version 7.0.3 does not support low-touch provisioning.