Onboard a Secure Firewall Threat Defense Cluster
Note | If you must delete a cluster, delete the cluster from the CDO Inventory page. See Delete Devices from Cloud-delivered Firewall Management Center for more information. |
The following table provides information about device models that support cluster onboarding and creation on the cloud-delivered Firewall Management Center:
Secure Firewall Threat Defense Platforms |
Minimum Secure Firewall Threat Defense Version for Cluster Management |
Support cluster creation from cloud-delivered Firewall Management Center? |
---|---|---|
VMware, KVM |
7.2.1 |
Yes |
AWS, GCP |
7.2.1 |
No |
Azure |
7.3 |
No |
Secure Firewall 3100 |
7.2.1 |
Yes |
Firepower 4100 |
7.0.6 |
No |
Secure Firewall 4200 |
7.4 |
Yes |
Firepower 9300 |
7.0.6 |
No |
Before you begin
Read through the following limitations:
-
Firepower 4100 and Firepower 9300 devices must be clustered through the device's chassis manager.
-
Secure Firewall 3100 devices, Secure Firewall 4200 devices, KVM, and VMware environments must be clustered through the Secure Firewall Management Center UI.
-
Azure, AWS, and GCP environment clusters must be created through their own environment and onboarded to Secure Firewall Management Center.
Procedure
Step 1 | Log in to CDO. |
Step 2 | In the left pane, click Inventory. |
Step 3 | Click the FTD tile. |
Step 4 | Under Management Mode, ensure you select FTD. By selecting FTD under Management Mode, you will not be able to manage the device using the previous management platform. All existing policy configurations except for interface configurations will be reset. You must re-configure policies after you onboard the device. |
Step 5 | Select Use CLI Registration Key. |
Step 6 | Enter the device name in the Device Name field and click Next. |
Step 7 | In the Policy Assignment step, use the drop-down menu to select an access control policy to deploy once the device is onboarded. If you have no policies configured, select the Default Access Control Policy. |
Step 8 | Specify whether the device you are onboarding is a physical or virtual device. If you are onboarding a virtual device, you must select the device's performance tier from the drop-down menu. |
Step 9 | Select the subscription licenses you want to apply to the device. Click Next. |
Step 10 | CDO generates a command with the registration key. Paste the entire registration key as is into the device's CLI. |
Step 11 | (Optional) Add labels to your device to help sort and filter the Inventory page. Enter a label and select the blue plus button. Labels are applied to the device after it's onboarded to CDO. |
What to do next
-
If you did not already, create a custom access control policy to customize the security for your environment. See Access Control Overview in Managing Firewall Threat Defense with Cloud-Delivered Firewall Management Center in Cisco Defense Orchestrator for more information.
-
Enable Cisco Security Analytics and Logging (SAL) to view events in the CDO dashboard or register the device to an Secure Firewall Management Center for security analytics. See Cisco Security Analytics and Logging in Managing Firewall Threat Defense with Cloud-Delivered Firewall Management Center in Cisco Defense Orchestrator for more information.