Add a Standalone Threat Defense for the Security Cloud Control
You can use Security Cloud Control with both native and container instances. Standalone logical devices work either alone or in a High Availability pair.
Before you begin
-
Download the application image you want to use for the logical device from Cisco.com, and then that image to the Firepower 4100/9300.
NoteFor the Firepower 9300, you can install different application types (ASA and Firewall Threat Defense) on separate modules in the chassis. You can also run different versions of an application instance type on separate modules.
-
Configure a management interface to use with the logical device. The management interface is required. Note that this management interface is not the same as the chassis management port that is used only for chassis management.
-
You must also configure at least one Data type interface.
-
You must onboard the FTD device in Security Cloud Control.
-
Gather the following information:
-
Interface IDs for this device
-
Management interface IP address and network mask
-
Gateway IP address
-
DNS server IP address
-
Threat Defense hostname and domain name
-
Security Cloud Control onboard string
-
Firewall Threat Defense hostname and domain name
-
Procedure
Step 1 | Save the configuration. commit-buffer The chassis deploys the logical device by downloading the specified software version and pushing the bootstrap configuration and management interface settings to the application instance. Check the status of the deployment using the show app-instance command. The application instance is running and ready to use when the Admin State is Enabled and the Oper State is Online. Example: |
Step 2 | See the Security Cloud Control configuration guide to start configuring your security policy. |