Onboard a Configured FDM-Managed Device using the Device's Serial Number
This procedure is for devices that have already been configured for local management. Because the device setup wizard is completed on an already configured FDM-managed device, the device is unregistered from the cloud, and you can't onboard such devices to Security Cloud Control using the zero-touch provisioning process.
If you device is brand new and has never been managed or configured, you can onboard the device with zero-touch provisioning. See Onboard a Secure Firewall Threat Defense Device With Zero-Touch Provisioning for more information.
Note | When the device is not connected to the Cisco cloud, you can see the Status LED (Firepower 1000), SYS LED (Firepower 2100), or M LED (Secure Firewall 3100) flashing alternate green and amber. |
You may have completed the device setup wizard to perform the following tasks:
-
The device must be running version 6.7 or later.
-
Configure a static IP address on the management interface of the device. If the interfaces cannot obtain the necessary dynamic IP address, or the DHCP server does not provide the gateway route, you need to configure a static IP address.
-
Obtain an address using PPPoE and configure the outside interface.
-
Manage the device running version 6.7 or later device using Secure Firewall device manager or Secure Firewall Management Center.
-
You have an active SecureX account. If you do not have a SecureX account, see SecureX and Security Cloud Control for more information.
-
Your Security Cloud Control and SecureX account are merged. See Link Your Security Cloud Control and SecureX or Cisco XDR Tenant Accounts for more information.
Important | You can switch the manager of a Secure Firewall Threat Defense device from Secure Firewall device manager to Secure Firewall Management Center, or the other way. Perform the steps explained in the Switching Between Local and Remote Management section of the "System Management" chapter of the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager for the version the device runs. |
If you want to onboard devices, perform the following:
Procedure
Step 1 | Review the prerequisites for onboarding here Procedure for Onboarding FDM-Managed Device using Device Serial Number. |
Step 2 | In the Secure Firewall device manager UI, navigate to and select the Auto-enroll with Tenancy from Cisco Security Cloud Control option and click Register. |
Step 3 | Log in to Security Cloud Control. |
Step 4 | In the navigation pane, click Security Devices. |
Step 5 | Click the FTD tile. |
Step 6 | On the Onboard FTD Device screen, click Use Serial Number. |
Step 7 | In the Select FMC step, use the drop-down menu to select an on-premises management center that has already been onboarded to Security Cloud Control. Click Next. The on-premises management center must be running version 7.4 or higher. If you do not have an on-premises management center onboarded, click +Onboard On-Prem FMC for the onboarding wizard. |
Step 8 | In the Connection step, enter the device's serial number and device name. Click Next. |
Step 9 | If the device is not brand new and has already been configured for management, select Yes, this new device has never been logged into or configured for a manager for the Password Reset. Click Next. |
Step 10 | For Policy Assignment, use the drop-down menu to select a access control policy to be deployed once the device is onboarded. If you do not have a customized policy, Security Cloud Control auto-selects the default access control policy. Click Next. |
Step 11 | Select all licenses you want to apply to the device. Click Next. |
Security Cloud Control changes the device Connectivity status changes to "Online" and the Configuration status changes to the "Synced" state. The FDM-managed device is onboarded to Security Cloud Control. You can see the Status LED (Firepower 1000), SYS LED (Firepower 2100), or M LED flashing green on the rear panel of the hardware. The device LED continues to flash in green when it's connected to Cisco Cloud. If the device can't connect to the Cisco cloud or loses its connectivity after being connected, you can see the same status LED flash alternate green and amber.