Managing Cisco Secure Firewall Threat Defense Devices with Cloud-Delivered Firewall Management Center

The cloud-delivered Firewall Management Center is a software-as-a-service (SaaS) product that manages Secure Firewall Threat Defense devices and is delivered via Cisco Defense Orchestrator (CDO). The cloud-delivered Firewall Management Center offers many of the same functions as an on-premises Secure Firewall Management Center.

The cloud-delivered Firewall Management Center has the same appearance and behavior as an on-premises Secure Firewall Management Center and uses the same FMC API.

As a SaaS product, the Cisco Defense Orchestrator (CDO) operations team is responsible for deploying and maintaining cloud-delivered Firewall Management Center software. As new features are introduced, the CDO operations team updates your CDO tenant's cloud-delivered Firewall Manager Center for you.

A migration wizard is available to help you migrate your Secure Firewall Threat Defense devices from your on-premises Secure Firewall Management Center to the cloud-delivered Firewall Management Center. The devices must have Threat Defense software Version 7.0.3 or a later 7.0.x release, or Version 7.2 or later installed to be migrated. Threat Defense 7.1 releases are not supported.

Onboarding Secure Firewall Threat Defense devices is carried out in CDO using familiar processes such as onboarding a device with its serial number or using a CLI command that includes a registration key. Once the device is onboarded, it is visible both CDO and in the cloud-delivered Firewall Management Center, however, you configure the device in the cloud-delivered Firewall Management Center.

CDO provides high availability support for the threat defense devices that it manages through the data interface. This feature is supported for devices running software version 7.2 or later.

You can analyze syslog events generated by your onboarded threat defense devices using Security Analytics and Logging (SaaS) or Security Analytics and Logging (On-Premises). The SaaS version stores events in the cloud and you view the events in CDO. The on-premises version stores events in an on-premises Secure Network Analytics appliance and analysis is done in the on-premises Secure Firewall Management Center. In both cases, just as with an on-premises FMC today, you can still send logs to a log collector of your choice directly from the sensors.

The license for cloud-delivered Firewall Management Center is a per-device-managed license and there is no license required for the cloud-delivered Firewall Management Center itself. Existing Secure Firewall Threat Defense devices re-use their existing smart licenses and new Secure Firewall Threat Defense devices provision new smart licenses for each feature implemented on the FTD.

Existing customers can continue to use CDO for managing other device types like, the Secure Firewall ASA, Meraki, Cisco IOS devices, Secure Firewall Cloud Native, Umbrella, and AWS virtual private clouds. If you use CDO to manage a Secure Firewall Threat Defense device configured for local management with Firepower Device Manager, you can continue to manage them with CDO as well.