Welcome to Cisco Security Cloud Control
What's New for Cisco Security Cloud Control
November 2024
November 21, 2024
Welcome to Security Cloud Control
November 7, 2024
October 2024
October 17, 2024
September 2024
September 13, 2024
September 5, 2024
August 2024
August 23, 2024
August 8, 2024
June 2024
June 27, 2024
June 20, 2024
June 13, 2024
June 6, 2024
May 2024
May 30, 2024
May 23, 2024
May 16, 2024
April 2024
April 25, 2024
April 18, 2024
March 2024
March 07, 2024
February 2024
February 13, 2024
January 2024
January 25, 2024
December 2023
December 14, 2023
December 07, 2023
November 2023
November 30, 2023
November 14, 2023
November 2, 2023
October 2023
October 26, 2023
October 19, 2023
October 12, 2023
October 05, 2023
September 2023
September 14, 2023
September 7, 2023
August 2023
August 31, 2023
August 17, 2023
August 3, 2023
July 2023
July 20, 2023
July 13, 2023
June 2023
June 29, 2023
June 15, 2023
June 8, 2023
June 5, 2023
June 1, 2023
April 2023
April 27, 2023
March 2023
March 23, 2023
January 2023
January 18, 2023
December 2022
December 15, 2022
December 1, 2022
October 2022
October 27, 2022
October 12, 2022
August 2022
August 4, 2022
June 2022
June 30, 2022
June 9, 2022
May 2022
May 12, 2022
April 2022
April 14, 2022
April 6, 2022
February 2022
February 03, 2022
January 2022
January 20, 2022
January 13, 2022
Basics of Security Cloud Control
Create a Security Cloud Control Tenant
Sign in to Security Cloud Control
Initial Login to Your New Security Cloud Control Tenant
Signing in to Security Cloud Control in Different Regions
Troubleshooting Login Failures
Migrate to Cisco Security Cloud Sign On Identity Provider
Troubleshooting Login Failures after Migration
Launch a Security Cloud Control Tenant
Manage Super Admins on Your Tenant
Get Started With Security Cloud Control
About Security Cloud Control Licenses
Cloud-Delivered Firewall Management Center and Threat Defense Licenses
More Supported Devices and Licenses
Secure Device Connector
Connect Security Cloud Control to your Managed Devices
Deploy a VM for Running the Secure Device Connector and Secure Event Connector
Bootstrap a Secure Device Connector on the Deployed Host
Deploy a Secure Device Connector to vSphere Using Terraform
Deploy a Secure Device Connector on an AWS VPC Using a Terraform Module
Migrate an On-Premises Secure Device Connector and Secure Event Connector from a CentOS 7 Virtual Machine to an Ubuntu Virtual Machine
Change the IP Address of a Secure Device Connector
Remove a Secure Device Connector
Rename a Secure Device Connector
Specify a Default Secure Device Connector
Update your Secure Device Connector
Using Multiple SDCs on a Single Security Cloud Control Tenant
Security Cloud Control Devices that Use the Same SDC
Devices, Software, and Hardware Supported by Security Cloud Control
ASA Support Specifics
Secure Firewall Threat Defense Device Support Specifics
Cloud Device Support Specifics
Switching and Routing Support Specifics
Browsers Supported in Security Cloud Control
Security Cloud Control Platform Maintenance Schedule
Cloud-delivered Firewall Management Center Maintenance Schedule
Manage a Security Cloud Control Tenant
General Settings
General Preferences
Change the Security Cloud Control Web Interface Appearance
My Tokens
Tenant Settings
Enable Change Request Tracking
Prevent Cisco Support from Viewing your Tenant
Enable the Option to Auto-accept Device Changes
Default Conflict Detection Interval
Enable the Option to Schedule Automatic Deployments
Web Analytics
Share Event Data with Cisco Talos
Configure a Default Recurring Backup Schedule
Tenant ID
Tenant Name
Security Cloud Control Platform Navigator
View Security Cloud Control Notifications
User Notification Preferences
Tenant Notification Settings
Enable Email Subscribers
Add an Email Subscription
Edit Email Subscriptions
Delete an Email Subscription
Enable Service Integrations for Security Cloud Control Notifications
Incoming Webhooks for Webex Teams
Incoming Webhooks for Slack
Incoming Webhooks for a Custom Integration
Logging Settings
Integrate Your SAML Single Sign-On with Security Cloud Control
Renew SSO Certificate
API Tokens
API Token Format and Claims
Token Management
Generate an API Token
Renew an API Token
Revoke an API Token
Relationship Between the Identity Provider Accounts and Security Cloud Control User Records
Login Workflow
Implications of this Architecture
Customers Who Use Cisco Security Cloud Sign On
Customers Who Have Their Own Identity Provider
Cisco Managed Service Providers
Related Topics
Manage Multi-Tenant Portal
Add a Tenant to a Multi-Tenant Portal
Delete a Tenant from a Multi-Tenant Portal
Manage-Tenant Portal Settings
Settings
Switch Tenant
The Cisco Success Network
Manage Users in Security Cloud Control
View the User Records Associated with your Tenant
Active Directory Groups in User Management
Prerequisites for Adding an Active Directory Group to Security Cloud Control
Add an Active Directory Group for User Management
Edit an Active Directory Group for User Management
Delete an Active Directory Group for User Management
Create a New Security Cloud Control User
Create a Cisco Security Cloud Sign On Account for the New User
About Logging in to Security Cloud Control
Before You Log In
Create a New Cisco Security Cloud Sign On Account and Configure Duo Multi-factor Authentication
Create a User Record with Your Security Cloud Control Username
The New User Opens Security Cloud Control from the Cisco Secure Sign-On Dashboard
User Roles in Security Cloud Control
Read-only Role
Edit-Only Role
Deploy-Only Role
VPN Sessions Manager Role
Admin Role
Super Admin Role
Change The Record of the User Role
Add a User Account to Security Cloud Control
Create a User Record
Create API Only Users
Edit a User Record for a User Role
Edit a User Role
Delete a User Record for a User Role
Delete a User Record
Security Cloud Control Services Page
Security Cloud Control Device and Service Management
Changing a Device's IP Address in Security Cloud Control
Changing a Device's Name in Security Cloud Control
Export a List of Devices and Services
Export Device Configuration
External Links for Devices
Create an External Link from your Device
Create an External Link to ASDM FDM
Create an External Link for Multiple Devices
Edit or Delete External Links
Edit or Delete External Links for Multiple Devices
Bulk Reconnect Devices to Security Cloud Control
Moving Devices Between Tenants
Device Certificate Expiry Detection
Update Meraki MX Connection Credentials
Write a Device Note
Security Cloud Control Inventory Information
Security Cloud Control Labels and Filtering
Applying Labels to Devices and Objects
Labels and Tags in AWS VPC
Filters
Use Security Cloud Control Search Functionality
Page Level Search
Global Search
Initiate Full Indexing
Perform a Global Search
Objects
Object Types
Shared Objects
Object Overrides
Unassociated Objects
Compare Objects
Filters
Object Filters
Configure Object Filters
When to Exclude a Device from Filter Criteria
Deleting Objects
Delete a Single Object
Delete a Group of Unused Objects
Create IP Address Pool
Network Objects
Create or Edit ASA Network Objects and Network Groups
Create an ASA Network Object
Create an ASA Network Group
Edit an ASA Network Object
Edit an ASA Network Group
Add Additional Values to a Shared Network Group in Security Cloud Control
Edit Additional Values in a Shared Network Group in Security Cloud Control
Deleting Network Objects and Groups in Security Cloud Control
Create or Edit a Firepower Network Object or Network Groups
Create a Firepower Network Object
Create a Firepower Network Group
Edit a Firepower Network Object
Edit a Firepower Network Group
Add an Object Override
Edit Object Overrides
Add Additional Values to a Shared Network Group
Edit Additional Values in a Shared Network Group
Deleting Network Objects and Groups in Security Cloud Control
Discover and Manage On-Prem Firewall Management Center Network Objects
Objects Associated with Meraki Devices
Create a Local Meraki Network Object
Create or Edit a Meraki Network Object or Network Group
Create a Meraki Network Object
Create a Meraki Network Group
Edit a Firepower Network Object or Network Group
Deleting Network Objects and Groups in Security Cloud Control
URL Objects
Create or Edit an FDM-Managed URL Object
Create a Firepower URL Group
Edit a Firepower URL Object or URL Group
Application Filter Objects
Create and Edit a Firepower Application Filter Object
Create a Firepower Application Filter Object
Edit a Firepower Application Filter Object
Geolocation Objects
Create and Edit a Firepower Geolocation Filter Object
Edit a Geolocation Object
DNS Group Objects
Create a DNS Group Object
Edit a DNS Group Object
Delete a DNS Group Object
Add a DNS Group Object as an FDM-Managed DNS Server
Certificate Objects
About Certificates
Certificate Types Used by Feature
Configuring Certificates
Uploading Internal and Internal CA Certificates
Procedure
Uploading Trusted CA Certificates
Procedure
Generating Self-Signed Internal and Internal CA Certificates
Procedure
Trustpoint Objects
Adding an Identity Certificate Object Using PKCS12
Creating a Self-Signed Identity Certificate Object
Adding an Identity Certificate Object for Certificate Signing Request (CSR)
Adding a Trusted CA Certificate Object
Self-Signed and CSR Certificate Generation Based on Certificate Contents
About IPsec Proposals
Managing an IKEv1 IPsec Proposal Object
Create or Edit an IKEv1 IPsec Proposal Object
Managing an IKEv2 IPsec Proposal Object
Create or Edit an IKEv2 IPsec Proposal Object
About Global IKE Policies
Managing IKEv1 Policies
Create or Edit an IKEv1 Policy
Managing IKEv2 Policies
Create or Edit an IKEv2 Policy
RA VPN Objects
Configure Identity Sources for ASA
Determining the Directory Base DN
RADIUS Servers and Groups
Create an ASA Active Directory Realm Object
Edit an ASA Active Directory Realm Object
Create an ASA RADIUS Server Object or Group
Create an ASA RADIUS Server Object
Create an ASA RADIUS Server Group
Edit an ASA Radius Server Object or Group
Create ASA Remote Access VPN Group Policies
ASA Remote Access VPN Group Policy Attributes
Configure Identity Sources for FDM-Managed Device
Determining the Directory Base DN
RADIUS Servers and Groups
Create or Edit an Active Directory Realm Object
Create an FTD Active Directory Realm Object
Edit an FTD Active Directory Realm Object
Create or Edit a RADIUS Server Object or Group
Create a RADIUS Server Object
Create a RADIUS Server Group
Edit a Radius Server Object or Group
Create New RA VPN Group Policies
RA VPN Group Policy Attributes
AWS Security Groups and Cloud Security Group Objects
Sharing Objects Between AWS and other Managed Devices
Security Zone Object
Create or Edit a Firepower Security Zone Object
Create a Security Zone Object
Edit a Security Zone Object
Service Objects
Create and Edit ASA Service Objects
Create an ASA Service Group
Edit an ASA Service Object or Service Group
Create and Edit Firepower Service Objects
Create a Firepower Service Group
Edit a Firepower Service Object or Service Group
Create or Edit a Meraki Service Object
Create a Service Object
Create a Service Group
Edit a Service Object or a Service Group
Security Group Tag Group
Security Group Tags
Create an SGT Group
Edit an SGT Group
Add an SGT Group to an Access Control Rule
Syslog Server Objects
Create and Edit Syslog Server Objects
Edit Syslog Server Objects
Create a Syslog Server Object for Secure Logging Analytics (SaaS)
Procedure
ASA Time Range Objects
Create an ASA Time Range Object
Edit an ASA Time Range Object
About Device Configuration Changes
Read All Device Configurations
Read Configuration Changes from an ASA to Security Cloud Control
Read Configuration Changes on ASA
Read Configuration Changes from FDM-Managed Device to Security Cloud Control
Discard Changes Procedure
If Reverting Pending Changes Fails
Review Conflict Procedure
Accept Without Review Procedure
Read Changes from Cisco IOS or SSH to Security Cloud Control
Preview and Deploy Configuration Changes for All Devices
Deploy Configuration Changes from Security Cloud Control to ASA
About Deploying Configuration Changes
Deploy Configuration Changes Made Using the Security Cloud Control GUI
Schedule Automatic Deployments
Deploy Configuration Changes Using Security Cloud Control's CLI Interface
Deploy Configuration Changes by Editing the Device Configuration
Deploy Configuration Changes for a Shared Object on Multiple Devices
Deploy Configuration Changes from Security Cloud Control to FDM-Managed Device
Deploy Changes to a Device
Cancelling Changes
Discarding Changes
Bulk Deploy Device Configurations
Preview and Deploy On-Premises Firewall Management Center Configurations
About Scheduled Automatic Deployments
Schedule an Automatic Deployment
Edit a Scheduled Deployment
Delete a Scheduled Deployment
Check for Configuration Changes
Discard Configuration Changes
Discard On-Premises Firewall Management Center Configuration Changes
Out-of-Band Changes on Devices
Synchronizing Configurations Between Security Cloud Control and Device
Conflict Detection
Enable Conflict Detection
Enable Conflict Detection for an On-Premises Management Center
Automatically Accept Out-of-Band Changes from your Device
Configure Auto-Accept Changes
Disabling Auto-Accept Changes for All Devices on the Tenant
Resolve Configuration Conflicts
Resolve the Not Synced Status
Resolve the Conflict Detected Status
Schedule Polling for Device Changes
Schedule a Security Database Update
Create a Scheduled Security Database Update
Edit a Scheduled Security Database Update
Monitoring and Reporting Change Logs, Workflows, and Jobs
Manage Change Logs in Security Cloud Control
Change Log Entries after Deploying to an ASA
Change Log Entries After Reading Changes from an ASA
Change Log Entries After Deploying to FDM-Managed Device
Change Log Entries After Reading Changes from an FDM-Managed Device
View Change Log Differences
Export the Change Log
Differences Between Change Log Capacity in Security Cloud Control and Size of an Exported Change Log
Change Request Management
Enable Change Request Management
Create a Change Request
Associate a Change Request with a Change Log Event
Search for Change Log Events with Change Requests
Search for a Change Request
Filter Change Requests
Clear the Change Request Toolbar
Clear a Change Request Associated with a Change Log Event
Delete a Change Request
Disable Change Request Management
Change Request Management Use Cases
FDM-Managed Device Executive Summary Report
Generating FDM-Managed Device Executive Summary Reports
Monitor Jobs in Security Cloud Control
Reinitiate a Bulk Action
Cancel a Bulk Action
Monitor Workflows in Security Cloud Control
Network Address Translation
Order of Processing NAT Rules
Network Address Translation Wizard
Create a NAT Rule by using the NAT Wizard
Common Use Cases for NAT
Enable a Server on the Inside Network to Reach the Internet Using a Public IP address
Enable Users on the Inside Network to Access the Internet Using the Outside Interface's Public IP Address
Make a Server on the Inside Network Available on a Specific Port of a Public IP Address
NAT Incoming FTP Traffic to an FTP Server
NAT Incoming HTTP Traffic to an HTTP Server
NAT Incoming SMTP Traffic to an SMTP Server
Translate a Range of Private IP Addresses to a Range of Public IP Addresses
Translate a Pool of Inside Addresses to a Pool of Outside Addresses
Prevent a Range of IP Addresses from Being Translated When Traversing the Outside Interface
Create a Twice NAT Rule
Onboard Devices and Services
Cisco AI Assistant User Guide
Onboard with Cisco AI Assistant
Prompt Guide for Cisco AI Assistant
Online Help Documentation
Policy Insights
Policy Analyzer and Optimizer
Automate Policy Rule Creation
Contact Support
Notifications Center
Cisco AI Assistant Frequently Asked Questions (FAQ)
Onboard Secure Firewall Threat Defense Devices
Onboard a Threat Defense Device
Onboard a Threat Defense Device
Managing an FDM-Managed Device from the Inside Interface
Manage an FDM-Managed Device from the Inside Interface
Managing an FDM-Managed Device from the Outside Interface
Manage the FDM-Managed Device's Outside Interface
Onboard an FDM-Managed Device to Security Cloud Control
Onboard an FDM-Managed Device Using Username, Password, and IP Address
Onboard an FDM-Managed Device Running Software Version 6.4 or 6.5 Using a Registration Key
Unregister a Smart-licensed FDM-Managed Device
Procedure to Onboard an FDM-Managed Device Running Software Version 6.4 or 6.5 Using a Registration Key
Onboard an FDM-Managed Device Running Software Version 6.6+ Using a Registration Key
Unregistering an FDM-Managed Device from Cisco Cloud Services
Procedure to Onboad an FDM-Managed Device Running Software Version 6.6+ Using a Registration Key
Onboard an FDM-Managed Device using the Device's Serial Number
Workflow and Prerequisites to Onboard the FDM-Managed Device Using Zero-Touch Provisioning
Onboard a Secure Firewall Threat Defense Device With Zero-Touch Provisioning
Onboard a Configured FDM-Managed Device using the Device's Serial Number
Onboard an FDM-Managed High Availability Pair
Onboard an FDM-Managed High Availablity Pair with a Registration Key
Onboard an FDM-Managed HA Pair Running Version 6.4 or Version 6.5
Onboard an FDM-Managed HA Pair Running Threat Defense Version 6.6 or Version 6.7 and later
Onboard an FDM-Managed High Availability Pair
Onboard an FTD Cluster
Onboard a Clustered Secure Firewall Threat Defense Device
Applying or Updating a Smart License
Smart-License an FDM-Managed Device When Onboarding Using a Registration Key
Smart-License an FDM-Managed Device After Onboarding the Device Using a Registration Key or its Credentials
Updating an Existing Smart License of an FDM-Managed Device
Change the Smart License Applied to an FDM-Managed Device Onboarded Using a Registration Key
Change the Smart License Applied to an FDM-Managed Device Onboarded Using its Credentials
Security Cloud Control Support for DHCP Addressing of FDM-Managed Devices
FDM-Managed Device Licensing Types
Virtual FDM-Managed Device Tiered Licenses
Viewing Smart-Licenses for a Device
Enabling or Disabling Optional Licenses
Impact of Expired or Disabled Optional Licenses
Create and Import an Firewall Device Manager Model
Export FDM-Managed Device Configuration
Import FDM-Managed Device Configuration
Delete a Device from Security Cloud Control
Import Configuration for Offline Device Management
Backing Up FDM-Managed Devices
Back up an FDM-Managed Device On-Demand
Procedure
Configure a Recurring Backup Schedule for a Single FDM-Managed Device
Procedure
Download the Device Backup
Edit a Backup
Delete a Backup
Managing Device Backup
Restore a Backup to an FDM-Managed Device
Onboard a Secure Firewall Threat Defense Device to the Cloud-Delivered Firewall Management Center
Onboarding Overview
Prerequisites to Onboard a Device to Cloud-delivered Firewall Management Center
Onboard a Device with a CLI Registration Key
Onboard a Threat Defense Device to Cloud-delivered Firewall Management Center using Zero-Touch Provisioning
Onboard a Secure Firewall Threat Defense Cluster
Onboard a Chassis
Onboard a Threat Defense Device to On-Prem Firewall Management Center using Zero-Touch Provisioning
Deploy a Threat Defense Device with AWS
Deploy a Threat Defense Device in Azure
Deploy a Threat Defense Virtual in Azure
Deploy a Threat Defense Device to Google Cloud Platform
Create VPC Networks for GCP
Deploy a Threat Defense Device on Google Cloud Platform
Troubleshooting
Troubleshoot Onboarding a Device to the Cloud-delivered Firewall Management Center Using the CLI Registration Key
Error: Device Remains in Pending Setup State After Onboarding
Troubleshoot Onboarding a Device to Cloud-delivered Firewall Management Center Using the Serial Number
Device is Offline or Unreachable
Error: Serial Number Already Claimed
Error: Claim Error
Error: Failed to Claim
Error: Provisional Error
Onboard ASA Devices
Onboard ASA Device to Security Cloud Control
Onboard a High Availability Pair of ASA Devices to Security Cloud Control
Onboard an ASA in Multi-Context Mode to Security Cloud Control
Onboard Multiple ASAs to Security Cloud Control
Pause and Resume Onboarding Multiple ASAs
Create and Import an ASA Model to Security Cloud Control
Import ASA Configuration
Delete a Device from Security Cloud Control
Onboard an On-Premises Firewall Management Center
Onboard an On-Premises Management Center to Security Cloud Control
Auto-Onboard an On-Premises Management Center Integrated with Cisco Security Cloud
Integrate On-Premises Management Center With Cisco Security Cloud
Disable Auto-Onboarding of an On-Premises Management Center
Onboard an On-Premises Firewall Management Center to Security Cloud Control with Credentials
Redirect Security Cloud Control to an On-Premises Firewall Management Center
Remove an On-Premises Firewall Management Center from Security Cloud Control
Migrate On-Premises Management Center Managed Secure Firewall Threat Defense to Cloud-delivered Firewall Management Center
About Migrating Threat Defense to Cloud-delivered Firewall Management Center
Supported On-Premises Firewall Management Center and Threat Defense Software for Migration
Licensing
Supported Features
Unsupported Features
Migration Guidelines and Limitations for VPN Configuration
Managing Threat Defense Events and Analytics
Before You Begin Migration
Migrate Threat Defense to Cloud-delivered Firewall Management Center
View a Threat Defense Migration Job
Proceed Migration Process
Commit Migration Changes Manually to Cloud-delivered Firewall Management Center
Revert the Threat Defense Management to On-Premises Firewall Management Center
View Migrated Devices
Generate a Threat Defense Migration Report
Delete a Migration Job
Enable Notification Settings
Troubleshoot Threat Defense Migration to Cloud
Verify Threat Defense Connectivity with Cloud-delivered Firewall Management Center
Onboard an Umbrella Organization
Umbrella License Requirements
Generate an API Key and Secret
Umbrella Organization ID
Onboarding an Umbrella Orgnization
Reconnect an Umbrella Organization to Security Cloud Control
Cross-launch to the Umbrella dashboard
Delete a Device from Security Cloud Control
Onboard Security Cloud Control Integrations
Onboard an SSH Device
Onboard an SSH Device
Delete a Device from Security Cloud Control
Onboard a Cisco IOS Device
Onboard a Cisco IOS Device
Create and Import an ASR or ISR Model
Download ASR or ISR Configuration
Import ASR or ISR Configuration
Delete a Device from Security Cloud Control
Import Configuration for Offline Device Management
Delete a Device from Security Cloud Control
Onboard Meraki MX Devices
Onboard Meraki MX to Security Cloud Control
Generate and Retrieve Meraki API Key
Onboard an MX Device to Security Cloud Control
Onboard Meraki Templates to Security Cloud Control
Generate and Retrieve Meraki API Key
Onboard an Meraki Template to Security Cloud Control
Update Meraki MX Connection Credentials
Delete a Device from Security Cloud Control
Onboard AWS Devices
Onboard an AWS VPC
Delete a Device from Security Cloud Control
Onboard Duo Admin Panel
Generate Duo Admin Panel Credentials
Onboard the Duo Admin Panel to Security Cloud Control
Upgrade Devices and Services
FDM Software Upgrade Paths
Other Upgrade Limitations
4100 and 9300 Series Devices
FDM-Managed Device Upgrade Prerequisites
Upgrade a Single FDM-Managed Device
Upgrade A Single FDM-Managed Device with Images from Security Cloud Control's Repository
Upgrade a Single FDM-Managed Device with Images from your own Repository
Monitor the Upgrade Process
Bulk FDM-Managed Devices Upgrade
Upgrade Bulk FDM-Managed Devices with Images from Security Cloud Control's Repository
Upgrade Bulk FDM-Managed Devices with Images from your own Repository
Monitor the Bulk Upgrade Process
Upgrade an FDM-Managed High Availability Pair
Upgrade an FDM-Managed HA Pair with Images from Security Cloud Control's Repository
Upgrade an FDM-Managed HA Pair with Images from your own Repository
Monitor the Upgrade Process
Upgrade to Snort 3.0
Upgrade the Device and the Intrusion Prevention Engine Simultaneously
Upgrade the Intrusion Prevention Engine
Monitor the Upgrade Process
Revert From Snort 3.0 for FDM-Managed Device
Revert From Snort 3.0
Schedule a Security Database Update
Edit a Scheduled Security Database Update
Prerequisites for ASA and ASDM Upgrade in Security Cloud Control
Upgrade Bulk ASA and ASDM in Security Cloud Control
Upgrade Multiple ASAs with Images from your own Repository
Upgrade ASA and ASDM Images on a Single ASA
Upgrade ASA and ASDM Images in a High Availability Pair
Workflow
Upgrade ASA and ASDM Images in a High Availability Pair
Upgrade an ASA or ASDM Using Your Own Image
Managing On-Premises Firewall Management Center with Cisco Security Cloud Control
Managing On-Premises Firewall Management Center with Security Cloud Control
View Onboarded On-Premises Management Center
Discover and Manage On-Prem Firewall Management Center Network Objects
Introduction to Site-to-Site Virtual Private Network
Site-to-Site VPN Configuration for On-Premises Management Center-Managed Secure Firewall Threat Defense
Prerequisites for Configuring Site-to-Site VPN for On-Premises Management Center-managed Threat Defense
Create a Site-to-Site VPN Between On-Premises Firewall Management Center-Managed Threat Defense and ASA
Create a Site-to-Site VPN Between On-Premises Firewall Management Center-Managed Threat Defense Devices
Create a Site-to-Site VPN Between On-Premises Firewall Management Center-Managed Threat Defense and Cloud-delivered Firewall Management Center-Managed Threat Defense
Create a Site-to-Site VPN Between On-Premises Firewall Management Center-Managed Threat Defense and Extranet
Discover Existing Site-to-Site VPN Tunnels from On-Premises Management Center
About Global IKE Policies
Managing IKEv1 Policies
Managing IKEv2 Policies
About IPsec Proposals
Encryption and Hash Algorithms Used in VPN
About Device Configuration Changes
Read All Device Configurations
Preview and Deploy On-Premises Firewall Management Center Configurations
Preview and Deploy Configuration Changes for All Devices
Deploy Changes to a Device
Cancelling Changes
Discarding Changes
Bulk Deploy Device Configurations
About Scheduled Automatic Deployments
Schedule an Automatic Deployment
Edit a Scheduled Deployment
Delete a Scheduled Deployment
Check for Configuration Changes
Discard Configuration Changes
Discard On-Premises Firewall Management Center Configuration Changes
Out-of-Band Changes on Devices
Synchronizing Configurations Between Security Cloud Control and Device
Conflict Detection
Enable Conflict Detection
Enable Conflict Detection for an On-Premises Management Center
Automatically Accept Out-of-Band Changes from your Device
Configure Auto-Accept Changes
Disabling Auto-Accept Changes for All Devices on the Tenant
Resolve Configuration Conflicts
Resolve the Not Synced Status
Resolve the Conflict Detected Status
Schedule Polling for Device Changes
Schedule a Security Database Update
Create a Scheduled Security Database Update
Edit a Scheduled Security Database Update
Remove an On-Premises Firewall Management Center from Security Cloud Control
Managing Cisco Secure Firewall Threat Defense Devices with Cloud-delivered Firewall Management Center
Security Cloud Control Services Page
Navigate to the Cloud-delivered Firewall Management Center in your Security Cloud Control Tenant
Enable Cloud-delivered Firewall Management Center on Your Security Cloud Control Tenant
About AIOps Insights
Enable AIOps Insights
View Summary Insights
Assess and Improve Feature Adoption
Configure Settings for AIOps
Enable Traffic and Capacity Insights
Enable Feature Adoption Insights
Enable Health and Operations Insights
Troubleshooting for the Secure Firewall Threat Defense using Cloud-delivered Firewall Management Center
Managing FDM Devices with Cisco Security Cloud Control
Managing FDM-Managed Devices with Cisco Security Cloud Control
Interfaces
Guidelines and Limitations for Firepower Interface Configuration
Maximum Number of VLAN Members by Device Model
Firepower Data Interfaces
Management/Diagnostic Interface
Interface Settings
Use of Security Zones in Firepower Interface Settings
Assign an FDM-Managed Device Interface to a Security Zone
Assign a Firepower Interface to a Security Zone
Use of Auto-MDI/MDX in Firepower Interface Settings
Use of MAC Addresses in Firepower Interface Settings
Use of MTU Settings in Firepower Interface Settings
IPv6 Addressing for Firepower Interfaces
Configuring Firepower Interfaces
Configure a Physical Firepower Interface
Procedure
Configure IPv4 Addressing for the Physical Interface
Configure IPv6 Addressing for the Physical Interface
Enable the Physical Interface
Configure Firepower VLAN Subinterfaces and 802.1Q Trunking
Procedure
Configure IPv4 Addressing for the Subinterface
Configure IPv6 Addressing for the Subinterface
Enable the Physical Interface
Configure Advanced Firepower Interface Options
Configure a Bridge Group
Configure the Name of the Bridge Group Interface and Select the Bridge Group Members
Configure the IPv4 Address for the BVI
Configure the IPv6 Address for the BVI
Configure Advanced Interface Options
Bridge Group Compatibility in FDM-Managed Configurations
Delete a Bridge Group
Add an EtherChannel Interface for an FDM-Managed Device
Add an EtherChannel Interface
Edit Or Remove an EtherChannel Interface for FDM-Managed Device
Edit an EtherChannel
Remove an EtherChannel Interface
Add a Subinterface to an EtherChannel Interface
Add a Subinterface to an EtherChannel Interface
Edit or Remove a Subinterface from an EtherChannel
Edit a Subinterface
Remove a Subinterface from an EtherChannel
Add Interfaces to a Virtual FDM-Managed Device
Switch Port Mode Interfaces for an FDM-Managed Device
Configure an FDM-Managed Device VLAN
Configure an FDM-Managed Device VLAN for Switch Port Mode
Create a VLAN Interface for Switch Port Mode
Configure an Existing Physical Interface for Switch Port Mode
Viewing and Monitoring Firepower Interfaces
Monitoring Interfaces in the CLI
Synchronizing Interfaces Added to a Firepower Device using FXOS
Routing
About Static Routing and Default Routes
Default Route
Static Routes
The Routing Table and Route Selection
How the Routing Table is Populated
How Forwarding Decisions are Made
Configure Static and Default Routes for FDM-Managed Devices
Procedure
Static Route Example
Monitoring Routing
Static Route Network Diagram
About Virtual Routing and Forwarding
Objects
Objects
Object Types
Shared Objects
Object Overrides
Unassociated Objects
Compare Objects
Filters
Object Filters
Configure Object Filters
When to Exclude a Device from Filter Criteria
Deleting Objects
Delete a Single Object
Delete a Group of Unused Objects
Create IP Address Pool
Network Objects
Create or Edit ASA Network Objects and Network Groups
Create an ASA Network Object
Create an ASA Network Group
Edit an ASA Network Object
Edit an ASA Network Group
Add Additional Values to a Shared Network Group in Security Cloud Control
Edit Additional Values in a Shared Network Group in Security Cloud Control
Deleting Network Objects and Groups in Security Cloud Control
Create or Edit a Firepower Network Object or Network Groups
Create a Firepower Network Object
Create a Firepower Network Group
Edit a Firepower Network Object
Edit a Firepower Network Group
Add an Object Override
Edit Object Overrides
Add Additional Values to a Shared Network Group
Edit Additional Values in a Shared Network Group
Deleting Network Objects and Groups in Security Cloud Control
Discover and Manage On-Prem Firewall Management Center Network Objects
Objects Associated with Meraki Devices
Create a Local Meraki Network Object
Create or Edit a Meraki Network Object or Network Group
Create a Meraki Network Object
Create a Meraki Network Group
Edit a Firepower Network Object or Network Group
Deleting Network Objects and Groups in Security Cloud Control
URL Objects
Create or Edit an FDM-Managed URL Object
Create a Firepower URL Group
Edit a Firepower URL Object or URL Group
Application Filter Objects
Create and Edit a Firepower Application Filter Object
Create a Firepower Application Filter Object
Edit a Firepower Application Filter Object
Geolocation Objects
Create and Edit a Firepower Geolocation Filter Object
Edit a Geolocation Object
DNS Group Objects
Create a DNS Group Object
Edit a DNS Group Object
Delete a DNS Group Object
Add a DNS Group Object as an FDM-Managed DNS Server
Certificate Objects
About Certificates
Certificate Types Used by Feature
Configuring Certificates
Uploading Internal and Internal CA Certificates
Procedure
Uploading Trusted CA Certificates
Procedure
Generating Self-Signed Internal and Internal CA Certificates
Procedure
Trustpoint Objects
Adding an Identity Certificate Object Using PKCS12
Creating a Self-Signed Identity Certificate Object
Adding an Identity Certificate Object for Certificate Signing Request (CSR)
Adding a Trusted CA Certificate Object
Self-Signed and CSR Certificate Generation Based on Certificate Contents
About IPsec Proposals
Managing an IKEv1 IPsec Proposal Object
Create or Edit an IKEv1 IPsec Proposal Object
Managing an IKEv2 IPsec Proposal Object
Create or Edit an IKEv2 IPsec Proposal Object
About Global IKE Policies
Managing IKEv1 Policies
Create or Edit an IKEv1 Policy
Managing IKEv2 Policies
Create or Edit an IKEv2 Policy
RA VPN Objects
Configure Identity Sources for ASA
Determining the Directory Base DN
RADIUS Servers and Groups
Create an ASA Active Directory Realm Object
Edit an ASA Active Directory Realm Object
Create an ASA RADIUS Server Object or Group
Create an ASA RADIUS Server Object
Create an ASA RADIUS Server Group
Edit an ASA Radius Server Object or Group
Create ASA Remote Access VPN Group Policies
ASA Remote Access VPN Group Policy Attributes
Configure Identity Sources for FDM-Managed Device
Determining the Directory Base DN
RADIUS Servers and Groups
Create or Edit an Active Directory Realm Object
Create an FTD Active Directory Realm Object
Edit an FTD Active Directory Realm Object
Create or Edit a RADIUS Server Object or Group
Create a RADIUS Server Object
Create a RADIUS Server Group
Edit a Radius Server Object or Group
Create New RA VPN Group Policies
RA VPN Group Policy Attributes
AWS Security Groups and Cloud Security Group Objects
Sharing Objects Between AWS and other Managed Devices
Security Zone Object
Create or Edit a Firepower Security Zone Object
Create a Security Zone Object
Edit a Security Zone Object
Service Objects
Create and Edit ASA Service Objects
Create an ASA Service Group
Edit an ASA Service Object or Service Group
Create and Edit Firepower Service Objects
Create a Firepower Service Group
Edit a Firepower Service Object or Service Group
Create or Edit a Meraki Service Object
Create a Service Object
Create a Service Group
Edit a Service Object or a Service Group
Security Group Tag Group
Security Group Tags
Create an SGT Group
Edit an SGT Group
Add an SGT Group to an Access Control Rule
Syslog Server Objects
Create and Edit Syslog Server Objects
Edit Syslog Server Objects
Create a Syslog Server Object for Secure Logging Analytics (SaaS)
Procedure
ASA Time Range Objects
Create an ASA Time Range Object
Edit an ASA Time Range Object
Manage Security Policies in Security Cloud Control
FDM Policy Configuration
FDM-Managed Access Control Policy
Read an FDM-Managed Access Control Policy
Configure the FDM Access Control Policy
Create or Edit an FDM-Managed Access Control Policy
Configuring Access Policy Settings
Procedure
About TLS Server Identity Discovery
Copy FDM-Managed Access Control Rules
Copy Rules within the Device
Copy Rules from One FDM-Managed Device Policy to Another FDM-Managed Device Policy
Move FDM-Managed Access Control Rules
Move Rules within the Device
Move a Rule from One FDM-Managed Device Policy to Another FDM-Managed Device Policy
Behavior of Objects when Pasting Rules to Another Device
Source and Destination Criteria in an FDM-Managed Access Control Rule
URL Conditions in an FDM-Managed Access Control Rule
Specifying a Reputation for a URL Category Used in a Rule
Intrusion Policy Settings in an FDM-Managed Access Control Rule
File Policy Settings in an FDM-Managed Access Control Rule
Logging Settings in an FDM-Managed Access Control Rule
Procedure
Application Criteria in an FDM-Managed Access Control Rule
Intrusion, File, and Malware Inspection in FDM-Managed Access Control Policies
Custom IPS Policy in an FDM-Managed Access Control Rule
TLS Server Identity Discovery in Firepower Threat Defense
Enable the TLS Server Identity Discovery
Intrusion Prevention System
Threat Events
Firepower Intrusion Policy Signature Overrides
Manage Signature Overrides
Create A Signature Override
Remove A Signature Override
Custom Firepower Intrusion Prevention System Policy
Configure Firepower Custom IPS Policies
Create a Custom IPS Policy
Edit a Custom IPS Policy
Edit Rule Groups in a Custom IPS Policy
Delete a Custom IPS policy
Security Intelligence Policy
Configure the Firepower Security Intelligence Policy
Configure Firepower Security Intelligence Policy
Making Exceptions to the Firepower Security Intelligence Policy Blocked Lists
Security Intelligence Feeds for Firepower Security Intelligence Policies
FDM-Managed Device Identity Policy
How to Implement an Identity Policy
Procedure
Configure Identity Policies
Procedure
Configure Identity Policy Settings
Procedure
Configure the Identity Policy Default Action
Procedure
Configure Identity Rules
Procedure
SSL Decryption Policy
How to Implement and Maintain the SSL Decryption Policy
Procedure
About SSL Decryption
Why Implement SSL Decryption?
Actions You Can Apply to Encrypted Traffic
Automatically Generated SSL Decryption Rules
Handling Undecryptable Traffic
License Requirements for SSL Decryption Policies
Guidelines for SSL Decryption
Configure SSL Decryption Policies
Procedure
Enable the SSL Decryption Policy
Procedure
Configure the Default SSL Decryption Action
Procedure
Configure SSL Decryption Rules
Procedure
Source/Destination Criteria for SSL Decryption Rules
URL Criteria for SSL Decryption Rules
User Criteria for SSL Decryption Rules
Configure Certificates for Known Key and Re-Sign Decryption
Downloading the CA Certificate for Decrypt Re-Sign Rules
Procedure
Warning
Rulesets
Configure Rulesets for a Device
Create or Edit a Ruleset
Deploy a Ruleset to Multiple FDM-Managed Devices or Templates
Add Devices to a Ruleset from the Ruleset page
Add Rulesets to a Device from the Device Policy page
Rulesets with FDM-Managed Templates
Create Rulesets from Existing Device Rules
Impact of Out-of-Band Changes on Rulesets
Impact of Discarding Staged Ruleset Changes
View Rules and Rulesets
View Rules from Device Policy Page
View Rulesets
Search Rulesets
View Jobs Associated with Rulesets
Change Log Entries after Creating Rulesets
Detach FDM-Managed Devices from a Selected Ruleset
Delete Rules and Rulesets
Delete Rules from a Ruleset
Delete a Ruleset
Remove a Ruleset From a Selected FDM-Managed Device
Delete a Ruleset From a Selected FDM-Managed Device
Disassociate a Ruleset From a Selected FDM-Managed Device
Adding Comments to Rules in Policies and Rulesets
Adding a Comment to a Rule
Editing Comments about Rules in Policies and Rulesets
Editing a comment on a rule in a policy
Editing a comment on a rule in a ruleset
Network Address Translation
Order of Processing NAT Rules
Network Address Translation Wizard
Create a NAT Rule by using the NAT Wizard
Common Use Cases for NAT
Enable a Server on the Inside Network to Reach the Internet Using a Public IP address
Enable Users on the Inside Network to Access the Internet Using the Outside Interface's Public IP Address
Make a Server on the Inside Network Available on a Specific Port of a Public IP Address
NAT Incoming FTP Traffic to an FTP Server
NAT Incoming HTTP Traffic to an HTTP Server
NAT Incoming SMTP Traffic to an SMTP Server
Translate a Range of Private IP Addresses to a Range of Public IP Addresses
Translate a Pool of Inside Addresses to a Pool of Outside Addresses
Prevent a Range of IP Addresses from Being Translated When Traversing the Outside Interface
Create a Twice NAT Rule
Templates
FDM-Managed Device Templates
Configure an FDM Template
Create an FDM Template
Edit an FDM-Managed Device Template
Delete an FDM Template
Apply an FDM Template
Apply Template to an FDM-Managed Device
Review Device and Networking Settings
Deploy Changes to the Device
Migrating an ASA Configuration to an FDM-Managed Device Template
Backing Up FDM-Managed Devices
Back up an FDM-Managed Device On-Demand
Procedure
Configure a Recurring Backup Schedule for a Single FDM-Managed Device
Procedure
Download the Device Backup
Edit a Backup
Delete a Backup
Managing Device Backup
Restore a Backup to an FDM-Managed Device
FDM-Managed High Availability
FDM-Managed High Availability Pair Requirements
Create an FDM-Managed High Availability Pair
Procedure
FDM-Managed Devices in High Availability Page
High Availability Management Page
Edit High Availability Failover Criteria
Break an FDM-Managed High Availability Pairing
Break High Availability
Break Out-of-Band High Availability
Force a Failover on an FDM-Managed High Availability Pair
FDM-Managed High Availability Failover History
Refresh the FDM-Managed High Availability Status
Failover and Stateful Link for FDM-Managed High Availability
FDM-Managed Device Settings
Configure an FDM-Managed Device's System Settings
Configure Management Access
Create Rules for Management Interfaces
Create Rules for Data Interfaces
Configure Logging Settings
Message Severity Levels
Configure DHCP Servers
Configure DNS Server
Management Interface
Hostname
Configure NTP Server
Configure URL Filtering
Cloud Services
Connecting to the Cisco Success Network
Sending Events to the Cisco Cloud
Enabling or Disabling Web Analytics
Create a REST API Macro
Using the API Tool
How to Enter a Secure Firewall Threat Defense REST API Request
About FTD REST API Macros
Create a REST API Macro
Create a REST API Macro from a New Command
Create a REST API Macro from History or from an Existing REST API Macro
Run a REST API Macro
Edit a REST API Macro
Delete a REST API Macro
Update FDM-Managed Device Security Databases
Managing ASA with Cisco Security Cloud Control
Managing ASA with Cisco Security Cloud Control
Update ASA Connection Credentials in Security Cloud Control
Move an ASA from one SDC to Another
ASA Interface Configuration
Configure an ASA Physical Interface
Configure IPv4 Addressing for ASA Physical Interface
Configure IPv6 Addressing for ASA Physical Interface
Configure Advanced ASA Physical Interface Options
Enable the ASA Physical Interface
Add an ASA VLAN Subinterface
Configure ASA VLAN Subinterfaces
Configure IPv4 Addressing for ASA Subinterface
Configure IPv6 Addressing for ASA Subinterface
Configure Advanced ASA Subinterface Options
Enable the Subinterface
Remove ASA Subinterface
About ASA EtherChannel Interfaces
Configure ASA EtherChannel
Edit ASA EtherChannel
Remove ASA EtherChannel Interface
ASA System Settings Policy in Security Cloud Control
Create an ASA Shared System Settings Policy
Configure Basic DNS Settings
Configure HTTP Settings
Set the Date and Time Using an NTP Server
Configure SSH Access
Configure System Logging
Enable Sysopt Settings
Assign a Policy from the Shared System Settings Page
Configure or Modify Device Specific System Settings
Assign a Policy from Device-Specific Settings Page
Auto Assignment of ASA Devices to a Shared System Settings Policy
Filter ASA Shared System Settings Policy
Disassociate Devices from Shared System Settings Policy
Delete Shared Settings Policy
ASA Routing in Security Cloud Control
About ASA Static Route
Configure ASA Static Route
Edit ASA Static Route
Delete a Static Route
Manage Security Policies in Security Cloud Control
Manage ASA Network Security Policy
About ASA Access Control Lists and Access Groups
Create an ASA Access List
Add a Rule to an ASA Access List
About System Log Activity
Deactivate Rules in an Access Control List
About Security Group Tags in ASA Policies
Assign Interfaces to ASA Access Control List
Create an ASA Global Access List
Share an ASA Access Control List with Multiple ASA Devices
Copy an ASA Access Control List to Another ASA
Copy a Rule Within or Across ASA Access Lists and Devices
Unshare a Shared ASA Access Control List
View ASA Access Policies Listing Page
Global Search of ASA Access Lists
Rename an ASA Access Control List
Delete a Rule from an ASA Access Control List
Delete an ASA Access Control List
Compare ASA Network Policies
Hit Rates
View Hit Rates of ASA Policies
Search and Filter ASA Network Rules in the Access List
Shadowed Rules
Find Network Policies with Shadowed Rules
Resolve Issues with Shadowed Rules
Network Address Translation
Order of Processing NAT Rules
Network Address Translation Wizard
Create a NAT Rule by using the NAT Wizard
Common Use Cases for NAT
Enable a Server on the Inside Network to Reach the Internet Using a Public IP address
Enable Users on the Inside Network to Access the Internet Using the Outside Interface's Public IP Address
Make a Server on the Inside Network Available on a Specific Port of a Public IP Address
NAT Incoming FTP Traffic to an FTP Server
NAT Incoming HTTP Traffic to an HTTP Server
NAT Incoming SMTP Traffic to an SMTP Server
Translate a Range of Private IP Addresses to a Range of Public IP Addresses
Translate a Pool of Inside Addresses to a Pool of Outside Addresses
Prevent a Range of IP Addresses from Being Translated When Traversing the Outside Interface
Create a Twice NAT Rule
ASA Templates
ASA Template Parameters
Create New Parameters
Create a New ASA, ISR, or ASR Template
Generate ASA Configurations from Templates
Manage ASA Templates
API Tokens
Migrating an ASA Configuration to an FDM-Managed Device Template
About the Security Cloud Control Migration Process
Launch the FDM Migration Wizard and Select the Device
Run the Migration
(Optional) Update the Migration Name
(Optional) Preserve the Running Configuration
Parsing the ASA Configuration
Fix the Migration Errors
Apply Migration
Apply Migration Now
Support for FDM-Managed Device with Management Access Interface Migration
Apply Migration Later
View the Migration Actions
Deploy the Configuration
Manage ASA Certificates
Install ASA Certificates
Install an Identity Certificate Using PKCS12
Install a Certificate Using Self-Signed Enrollment
Manage a Certificate Signing Request (CSR)
Generate a CSR Request
Install a Signed Identity Certificate Issued by a Certificate Authority
Install a Trusted CA Certificate in ASA
Export an Identity Certificate
Edit an Installed Certificate
Delete an Existing Certificate from ASA
ASA File Management
Upload File to a Single ASA Device
Upload File to Multiple ASA Devices
Remove Files from ASA
Managing ASAs with Pre-existing High Availability Configuration
Configuration Changes Made to ASAs in Active-Active Failover Mode
Configure DNS on ASA
Procedure
Migrating Firewalls with the Firewall Migration Tool in Security Cloud Control
Is This Guide for You?
Getting Started with the Firewall Migration Tool in Security Cloud Control
Supported Configurations
Licenses
Initialize a New Migration Instance
Delete a Migration Instance
Using the Demo Mode in the Secure Firewall Migration Tool
Migrate Secure Firewall ASA to Secure Firewall Threat Defense with the Firewall Migration Tool in Security Cloud Control
Migrate an FDM-Managed Device to Secure Firewall Threat Defense with the Firewall Migration Tool in Security Cloud Control
Migrating Check Point Firewall to Secure Firewall Threat Defense with the Firewall Migration Tool in Security Cloud Control
Migrating Fortinet Firewall with the Firewall Migration Tool in Security Cloud Control
Migrating Palo Alto Networks Firewall to Secure Firewall Threat Defense with the Firewall Migration Tool in Security Cloud Control
Related Documentation
Managing Umbrella with Cisco Security Cloud Control
Read Umbrella Tunnel Configuration
Cross-launch to the Umbrella Tunnels Page
Configure a SASE Tunnel for Umbrella
Edit a SASE Tunnel
Delete a SASE Tunnel from Umbrella
Managing Meraki with Cisco Security Cloud Control
Managing Meraki with Cisco Security Cloud Control
How Does Security Cloud Control Communicate With Meraki
Manage Security Policies in Security Cloud Control
Meraki Access Control Policy
Meraki Templates
Managing IOS Devices with Cisco Security Cloud Control
Managing IOS Devices with Security Cloud Control
ASA Cisco IOS Device Configurations
View a Device's Configuration File
Security Cloud Control Command Line Interface
Using the Command Line Interface
Entering Commands in the Command Line Interface
Work with Command History
Bulk Command Line Interface
Bulk CLI Interface
Send Commands in Bulk
Work with Bulk Command History
Work with Bulk Command Filters
By Response Filter
By Device Filter
Command Line Interface Macros
Create a CLI Macro from a New Command
Create a CLI Macro from CLI History or from an Existing CLI Macro
Run a CLI Macro
Edit a CLI Macro
Delete a CLI Macro
Compare ASA Configurations Using Security Cloud Control
ASA Bulk CLI Use Cases
Show all users in the running configuration of an ASA and then delete one of the users
Find all SNMP configurations on selected ASAs
ASA Command Line Interface Documentation
Command Line Interface Documentation
Restore an ASA Configuration
Restore an ASA Configuration
Troubleshooting
Manage ASA and Cisco IOS Device Configuration Files
View a Device's Configuration File
Edit a Complete Device Configuration File
Procedure
About Device Configuration Changes
Read All Device Configurations
Read Configuration Changes from an ASA to Security Cloud Control
Read Configuration Changes on ASA
Read Configuration Changes from FDM-Managed Device to Security Cloud Control
Discard Changes Procedure
If Reverting Pending Changes Fails
Review Conflict Procedure
Accept Without Review Procedure
Read Changes from Cisco IOS or SSH to Security Cloud Control
Preview and Deploy Configuration Changes for All Devices
Deploy Configuration Changes from Security Cloud Control to ASA
About Deploying Configuration Changes
Deploy Configuration Changes Made Using the Security Cloud Control GUI
Schedule Automatic Deployments
Deploy Configuration Changes Using Security Cloud Control's CLI Interface
Deploy Configuration Changes by Editing the Device Configuration
Deploy Configuration Changes for a Shared Object on Multiple Devices
Deploy Configuration Changes from Security Cloud Control to FDM-Managed Device
Deploy Changes to a Device
Cancelling Changes
Discarding Changes
Bulk Deploy Device Configurations
Preview and Deploy On-Premises Firewall Management Center Configurations
About Scheduled Automatic Deployments
Schedule an Automatic Deployment
Edit a Scheduled Deployment
Delete a Scheduled Deployment
Check for Configuration Changes
Discard Configuration Changes
Discard On-Premises Firewall Management Center Configuration Changes
Out-of-Band Changes on Devices
Synchronizing Configurations Between Security Cloud Control and Device
Conflict Detection
Enable Conflict Detection
Enable Conflict Detection for an On-Premises Management Center
Automatically Accept Out-of-Band Changes from your Device
Configure Auto-Accept Changes
Disabling Auto-Accept Changes for All Devices on the Tenant
Resolve Configuration Conflicts
Resolve the Not Synced Status
Resolve the Conflict Detected Status
Schedule Polling for Device Changes
Schedule a Security Database Update
Create a Scheduled Security Database Update
Edit a Scheduled Security Database Update
Managing AWS with Cisco Security Cloud Control
Managing AWS with Cisco Security Cloud Control
Update AWS VPC Connection Credentials
Monitor AWS VPC Tunnels using AWS Transit Gateway
Search and Filter Site-to-Site VPN Tunnels
View a history of changes made to the AWS VPC tunnels
Manage Security Policies in Security Cloud Control
AWS VPC Policy
AWS VPCs and Security Groups in Security Cloud Control
AWS VPC Security Groups Rules
Create a Security Group Rule
Edit a Security Group Rule
Delete a Security Group Rule
Manage Virtual Private Network Management in Security Cloud Control
Introduction to Site-to-Site Virtual Private Network
Configure Site-to-Site VPN for an FDM-Managed Device
Encryption and Hash Algorithms Used in VPN
Create a Site-To-Site VPN
Create a Site-To-Site VPN using the Simple Configuration
Create a Site-To-Site VPN using the Advanced Configuration
Configure Networking for Protected Traffic Between the Site-To-Site Peers
Edit an Existing Security Cloud Control Site-To-Site VPN
Delete a Security Cloud Control Site-To-Site VPN Tunnel
Exempt Site-to-Site VPN Traffic from NAT
Site-to-Site VPN Configuration Between ASAs
Encryption and Hash Algorithms Used in VPN
Create a Site-to-Site VPN Tunnel Between ASAs
Exempt Site-to-Site VPN Traffic from NAT
Site-to-Site VPN Configuration Between ASA and Multicloud Defense Gateway
Create a Site-to-Site VPN Between ASA and Multicloud Defense Gateway
Site-to-Site VPN Configuration Between Cloud-delivered Firewall Management Center-Managed Threat Defense and Multicloud Defense
Create a Site-to-Site VPN Between Cloud-delivered Firewall Management Center-Managed Threat Defense and Multicloud Defense
About Global IKE Policies
Managing IKEv1 Policies
Create an IKEv1 Policy
Managing IKEv2 Policies
Create an IKEv2 Policy
About IPsec Proposals
Managing an IKEv1 IPsec Proposal Object
Create an IKEv1 IPsec Proposal Object
Managing an IKEv2 IPsec Proposal Object
Create or Edit an IKEv2 IPsec Proposal Object
Monitor FDM-Managed DeviceASAAWS Site-to-Site Virtual Private Networks
Check Site-to-Site VPN Tunnel Connectivity
Site-To-Site VPN Dashboard
Identify VPN Issues
Find VPN Tunnels with Missing Peers
Find VPN Peers with Encryption Key Issues
Find Incomplete or Misconfigured Access Lists Defined for a Tunnel
Find Issues in Tunnel Configuration
Resolve Tunnel Configuration Issues
Search and Filter Site-to-Site VPN Tunnels
Onboard an Unmanaged Site-to-Site VPN Peer
Viewing AWS Site-to-Site VPN Tunnels
View IKE Object Details of Site-To-Site VPN Tunnels
View Last Successful Site-to-Site VPN Tunnel Establishment Date
View Site-to-Site VPN Tunnel Information
Site-to-Site VPN Global View
Site-to-Site VPN Tunnels Pane
Delete a Security Cloud Control Site-To-Site VPN Tunnel
About Device Configuration Changes
Read All Device Configurations
Read Configuration Changes from an ASA to Security Cloud Control
Read Configuration Changes on ASA
Read Configuration Changes from FDM-Managed Device to Security Cloud Control
Discard Changes Procedure
If Reverting Pending Changes Fails
Review Conflict Procedure
Accept Without Review Procedure
Read Changes from Cisco IOS or SSH to Security Cloud Control
Preview and Deploy Configuration Changes for All Devices
Deploy Configuration Changes from Security Cloud Control to ASA
About Deploying Configuration Changes
Deploy Configuration Changes Made Using the Security Cloud Control GUI
Schedule Automatic Deployments
Deploy Configuration Changes Using Security Cloud Control's CLI Interface
Deploy Configuration Changes by Editing the Device Configuration
Deploy Configuration Changes for a Shared Object on Multiple Devices
Deploy Configuration Changes from Security Cloud Control to FDM-Managed Device
Deploy Changes to a Device
Cancelling Changes
Discarding Changes
Bulk Deploy Device Configurations
Preview and Deploy On-Premises Firewall Management Center Configurations
About Scheduled Automatic Deployments
Schedule an Automatic Deployment
Edit a Scheduled Deployment
Delete a Scheduled Deployment
Check for Configuration Changes
Discard Configuration Changes
Discard On-Premises Firewall Management Center Configuration Changes
Out-of-Band Changes on Devices
Synchronizing Configurations Between Security Cloud Control and Device
Conflict Detection
Enable Conflict Detection
Enable Conflict Detection for an On-Premises Management Center
Automatically Accept Out-of-Band Changes from your Device
Configure Auto-Accept Changes
Disabling Auto-Accept Changes for All Devices on the Tenant
Resolve Configuration Conflicts
Resolve the Not Synced Status
Resolve the Conflict Detected Status
Schedule Polling for Device Changes
Schedule a Security Database Update
Create a Scheduled Security Database Update
Edit a Scheduled Security Database Update
Managing SSH Devices with Cisco Security Cloud Control
Managing SSH Devices with Cisco Security Cloud Control
Integrating Security Cloud Control with Cisco Security Cloud Sign On
Merge Your Security Cloud Control and Cisco XDR Tenant Accounts
Analyzing, Detecting, and Fixing Policy Anomalies Using Policy Analyzer and Optimizer
About Policy Analyzer and Optimizer
Analysis, Remediation, and Reporting
Prerequisites to Use Policy Analyzer and Optimizer
Policy Analyzer and Optimizer Licensing Requirements
Enable Policy Analyzer and Optimizer for Cloud-delivered Firewall Management Center
Enable Policy Analyzer and Optimizer for Security Cloud Control-managed On-Premises Firewall Management Center
Policy Analysis
Analyze Cloud-delivered Firewall Management Center Policies
Analyze On-Premises Firewall Management Center Policies
Policy Reporting
Policy Analysis Summary
Duplicate Rules
Overlapping Objects
Expired Rules
Mergeable Rules
Policy Insights
Policy Remediation
Apply Policy Remediation
What Does the Policy Remediation Report Contain?
Troubleshooting Policy Analyzer and Optimizer
Policy Analyzer and Optimizer Does Not Analyze Policies
Policy Analyzer and Optimizer Does Not Fetch Policies
Frequently Asked Questions About Policy Analyzer and Optimizer
Virtual Private Network Management
Manage Virtual Private Network Management in Security Cloud Control
Introduction to Site-to-Site Virtual Private Network
Configure Site-to-Site VPN for an FDM-Managed Device
Encryption and Hash Algorithms Used in VPN
Create a Site-To-Site VPN
Create a Site-To-Site VPN using the Simple Configuration
Create a Site-To-Site VPN using the Advanced Configuration
Configure Networking for Protected Traffic Between the Site-To-Site Peers
Edit an Existing Security Cloud Control Site-To-Site VPN
Delete a Security Cloud Control Site-To-Site VPN Tunnel
Exempt Site-to-Site VPN Traffic from NAT
Site-to-Site VPN Configuration Between ASAs
Encryption and Hash Algorithms Used in VPN
Create a Site-to-Site VPN Tunnel Between ASAs
Exempt Site-to-Site VPN Traffic from NAT
Site-to-Site VPN Configuration Between ASA and Multicloud Defense Gateway
Create a Site-to-Site VPN Between ASA and Multicloud Defense Gateway
Site-to-Site VPN Configuration Between Cloud-delivered Firewall Management Center-Managed Threat Defense and Multicloud Defense
Create a Site-to-Site VPN Between Cloud-delivered Firewall Management Center-Managed Threat Defense and Multicloud Defense
About Global IKE Policies
Managing IKEv1 Policies
Create an IKEv1 Policy
Managing IKEv2 Policies
Create an IKEv2 Policy
About IPsec Proposals
Managing an IKEv1 IPsec Proposal Object
Create an IKEv1 IPsec Proposal Object
Managing an IKEv2 IPsec Proposal Object
Create or Edit an IKEv2 IPsec Proposal Object
Monitor FDM-Managed DeviceASAAWS Site-to-Site Virtual Private Networks
Check Site-to-Site VPN Tunnel Connectivity
Site-To-Site VPN Dashboard
Identify VPN Issues
Find VPN Tunnels with Missing Peers
Find VPN Peers with Encryption Key Issues
Find Incomplete or Misconfigured Access Lists Defined for a Tunnel
Find Issues in Tunnel Configuration
Resolve Tunnel Configuration Issues
Search and Filter Site-to-Site VPN Tunnels
Onboard an Unmanaged Site-to-Site VPN Peer
Viewing AWS Site-to-Site VPN Tunnels
View IKE Object Details of Site-To-Site VPN Tunnels
View Last Successful Site-to-Site VPN Tunnel Establishment Date
View Site-to-Site VPN Tunnel Information
Site-to-Site VPN Global View
Site-to-Site VPN Tunnels Pane
Delete a Security Cloud Control Site-To-Site VPN Tunnel
Introduction to Remote Access Virtual Private Network
Introduction to Remote Access Virtual Private Network
Configure Remote Access Virtual Private Network for ASA
End-to-End Remote Access VPN Configuration Process for ASA
Create ASA Remote Access VPN Configuration
Modify ASA Remote Access VPN Configuration
Configure ASA Remote Access VPN Connection Profile
Configure AAA for a Connection Profile
Manage AnyConnect Software Packages on ASA Devices
Upload an AnyConnect Package from Security Cloud Control Repository
Upload an AnyConnect Package to ASA from Server
Upload new AnyConnect Packages to ASA
Upload AnyConnect Packages using File Management Wizard
Replace an AnyConnect Package
Delete an AnyConnect Package
Manage and Deploy Pre-existing ASA Remote Access VPN Configuration
Device Settings
Connection Profile
Primary Identity Source
AAA Server Groups
RADIUS Server Group
RADIUS Server
Group Policy
Remote Access VPN Certificate-Based Authentication
Exempt Remote Access VPN Traffic from NAT
Install the AnyConnect Client Software on ASA
Modify ASA Remote Access VPN Configuration
Modify ASA Connection Profile
Upload RA VPN AnyConnect Client Profile
Verify ASA Remote Access VPN Configuration
View ASA Remote Access VPN Configuration Details
Configuring Remote Access VPN for an FDM-Managed Device
Split Tunneling for RA VPN Users (Hair Pinning)
Control User Permissions and Attributes Using RADIUS and Group Policies
Attributes Sent to the RADIUS Server
Two-Factor Authentication
Duo Two-Factor Authentication Using RADIUS
How to Configure Two-Factor Authentication using Duo RADIUS
System Flow for Duo RADIUS Secondary Authentication
Configure Duo RADIUS Secondary Authentication
Create a Duo Account
Configure Device for Duo RADIUS Using Security Cloud Control
Duo Two-Factor Authentication using LDAP
How to Configure Two-Factor Authentication using Duo LDAP
System Flow for Duo LDAP Secondary Authentication
Configure Duo LDAP Secondary Authentication
Create a Duo Account
Upload a Trusted CA Certificate to an FDM-Managed Device
Configure FTD for Duo LDAP in Security Cloud Control
End-to-End Remote Access VPN Configuration Process for an FDM-Managed Device
Download AnyConnect Client Software Packages
Upload AnyConnect Software Packages to an FDM-Managed Device Running Version 6.4.0
Upload AnyConnect Software Packages to an FDM-Managed Device Running Version 6.5 or Later
Upload an AnyConnect Package from Security Cloud Control Repository
Before you Begin
Upload new AnyConnect Packages
Replace an Existing AnyConnect Package
Delete the AnyConnect Package
Create an RA VPN Configuration
Procedure
Modify RA VPN Configuration
Configure an RA VPN Connection Profile
Procedure
Configure AAA for a Connection Profile
Allow Traffic Through the Remote Access VPN
Upgrade AnyConnect Package on an FDM-Managed Device Running Version 6.4.0
Prerequisites
Upload your desired AnyConnect Package to Secure Firewall Threat Defense using Firewall Device Manager
Verify the new package is referenced in the RA VPN connection profile
Upload RA VPN AnyConnect Client Profile
Guidelines and Limitations of Remote Access VPN for FDM-Managed Device
How Users Can Install the AnyConnect Client Software on FDM-Managed Device
Distribute new AnyConnect Client Software version
Upload RA VPN AnyConnect Client Profile
Licensing Requirements for Remote Access VPN
Maximum Concurrent VPN Sessions By Device Model
RADIUS Change of Authorization
Configure Change of Authorization on the FDM-Managed Device
Procedure
Verify Remote Access VPN Configuration of FDM-Managed Device
View Remote Access VPN Configuration Details of FDM-Managed Device
Monitor Remote Access Virtual Private Network Sessions
Monitor Live AnyConnect Remote Access VPN Sessions
View Live Remote Access VPN Data
Monitor Historical AnyConnect Remote Access VPN Sessions
View Historical Remote Access VPN Data
Search and Filter Remote Access VPN Sessions
Customize the Remote Access VPN Monitoring View
Export Remote Access VPN Sessions to a CSV File
Remote Access VPN Dashboard
Disconnect Remote Access VPN Sessions of an ASA User
Disconnect all Active RA VPN Sessions of a User
Disconnect Remote Access VPN Sessions on FDM-Managed Device
Disconnect Remote Access VPN Sessions on FTD
Monitor Multi-Factor Authentication Events
Monitor Multi-Factor Authentication Events
View MFA Events in Dashboard and Tabular Forms
Search and Filter MFA Events
Customize the MFA View
Export MFA Events to a CSV File
Cisco Security Analytics and Logging
About Security Analytics and Logging (SaaS) in Security Cloud Control
Event Types in Security Cloud Control
About Security Analytics and Logging (SAL SaaS) for the ASA
Implementing Secure Logging Analytics (SaaS) for ASA Devices
Send ASA Syslog Events to the Cisco Cloud using a Security Cloud Control Macro
Creating an ASA Security Analytics and Logging (SaaS) Macro
Send ASA Syslog Events to the Cisco Cloud Using the Command Line Interface
Security Cloud Control Command Line Interface for ASA
Forward ASA Syslog Events to the Secure Event Connector
Send ASA Syslog Events to the Cisco Cloud Using CLI
Create a Custom Event List
Include the Device ID in Non-EMBLEM Format Syslog Messages
NetFlow Secure Event Logging (NSEL) for ASA Devices
Configuring NSEL for ASA Devices by Using a Security Cloud Control Macro
Open the Configuring NSEL Macro
Define the Destination of NSEL Messages and the Interval at Which They Are Sent to the SEC
Create a Class-Map that Defines which NSEL Events Will Be Sent to the SEC
Define a Policy-Map for NSEL Events
Disable Redundant Syslog Messages
Review and Send the Macro
Delete NetFlow Secure Event Logging (NSEL) Configuration from an ASA
Open the DELETE-NSEL Macro
Enter the Values in the Macro to Complete the No Commands
Determine the Name of an ASA Global Policy
Troubleshooting NSEL Data Flows
Verify that NSEL Events are Being Sent to the SEC
Use the "capture" Command to Capture NSEL Packets Sent from the ASA to the SEC
Verify that NetFlow Packets are Being Received by the Cisco Cloud
Check for Live NSEL Events
Check for Historical NSEL Events
Parsed ASA Syslog Events
Secure Logging Analytics for FDM-Managed Devices
Implementing Secure Logging Analytics (SaaS) for FDM-Managed Devices
Send FDM Events to Security Cloud Control Events Logging
Send FDM-Managed Events Directly to the Cisco Cloud
Implementing SAL (SaaS) for Cloud-Delivered Firewall Management Center-Managed Devices
Requirements, Guideline, and Limitations for the SAL (SaaS) Integration
Send Cloud-delivered Firewall Management Center-Managed Events to SAL (SaaS) Using Syslog
Send Cloud-delivered Firewall Management Center-Managed Event Logs to SAL (SaaS) Using a Direct Connection
Enable or Disable Threat Defense Devices to Send Event logs to SAL (SaaS) Using a Direct Connection
Secure Event Connectors
Installing Secure Event Connectors
Install a Secure Event Connector on an SDC Virtual Machine
Installing an SEC Using a Security Cloud Control Image
Install a Security Cloud Control Connector, to Support a Secure Event Connector, Using a Security Cloud Control VM Image
Install the Secure Event Connector on the Security Cloud Control Connector VM
Deploy Secure Event Connector on Ubuntu Virtual Machine
Install an SEC Using Your VM Image
Install a Security Cloud Control Connector to Support an SEC Using Your VM Image
Additional Configuration for SDCs and Security Cloud Control Connectors Installed on a VM You Created
Install the Secure Event Connector on your Security Cloud Control Connector Virtual Machine
Install a Secure Event Connector on an AWS VPC Using a Terraform Module
Deprovisioning Cisco Security Analytics and Logging (SaaS)
Remove the Secure Event Connector
Remove an SEC from Security Cloud Control
Remove SEC files from the SDC
Provision a Cisco Secure Cloud Analytics Portal
Review Sensor Health and Security Cloud Control Integration Status in Secure Cloud Analytics
Cisco Secure Cloud Analytics Sensor Deployment for Total Network Analytics and Reporting
Viewing Cisco Secure Cloud Analytics Alerts from Security Cloud Control
Inviting Users to Join Your Secure Cloud Analytics Portal
Cross-Launching from Security Cloud Control to Secure Cloud Analytics
Cisco Secure Cloud Analytics and Dynamic Entity Modeling
Working with Alerts Based on Firewall Events
Triage open alerts
Snooze alerts for later analysis
Update the alert for further investigation
Review the alert and start your investigation
Examine the entity and users
Remediate issues using Secure Cloud Analytics
Update and close the alert
Modifying Alert Priorities
Viewing Live Events
Play/Pause Live Events
View Historical Events
Customize the Events View
Correlate Threat Defense Event Fields and Column Names
Show and Hide Columns on the Event Logging Page
Change the Time Zone for the Event Timestamps
Customizable Event Filters
Event Attributes in Security Analytics and Logging
EventGroup and EventGroupDefinition Attributes for Some Syslog Messages
EventName Attributes for Syslog Events
Time Attributes in a Syslog Event
Cisco Secure Cloud Analytics and Dynamic Entity Modeling
Working with Alerts Based on Firewall Events
Triage open alerts
Snooze alerts for later analysis
Update the alert for further investigation
Review the alert and start your investigation
Examine the entity and users
Update and close the alert
Modifying Alert Priorities
Searching for and Filtering Events in the Event Logging Page
Filter Live or Historical Events
Filter Only NetFlow Events
Filter for ASA or FDM-Managed Device Syslog Events but not ASA NetFlow Events
Combine Filter Elements
Search Historical Events in the Background
Search for Events in the Events Logging Page
Schedule a Background Search in the Event Viewer
Download a Background Search
Data Storage Plans
Extend Event Storage Duration and Increase Event Storage Capacity
View Security Analytics and Logging Data Plan Usage
Finding Your Device's TCP, UDP, and NSEL Port Used for Secure Logging Analytics (SaaS)
Troubleshooting Network Problems Using Security and Analytics Logging Events
FTD Dashboard
About the FTD Dashboard
View the FTD Dashboard
FTD Dashboard Widgets
Top Intrusion Rules Widget
Top Intrusion Attackers Widget
Top Intrusion Targets Widget
Top Malware Signatures Widget
Top Malware Senders Widget
Top Malware Receivers Widget
Malware Events by Disposition Widget
Network Activity Widget
Event Activity Widget
Access Control Actions Widget
Top Access Control Policies Widget
Top Access Control Rules Widget
Top Devices Widget
Top Users Widget
Top Users by Blocked Connections Widget
Top Devices with Health Alerts Widget
Top Loaded Devices Widget
Top Web Applications Widget
Top Client Applications Widget
Top Blocked Web Applications Widget
Modify Time Settings for the FTD Dashboard
Cisco Secure Dynamic Attributes Connector
About the Cisco Secure Dynamic Attributes Connector
How It Works
Enable the Cisco Secure Dynamic Attributes Connector
About the Dashboard
Dashboard of an Unconfigured System
Dashboard of a Configured System
Add, Edit, or Delete Connectors
Add, Edit, or Delete Dynamic Attributes Filters
Add, Edit, or Delete Adapters
Create a Connector
Amazon Web Services Connector—About User Permissions and Imported Data
Create an AWS User with Minimal Permissions for the Cisco Secure Dynamic Attributes Connector
Create an AWS Connector
Azure Connector—About User Permissions and Imported Data
Create an Azure User with Minimal Permissions for the Cisco Secure Dynamic Attributes Connector
Create an Azure Connector
Create an Azure Service Tags Connector
Create a Multicloud Defense Connector
Create a Generic Text Connector
Create a GitHub Connector
Google Cloud Connector—About User Permissions and Imported Data
Create a Google Cloud User with Minimal Permissions for the Cisco Secure Dynamic Attributes Connector
Create a Google Cloud Connector
Create an Office 365 Connector
Create a Webex Connector
Create a Zoom Connector
Create an Adapter
How to Create an On-Prem Firewall Management Center Adapter
How to Create a Cloud-delivered Firewall Management Center Adapter
Create Dynamic Attributes Filters
Dynamic Attribute Filter Examples
Disable the Cisco Secure Dynamic Attributes Connector
Use Dynamic Objects in Access Control Policies
About Dynamic Objects in Access Control Rules
Create Access Control Rules Using Dynamic Attributes Filters
Troubleshoot the Dynamic Attributes Connector
Troubleshoot Error Messages
Get Your Tenant ID
Troubleshooting
Troubleshoot an Secure Firewall ASA Device
ASA Fails to Reconnect to Security Cloud Control After Reboot
Cannot onboard ASA due to certificate error
Determine the OpenSSL Cipher Suite Used by your ASA
Cipher Suites Supported by Security Cloud Control's Secure Device Connector
Updating your ASA's Cipher Suite
Troubleshoot ASA using CLI commands
Troubleshoot ASA Remote Access VPN
ASA Real-time Logging
View ASA Real-time Logs
ASA Packet Tracer
Troubleshoot an ASA Device Security Policy
Troubleshoot an Access Rule
Troubleshoot a NAT Rule
Troubleshoot a Twice NAT Rule
Analyze Packet Tracer Results
Cisco ASA Advisory cisco-sa-20180129-asa1
Confirming ASA Running Configuration Size
Container Privilege Escalation Vulnerability Affecting Secure Device Connector: cisco-sa-20190215-runc
Updating a Security Cloud Control-Standard SDC Host
Updating a Custom SDC Host
Bug Tracking
Large ASA Running Configuration Files
Troubleshoot FDM-Managed Devices
Troubleshoot the Executive Summary Report
Troubleshoot FDM-Managed Device Onboarding
Failed Because of Insufficient License
Troubleshoot Device Unregistered
Troubleshooting Device Registration Failure during Onboarding with a Registration Key
Troubleshoot Intrusion Prevention System
Troubleshooting SSL Decryption Issues
Troubleshoot FDM-Managed HA Creation
FDM-Managed Device Executive Summary Report
Troubleshoot a Secure Device Connector
SDC is Unreachable
SDC Status not Active on Security Cloud Control after Deployment
Changed IP Address of the SDC is not Reflected in Security Cloud Control
Troubleshoot Device Connectivity with the SDC
Intermittent or No Connectivity with SDC
Container Privilege Escalation Vulnerability Affecting Secure Device Connector: cisco-sa-20190215-runc
Updating a Security Cloud Control-Standard SDC Host
Updating a Custom SDC Host
Bug Tracking
Invalid System Time
SDC version is lower than 202311****
Certificate or Connection errors with AWS servers
Secure Event Connector Troubleshooting
Troubleshooting SEC Onboarding Failures
Troubleshooting Secure Event Connector Registration Failure
Troubleshooting NSEL Data Flows
Event Logging Troubleshooting Log Files
Run the Troubleshooting Script
Uncompress the sec_troubleshoot.tar.gz file
Generating SEC Bootstrap data failed.
SEC Status is Inactive in Security Cloud Control
The SEC is "online", but there are no events in Security Cloud Control Event Logging Page
SEC Cleanup Command
SEC Cleanup Command Failure
Use Health Check to Learn the State of your Secure Event Connector
Troubleshoot Security Cloud Control
Troubleshooting Login Failures
Troubleshooting Login Failures after Migration
Troubleshooting Access and Certificates
Troubleshoot User Access with Security Cloud Control
Resolve New Fingerprint Detected State
Troubleshooting SSL Decryption Issues
Troubleshoot Intrusion Prevention System
Troubleshooting Objects
Resolve Duplicate Object Issues
Resolving Inconsistent or Unused Security Zone Objects
Resolve Unused Object Issues
Resolve an Unused Object Issue
Remove Unused Objects in Bulk
Resolve Inconsistent Object Issues
Resolve Object Issues in Bulk
Unignore Objects
Device Connectivity States
Troubleshoot Device Unregistered
Troubleshoot Insufficient Licenses
Troubleshoot Invalid Credentials
Troubleshoot New Certificate Issues
New Certificate Detected
Troubleshoot Onboarding Error
Troubleshoot FDM-Managed Device Onboarding Using Serial Number
Claim Error
Provisioning Error
Resolve the Conflict Detected Status
Resolve the Not Synced Status
Troubleshoot Unreachable Connection State
FAQ and Support
Cisco Security Cloud Control
FAQ About Onboarding Devices to Security Cloud Control
FAQs About Onboarding Secure Firewall ASA to Security Cloud Control
FAQs About Onboarding FDM-Managed Devices to Security Cloud Control
FAQs About Onboarding Secure Firewall Threat Defense to Cloud-delivered Firewall Management Center
FAQs About On-Premises Secure Firewall Management Center
FAQs About Onboarding Meraki Devices to Security Cloud Control
FAQs About Onboarding SSH Devices to Security Cloud Control
FAQs About Onboarding IOS Devices to Security Cloud Control
Device Types
Security
Troubleshooting
Terminologies and Definitions used in Zero-Touch Provisioning
Policy Optimization
Connectivity
Complete the Initial Configuration of a Secure Firewall Threat Defense Device Using the CLI
About Data Interfaces
How Security Cloud Control Processes Personal Information
Contact Security Cloud Control Support
Export The Workflow
Open a Support Ticket with TAC
How Security Cloud Control Customers Open a Support Ticket with TAC
How Security Cloud Control Trial Customers Open a Support Ticket with TAC
Security Cloud Control Service Status Page
Security and Internet Access
Internet Access Requirements
Open Source and 3rd Party License Attribution
Open Source and Third-Party License in SDC
Terraform
About Terraform
undefined