Onboard a Device with a Serial Number
Only the Firepower 1000, Firepower 2100, and Secure Firewall 3100 devices can be onboarded with the serial number onboarding method.
Before you begin
Be sure the following is completed prior to onboarding:
-
Cloud-delivered Firewall Management Center is enabled for your tenant.
-
Confirm the device's CLI configuration is successfully completed. See Complete the Initial Configuration of a Secure Firewall Threat Defense Device Using the CLI for more information.
-
Review the prerequesites and limitations before you onboard the device. See "Prerequesites to Onboard a Device to Cloud-delivered Firewall Management Center" in Managing Firewall Threat Defense with Cloud-Delivered Firewall Management Center in Cisco Defense Orchestrator for more information.
-
Deregister any existing smart licenses the device may have enabled prior to onboarding.
-
Confirm the device is configured for local management and is currently managed by Secure Firewall device manager.
-
The device is running version 7.2 and later. Version 7.0.3 does not support onbarding with serial numbers.
Procedure
Step 1 | In the Secure Firewall device manager UI, navigate to and select the Auto-enroll with Tenancy from Cisco Defense Orchestrator option and click Register. | ||
Step 2 | Log in to CDO. | ||
Step 3 | In the left pane, click Inventory. | ||
Step 4 | Click the FTD tile. | ||
Step 5 | Under Management Mode, ensure you select FTD. By selecting FTD under Management Mode, you will not be able to manage the device using the previous management platform. All existing policy configurations except for interface configurations will be reset. You must re-configure policies after you onboard the device.
| ||
Step 6 | Select Use Serial Number. | ||
Step 7 | Expand the drop-down menu and select a management center. You can select either the cloud-delivered Firewall Management Center assocaited with your tenant or an On-Prem Firewall Management Center that has already been onboarded to CDO. If you do not already have an on-prem management center onboarded or do not see the one you want to use for this device, click + Onboard On-Prem FMC and follow the steps here. | ||
Step 8 | Enter the Device Serial Number and the Device Name. Click Next. | ||
Step 9 | Password Reset. Select No, this device has been logged into and configured for a manager. This implies that the device has already been registered to a device manager and the default password was changed as part of that configuration. If your device is brand new and has never been configured for a manager, see
Onboard a Device with Zero-Touch Provisioning. | ||
Step 10 | Click Next. | ||
Step 11 | In the Policy Assignment step, use the drop-down menu to select an access control policy to deploy once the device is onboarded. If you have no policies configured, select the Default Access Control Policy. | ||
Step 12 | Select the subscription licenses you want to apply to the device. Click Next. |
What to do next
-
If you did not already, create a custom access control policy to customize the security for your environment. See Access Control Overview in Managing Firewall Threat Defense with Cloud-Delivered Firewall Management Center in Cisco Defense Orchestrator for more information.
-
Enable Cisco Security Analytics and Logging (SAL) to view events in the CDO dashboard or register the device to an Secure Firewall Management Center for security analytics. See Cisco Security Analytics and Logging in Managing Firewall Threat Defense with Cloud-Delivered Firewall Management Center in Cisco Defense Orchestrator for more information.