Onboard a Device with Low-Touch Provisioning

Only the Firepower 1000, Firepower 2100, and Secure Firewall 3100 devices can be onboarded with the low-touch provisioning method.

Before you begin

Confirm the following is completed prior to onboarding:

  • Cloud-Delivered Firewall Management Center is enabled for your tenant.

  • The device is freshly installed but has never been logged into by either the device CLI or the FDM.

  • The device is running version 7.2 or later. Version 7.0.3 does not support low-touch provisioning.

Procedure


Step 1

Log in to CDO.

Step 2

In the navigation pane, click Inventory and click the blue plus button.

Step 3

Click the FTD tile.

Step 4

Under Management Mode, be sure FTD is selected.

Warning

By selecting FTD under Management Mode, you will not be able to manage the device using the previous mangement platform. All existing policy configurations except for interface configurations will be reset. You must re-configure policies after you onboard the device.

If you want the device to maintain management from the Firepower Device Manager, select FDM and see Onboard an FDM-Managed Device Running Software Version 6.6+ Using a Registration Key for more information.

Step 5

Enter the Device Serial Number and the Device Name. Select Next.

Step 6

Password Reset. Select the Yes, this new device has never been logged into or configured for a manager option.

If your device has been previously registered for a manager or is still registered to a manager, see Onboard a Device with a Serial Number.

Step 7

Click Next.

Step 8

In the Policy Assignment step, use the drop-down menu to select an access control policy to deploy once the device is onboarded. If you have no policies configured, select the Default Access Control Policy.

Step 9

Select all licenses you want applied to the device. Click Next.


What to do next

Once the device is sychronized, select the device you just onboarded from the Inventory page and select any of the options listed under the Management pane located to the right. We strongly recommend the following actions:
  • If you did not already, create a custom access control policy to customize the security for your environment. See Access Control Overview in Managing Firewall Threat Defense with Cloud-Delivered Firewall Management Center in Cisco Defense Orchestrator for more information.

  • Enable Cisco Security Analytics and Logging (SAL) to view events in the CDO dashboard or register the device to an Firepower Management Center for security analytics. See Cisco Security Analytics and Logging in Managing Firewall Threat Defense with Cloud-Delivered Firewall Management Center in Cisco Defense Orchestrator for more information.