Onboard a Device with Zero-Touch Provisioning
Only the Firepower 1000, Firepower 2100, and Secure Firewall 3100 devices can be onboarded with the zero-touch provisioning method.
Before you begin
Confirm the following is completed prior to onboarding:
-
You have a CDO tenant. If you do not, see Request a CDO Tenant for more information.
-
Cloud-delivered Firewall Management Center is enabled for your tenant.
-
The device is freshly installed but has never been logged into by either the device CLI, a management center, or the device manager.
-
The device is running version 7.2 or later. Version 7.0.3 does not support zero-touch provisioning.
Procedure
Step 1 | Log in to CDO. | ||
Step 2 | In the left pane, click Inventory. | ||
Step 3 | In the top-right corner, click Onboard (). | ||
Step 4 | Click the FTD tile. | ||
Step 5 | Under Management Mode, ensure you select FTD. By selecting FTD under Management Mode, you will not be able to manage the device using the previous management platform. All existing policy configurations except for interface configurations will be reset. You must re-configure policies after you onboard the device.
| ||
Step 6 | Click the Use Serial Number tile. | ||
Step 7 | Select an FMC from the drop-down list. Click Next. | ||
Step 8 | Enter the Device Serial Number and the Device Name. Select Next. | ||
Step 9 | Choose an option depending on whether the device is logged into and configured for a manager:
| ||
Step 10 | Click Next. | ||
Step 11 | In the Policy Assignment step, use the drop-down menu to select an access control policy to deploy once the device is onboarded. If you have no policies configured, select the Default Access Control Policy. | ||
Step 12 | Select the subscription licenses you want to apply to the device. Click Next. |
What to do next
-
If you did not already, create a custom access control policy to customize the security for your environment. See Access Control Overview in Managing Firewall Threat Defense with Cloud-Delivered Firewall Management Center in Cisco Defense Orchestrator for more information.
-
Enable Cisco Security Analytics and Logging (SAL) to view events in the CDO dashboard or register the device to an Secure Firewall Management Center for security analytics. See Cisco Security Analytics and Logging in Managing Firewall Threat Defense with Cloud-Delivered Firewall Management Center in Cisco Defense Orchestrator for more information.