Onboard an On-Premises Firewall Management Center to Security Cloud Control

Limitations and Guidelines

These are the limitations applicable to onboarding an on-premises Firewall Management Center:

• Onboarding an on-premises Firewall Management Center also onboards all devices registered to the on-premises Firewall Management Center. If a managed device is disabled or unreachable, Security Cloud Control may display the device in the Security Devices page, but cannot successfully send requests or view device information.

• Onboarding an on-premises Firewall Management Center does not cascade the policies in the on-premises Firewall Management Center to Security Cloud Control or Cloud-Delivered Firewall Management Center. However, you can migrate a Firewall Threat Defense managed by on-premises Firewall Management Center to Cloud-Delivered Firewall Management Center using the built-in Migrate FTD to cdFMC feature. This feature brings all policies linked to the device. For more information, see Migrate Threat Defense to Cloud-delivered Firewall Management Center.

• We recommend creating a new user on the on-premises Firewall Management Center specifically for Security Cloud Control communication that has administrator-level permissions. If you onboard an on-premises Firewall Management Center and then log into that on-premises Firewall Management Center simultaneously using the same credentials, onboarding fails.

• To create a new user on the on-premises Firewall Management Center for Security Cloud Control communication, set the Maximum Number of Failed Logins for user configuration to zero.

• For on-premises Firewall Management Centers running version 7.4 or older, if you experience a switchover and the FMC is no longer connected to the cloud, try disabling SecureX and then re-enabling it.