Onboard Threat Defense Devices using Device Templates to Cloud-delivered Firewall Management Center using Zero-Touch Provisioning

Only the Firepower 1000, Firepower 2100, Secure Firewall 1200, and Secure Firewall 3100 devices can be onboarded with the zero-touch provisioning method.

Before you begin

Confirm that the following is completed before onboarding:

  • You have a Security Cloud Control tenant. If you do not, see Request a Security Cloud Control Tenant for more information.

  • Cloud-delivered Firewall Management Center is enabled for your tenant.

  • The device is freshly installed but has never been logged into by either the device CLI, a management center, or the device manager.

  • The device is running version 7.4 or later.

Procedure

Step 1

Log in to Security Cloud Control.

Step 2

In the left pane, click Security Devices.

Step 3

In the top-right corner, click Onboard ().

Step 4

Click the FTD tile.

Step 5

Click the Bulk Onboard using CSV File tile.

Step 6

In the Template Assignment field, select a template from the drop-down list. The access control policy associated with the template and the supported device models for the selected template are then displayed. Click Next.

Step 7

In the Upload CSV File field, Drag & drop your CSV template file or Click to select the CSV template file that you want to upload.

You can download a CSV Sample Template File to have a look at the required header details that have to be used in the template. The CSV template file must be less than 2 MB in size. The filename must satisfy the following criteria:

  • Can have a maximum of 64 characters.

  • Only alphanumeric characters and special characters such as dash (-), period (.), and underscore (_) are allowed.

  • Must not contain any spaces.

A properly formatted .csv file has the following fields:

  • Mandatory fields

    • Display Name - Name of the device. Type: string. Example: test1

    • Serial Number - Serial number of the device. Type: string, Example: JADX345670EG

  • Optional fields

    • Device Group - Name of the device group, Type: string, Example: testgroup

    • Admin Password - Password for admin access, Type: string, Example: E28@2OiUrhx

  • Variables - Use the following format: $<varName>. Sample variable: $LAN-Devices-IPv4Address - IPv4 address of the LAN device. Type: string. Example: 1.2.3.4.

  • Network object overrides - Use the following format:<objType>:<objName>. Sample network object override: Network:LAN-Devices-Network - IP address of the network of LAN devices. Type: string. Example: 1.2.3.4.

A sample CSV template file containing configuration for two devices is as given below.

DisplayName SerialNumber AdminPassword $WANLinkIP Host:gateway
Branch A FTD JADX345410AB C15c05n0rt# 10.20.30.1 10.2.3.1
Branch B FTD JADX345670CE Admin123! 10.20.30.5 10.2.3.1

Step 8

Click Next.

Step 9

A statement mentioning that the devices are being onboarded is displayed. You can check the onboarding status of the devices in the Security Devices window.

What to do next

Once the device is synchronized, select the device you just onboarded from the Inventory page and select any of the options listed under the Device Management pane located to the right. We strongly recommend the following actions:

  • If you did not already, create a custom access control policy to customize the security for your environment. See Access Control Overview in Managing Firewall Threat Defense with Cloud-Delivered Firewall Management Center in Cisco Security Cloud Control for more information.

  • Enable Cisco Security Analytics and Logging (SAL) to view events in the Security Cloud Control dashboard or register the device to an Secure Firewall Management Center for security analytics. See Cisco Security Analytics and Logging in Managing Firewall Threat Defense with Cloud-Delivered Firewall Management Center in Cisco Security Cloud Control for more information.