This procedure shows how to register with a new Cloud-Delivered
Firewall Management Center. You should perform these steps even if the new Cloud-Delivered
Firewall Management Center uses the old Cloud-Delivered
Firewall Management Center's IP address.
Procedure
Step 1 | On the old Cloud-Delivered
Firewall Management Center, if present, delete the managed device.
You cannot change the Cloud-Delivered
Firewall Management Center IP address if you have an active connection with the Cloud-Delivered
Firewall Management Center.
|
Step 2 | Connect to the device CLI, for example using SSH. |
Step 3 | Configure the new Cloud-Delivered
Firewall Management Center.
configure manager add {hostname |
IPv4_address | IPv6_address |
DONTRESOLVE } regkey [nat_id]
[display_name]
-
{hostname | IPv4_address | IPv6_address}—Sets the Cloud-Delivered
Firewall Management Center hostname, IPv4 address, or IPv6 address.
-
DONTRESOLVE —If the Cloud-Delivered
Firewall Management Center is not directly addressable, use DONTRESOLVE instead of a hostname or IP address. If you use DONTRESOLVE , then a nat_id is required. When you add this device to the Cloud-Delivered
Firewall Management Center, make sure that you specify both the device IP address and the nat_id ; one side of the connection needs to specify an IP address, and both sides need to specify the same, unique NAT ID.
-
regkey —Make up a registration key to be
shared between the Cloud-Delivered
Firewall Management Center and the device during registration. You can choose any text
string for this key between 1 and 37 characters; you will enter the
same key on the Cloud-Delivered
Firewall Management Center when you add the Firewall Threat Defense.
-
nat_id —Make up an alphanumeric string from
1 to 37 characters used only during the registration process between
the Cloud-Delivered
Firewall Management Center and the device when one side does not specify an IP address. This
NAT ID is a one-time password used only during registration. Make
sure the NAT ID is unique, and not used by any other devices
awaiting registration. Specify the same NAT ID on the Cloud-Delivered
Firewall Management Center when you add the Firewall Threat Defense.
-
display_name —Provide a display name for showing this manager with the show managers command. This option is useful if you are identifying Security Cloud Control as the primary manager and an on-prem Cloud-Delivered
Firewall Management Center for analytics only. If you don't specify this argument, the firewall auto-generates a display name using one of the following methods:
Example:
> configure manager add DONTRESOLVE abc123 efg456
Manager successfully configured.
Please make note of reg_key as this will be required while adding Device in FMC.
>
|
Step 4 | Add the device to the Cloud-Delivered
Firewall Management Center. |