Onboard FDM-Managed Device
FDM-managed Device Management
You can only onboard FDM-managed threat defense devices to Security Cloud Control. These devices cannot be managed by Cloud-delivered Firewall Management Center.
If the device is not configured for local management, you must switch to local management before onboarding the device. See the Switching Between Local and Remote Management chapter of the Secure Firewall Threat Defense Configuration Guide for Firepower Device Manager.
Licensing
The device must have at least an license installed before it can be onboarded to Security Cloud Control although you can have a Smart License applied in some circumstances.
|
Onboarding Method |
Secure Firewall Device Manager Software Version |
90-day Evaluation licensed allowed? |
Can the device already be smart-licensed before onboarding? |
Can the device already be registered with Cisco Cloud Services before you onboarding? |
|---|---|---|---|---|
|
Credentials (user name and password) |
6.4 or later |
Yes |
Yes |
Yes |
| Registration Key |
6.4 or 6.5 |
Yes |
No. Unregister the smart license and then onboard the device. |
N/A |
|
Registration Key |
6.6 or later |
Yes |
Yes |
No. Unregister the device from Cisco Cloud Services and then onboard the device. |
|
Zero-Touch Provisioning |
6.7 or later |
Yes |
Yes |
Yes |
|
Onboarding a device with a Serial Number |
6.7 or later |
Yes |
Yes |
Yes |
See Cisco Firepower System Feature Licenses for more information.
Device Addressing
It is a best practice that the address you use to onboard the FDM-managed device is a static address. If the device's IP address is assigned by DHCP, it would be optimal to use a DDNS (dynamic domain name system) to automatically update your device's domain name entry with the new IP address of the device if it changes.
Note | FDM-managed devices do not natively support DDNS; you must configure your own DDNS. |
Important | If your device gets an IP address from a DHCP server, and you do not have a DDNS server updating the FDM-managed device's domain name entry with any new IP addresses, or your device receives a new address, you can change the IP address the manager maintains for the device and then reconnect the device. Better still, onboard the device with a registration key. |