Auto-Onboard an On-Prem Firewall Management Center with SecureX

As a Super Admin or Admin user on CDO, you can use the platform's auto-onboarding of on-prem management centers functionality. This feature automatically initiates the onboarding process for all on-prem FMCs that are linked to your SecureX tenant. Additionally, it also onboards the threat defense devices that are connected to those on-prem FMCs.

This feature is enabled by default in CDO, so you can expect all on-prem FMCs and threat defense devices to be automatically onboarded, which can significantly enhance efficiency.

CDO polls SecureX for new on-prem management centers every hour. It onboards the active on-prem management center high availability (HA) pair.

Before you begin

Ensure that the following requirements are met:

  • The on-prem management center must be running at least Version 7.2.

  • You must have an active SecureX account.

  • SecureX must be enabled on the on-prem management center. See Cisco Secure Firewall Management Center (7.0.2 and 7.2) and SecureX Integration Guide for steps and more information.

  • You must add the Firepower integration module in SecureX. See Integrate Firepower Management Center with SecureX for steps and more information.

  • You must allow outbound traffic from port 443 on the on-prem management center.

  • The on-prem management center must have a configured module.

  • Merge your CDO tenant and SecureX/CTR account prior to onboarding your device. See Merge Accounts for instructions.

  • After merging your CDO tenant and SecureX/CTR, ensure that you log out of your CDO tenant and log in again.

Procedure

Step 1

Click Tools & Services > Firewall Management Center > and choose FMC.

Step 2

Click Discover From SecureX Account as the method.

The Auto onboard On-Prem FMCs using SecureX feature is enabled by default. You can go to Tools & Services > Firewall Management Center to see the newly onboarded on-prem management centers associated with the SecureX tenant linked to your CDO tenant.

Step 3

You can click the available link to disable this functionality.

Step 4

In the General Settings screen, navigate to the Tenant Settings section, and disable Auto onboard On-Prem FMCs using SecureX tenant.

Note

When you disable this functionality, CDO stops further onboarding of the on-prem management center associated with the SecureX tenant. It doesn't remove the already onboarded on-prem FMCs. You must manually remove them after disabling the functionality.