Onboard an FDM-Managed HA Pair Running Threat Defense Version 6.6 or Version 6.7 and later

To onboard an FDM-managed HA pair running threat defense version 6.6 or 6.7, you must onboard the device one at a time. It does not matter if you onboard the active or standby, the primary or secondary device.

Note

If you onboard either device of an HA pair with a registration key, you must onboard the other peer device in the same method.

Use the following steps for onboard an HA pair running version 6.6 or 6.7:

Procedure


Step 1

Onboard a peer device. See Onboard an FDM-Managed Device Running Software Version 6.6+ Using a Registration Key

Step 2

In the left pane, click Security Devices.

Step 3

Click the Devices tab to locate your device.

Step 4

Click the FTD tab. Once the device is synced, select the device so it is highlighted. In the action pane located directly below Device Details, click Onboard Device.

Step 5

Enter the HA Peer Device Name for the peer device that has already been onboarded. Click Next.

Step 6

If you provided a smart license for the first device, Security Cloud Control repopulates that license so you can use it for onboarding this current device. Click Next.

Step 7

Security Cloud Control automatically generates that registration key for the device you are preparing to onboarding. Click the Copy icon to copy the registration key.

Step 8

Log into the Secure Firewall device manager UI of the device you want to onboard to Security Cloud Control.

Step 9

Under System Settings, click Cloud Services.

Step 10

In the Enrollment Type area, click Security/Security Cloud Control Account.

Note

For devices running version 6.6, note that the Tenancy tab for Security Cloud Control is titled Security Account and you must manually enable Security Cloud Control in the Secure Firewall device manager UI.

Step 11

In the Region field, select the Cisco cloud region that your tenant is assigned to.

Step 12

In the Registration Key field, paste the registration key that you generated in Security Cloud Control.

Step 13

For devices running version 6.7 or later in the Service Enrollment area, check Enable Cisco Security Cloud Control.

Step 14

Review the information about the Cisco Success Network Enrollment. If you do not want to participate, uncheck the Enroll Cisco Success Network check box.

Step 15

Click Register and then Accept the Cisco Disclosure. FDM sends the registration request to Security Cloud Control.

Step 16

Return to Security Cloud Control, in the Create Registration Key area, click Next.

Step 17

In the Smart License area, you can apply a smart license to the FDM-managed device and click Nextor you can click Skip to continue the onboarding with a 90-day evaluation license or if the device is already smart-licensed. For more information, see Updating an Existing Smart License of an FDM-Managed Device.

Note

If your device is running version 6.6, you need to manually enable communication to Security Cloud Control. From the device's FDM-managed UI, navigate to System Settings > Cloud Services and, in the Cisco Security Cloud Control tile, click Enable.

Step 18

Return to Security Cloud Control, click Go to Inventory. Security Cloud Control automatically onboards the device and combines them as a single entry. Similar to the first peer device you onboard, the device status changes from "Unprovisioned" to "Locating" to "Syncing" to "Synced."