Onboard a Firewall Threat Defense Device to On-Prem Firewall Management Center using Zero-Touch Provisioning
Only the Firepower 1000, Firepower 2100, Secure Firewall 1200, and Secure Firewall 3100 devices can be onboarded to on-premises management center using the zero-touch provisioning method.
Before you begin
Confirm the following is completed prior to onboarding:
-
You have a Security Cloud Control tenant. If you do not, see Request a Security Cloud Control Tenant for more information.
-
Before onboarding any new devices, ensure an on-prem FMC is fully set up, configured, and recognized as a management center within your Security Cloud Control tenant.
-
The device is freshly installed and has never been logged into through the device CLI, a Firewall Management Center, or the Firewall Device Manager.
-
The device is running version 7.2 or later. Version 7.0.3 does not support zero-touch provisioning.
Procedure
Step 1 | Log in to Security Cloud Control. | ||
Step 2 | In the top-right corner, click Onboard ( | ||
Step 3 | Click the FTD tile. | ||
Step 4 | Under Management Mode, ensure you select FTD. By selecting FTD under Management Mode, you will not be able to manage the device using the previous management platform. All existing policy configurations except for interface configurations will be reset. You must re-configure policies after you onboard the device.
| ||
Step 5 | Click Use Serial Number. | ||
Step 6 | Select an available on-prem FMC from the drop-down list. Click Next.
For information on onboarding a threat defense device to a cloud-delivered Firewall Management Center, see Onboard a Threat Defense Device to Cloud-delivered Firewall Management Center using Zero-Touch Provisioning. | ||
Step 7 | Enter the Device Serial Number and the Device Name. Click Next. | ||
Step 8 | Choose an option depending on whether the device is logged into and configured for a manager:
| ||
Step 9 | Click Next. | ||
Step 10 | In the Policy Assignment step, use the drop-down menu to select an access control policy to deploy once the device is onboarded. If you have no policies configured, select the Default Access Control Policy. | ||
Step 11 | Select the subscription licenses you want to apply to the device. Click Next. |
What to do next
Once the device is synchronized, select the device you just onboarded from the Security Devices page and select any of the options listed under the Device Management pane located to the right. We strongly recommend these actions:
-
If you did not already, create a custom access control policy to customize the security for your environment.
For more information, see Access Control Overview.
-
You can enable Cisco Security Analytics and Logging to view events in the Security Cloud Control dashboard, or register the device to a Secure Firewall Management Center for security analytics.
For more information, see Cisco Security Analytics and Logging.