Enable or Disable Threat Defense Devices to Send Event logs to SAL (SaaS) Using a Direct Connection

Enable or disable the FTD devices managed by the cloud-delivered Firewall Management Center to send events directly to SAL (SaaS). This device-level control allows you to optionally exclude specific FTD devices from sending event logs to the Cisco cloud to reduce traffic or to maintain a combination of SAL and on-premises event log storage.

Note

  • To enable or disable sending events to the Cisco cloud from the FTD devices, enable the Cisco cloud event global setting in the cloud-delivered Firewall Management Center. For more information on enabling the Cisco cloud event global setting, see Send Cloud-delivered Firewall Management Center-Managed Event Logs to SAL (SaaS) Using a Direct Connection.

    Sending events to the Cisco cloud is enabled by default for all FTD devices when the Cisco cloud event global setting is enabled in the cloud-delivered Firewall Management Center.

  • The option to enable or disable FTD devices to send event logs to the cloud is supported on FTD Version 7.4.1 or later.

Before you begin

  • Onboard devices to the cloud-delivered Firewall Management Center, assign licenses to these devices, and configure these devices to send events directly to SAL (SaaS).

  • Enable connection logging on a per-rule basis by editing a rule and choosing the Log at Beginning of Connection and Log at End of Connection options.

Procedure

Step 1

Log in to Security Cloud Control.

Step 2

From the left pane, click Security Devices.

Step 3

Click the Devices tab to view the device.

Step 4

Click the FTD tab to view FTD devices.

Step 5

Choose the FTD devices whose configurations you want to edit, from the inventory list.

Step 6

In the Device Management pane, click Cloud Events.

Step 7

Click the Send Events to the Cisco Cloud toggle button to enable or disable the configuration.

Step 8

Click Save.