Deploy a Cloud-Delivered FMC (cdFMC) in Cisco Defense Orchestrator (CDO)

Available Languages

Download Options

  • PDF     (1.3 MB)
    View with Adobe Reader on a variety of devices
  • ePub     (1.4 MB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (1.0 MB)
    View on Kindle device or Kindle app on multiple devices
Updated:September 12, 2022
Document ID:218171

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes the deployment and onboard process of Cloud-Delivered FMC on the CDO platform. 

    Prerequisites

    Requirements

    Cisco recommends knowledge of these topics:

    • Cloud-Delivered Firepower Management Center (cdFMC)
    • Cisco Defense Orchestrator (CDO)
    • Firepower Threat Defense Virtual (FTDv) 

    Minimum FTD version 7.0.3

    Components Used

    The information in this document is based on these software and hardware versions:

    • cdFMC
    • FTDv 7.2.0

    The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

    Background Information 

    Cisco Defense Orchestrator (CDO) is the platform for the cloud-delivered Firewall Management Center (cdFMC). The cloud-delivered Firewall Management Center is a software-as-a-service (SaaS) product that manages Secure Firewall Threat Defense devices. It offers many of the same functions as an on-premises Secure Firewall Secure Firewall Threat Defense. It has the same appearance and behavior as an on-premises Secure Firewall Management Center and uses the same FMC Application Programming Interface (API).

    This product is designed for migration from the on-premises Secure Firewall Management Centers to the Secure Firewall Management Center SaaS version.

    Configure

    Deploy a Cloud-Delivered Firepower Management Center on CDO. 

    These pictures show the initial setup process needed to deploy a cloud-delivered FMC on CDO.

    From the CDO menu, navigate to Tools & Services > Firewall Management Center > Onboard.

    Screenshot 2024-05-03 at 5.07.40 p.m.

    Select Enable Cloud-Delivered FMC.

    Screenshot 2024-05-03 at 5.19.12 p.m.

    CDO privisions a cloud-delivered Firewall Management Center instance in the background; it typically takes 15 to 30 minutes for this to be complete. You can track the provisioning progress on the Status column of Cloud-Delivered FMC.

    Screenshot 2024-05-07 at 4.22.34 p.m.

    After the provisioning is complete, the status changes to Active. In addition, you get a Cloud-delivered Firewall Management Center is Ready notification on the CDO notifications panel.

    Screenshot 2024-05-07 at 4.28.29 p.m.

    Screenshot 2024-05-07 at 4.30.20 p.m.

    You can then onboard your threat defense devices to the cloud-delivered Firewall Management Center and manage them.

    Navigate to Menu > Tools & Services > Firewall Management Center

    cdo_5

    Select your cdFMC to display the cdFMC information and, in order to access the Graphical User Interface (GUI) of the cdFMC, select any of the options available on the right side.

    Screenshot 2024-05-07 at 4.32.13 p.m.

    Now you can see the cdFMC GUI. 

    Capture11

    Onboard an FTD on a Cloud-Delivered FMC

    These images show how to onboard an FTD in order to be registered on a cdFMC with Command Line Interface (CLI) registration key.

    First, select Onboard an FTD on the CDO home page.

    cdo_8

    Then, select the Use CLI Registration Key option.

    cdo_13

    Proceed to enter the requested and desired FTDv information.

    cdo_16

    Finally, the cdFMC creates a specific CLI Keyfor your device. 

    cdo_17

    Copy the CLI Key into the CLI of your managed device.

    cdfmc_cli

    The cdFMC initiates a registration task. 

    cdo_20

    Note: Make sure your FTD device has communication over ports 8305 (sftunnel) and 443 to the CDO tenant in order to complete the registration process. Consult the full Network Requirements

    Note: If you can not connect to the host, you can rectify the DNS configuration in the FTD-CLI with this command: configure network dns <address>.

    To monitor the registration process, navigate to Device Actions > Workflows..

    CDO_21

    Expand the Active state to have additional information, these pictures show how the FTDv was successfully registered. 

    CDO_22

    CDO_23

    Finally, Navigate to Device Management > Device Overview in order to access the cdFMC and review the FTDv overview status.

    CDO_24

    Related Information 

    Revision History

    Revision Publish Date Comments
    1.0
    12-Sep-2022
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • Cesar Ivan Monterrubio Ramirez
      Technical Consulting Engineer
    • Leonel Matus Climaco
      Technical Consulting Engineer

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products