Introduction to Cloud-Delivered Firewall Management Center
The Cloud-Delivered Firewall Management Center is a software-as-a-service (SaaS) product that manages Secure Firewall Threat Defense devices and is delivered via Security Cloud Control. The Cloud-Delivered Firewall Management Center offers many of the same functions as an On-Premises Management Center.
The Cloud-Delivered Firewall Management Center has the same appearance and behavior as an On-Premises Management Center and uses the same FMC API.
As a SaaS product, the Security Cloud Control operations team is responsible for deploying and maintaining Cloud-Delivered Firewall Management Center software. As new features are introduced, the Security Cloud Control operations team updates your Security Cloud Control tenant's Cloud-Delivered Firewall Management Center for you.
A migration wizard is available to help you migrate your Secure Firewall Threat Defense devices from your On-Premises Management Center to the Cloud-Delivered Firewall Management Center. The devices must have Threat Defense software Version 7.0.3 or a later 7.0.x release, or Version 7.2 or later installed to be migrated. Threat Defense 7.1 releases are not supported.
Onboarding Secure Firewall Threat Defense devices is carried out in Security Cloud Control using familiar processes such as onboarding a device with its serial number or using a CLI command that includes a registration key. Once the device is onboarded, it is visible both in Security Cloud Control and in the Cloud-Delivered Firewall Management Center, however, you configure the device in the Cloud-Delivered Firewall Management Center. In Security Cloud Control, you can view device-specific information such as version, configuration status, connectivity, health status, and node status. When you click on the health status from Security Cloud Control, you are taken to the respective device's health monitoring page in the Cloud-Delivered Firewall Management Center user interface.
Security Cloud Control provides high availability support for the threat defense devices that it manages through the data interface. This feature is supported for devices running software version 7.2 or later.
You can analyze syslog events generated by your onboarded threat defense devices using Security Analytics and Logging (SaaS) or Security Analytics and Logging (On-Premises). The SaaS version stores events in the cloud and you view the events in Security Cloud Control. The on-premises version stores events in an on-premises Secure Network Analytics appliance and analysis is done in the On-Premises Management Center. In both cases, just as with an On-Premises Management Center today, you can still send logs to a log collector of your choice directly from the sensors.
The license for Cloud-Delivered Firewall Management Center is a per-device-managed license and there is no license required for the Cloud-Delivered Firewall Management Center itself. Existing Secure Firewall Threat Defense devices re-use their existing smart licenses and new Secure Firewall Threat Defense devices provision new smart licenses for each feature implemented on the Secure Firewall Threat Defense.
To learn how to have a Cloud-Delivered Firewall Management Center provisioned on your tenant, see Enable Cloud-delivered Firewall Management Center on Your Security Cloud Control Tenant.
-
Onboard a Secure Firewall Threat Defense device to cloud-delivered Firewall Management Center.
-
High Availability for Devices Managed through Management and Data Interface
Feedback