Introduction

Security Cloud Control Firewall Management (formerly Cisco Defense Orchestrator) is a cloud-based platform that unifies and simplifies security policy management across Cisco firewalls and devices. It streamlines policy consistency, offers intuitive and advanced interfaces, and reconciles configuration changes across multiple device managers.

About Security Cloud Control Firewall Management

Security Cloud Control Firewall Management (formerly Cisco Defense Orchestrator) is a cloud-based security policy manager that simplifies and unifies policy across your Cisco firewalls and other devices. The firewalls and devices are managed in Firewall, which is listed under Products in the Security Cloud Control.

It helps you optimize your security policies by identifying inconsistencies with them and by giving you tools to fix them. It provides you ways to share objects and policies, as well as make configuration templates, to promote policy consistency across devices.

Because Security Cloud Control Firewall Management coexists with local device managers such as the Adaptive Security Device Manager (ASDM), it keeps track of configuration changes made by Security Cloud Control Firewall Management and by other managers, and then reconcile the differences between managers.

You can manage a wide range of devices in one place. Advanced users will also find their traditional CLI interface with some new enhancements to make management even more efficient for them.

It also provides a guided "Day 0" experience helping you quickly onboard threat defense devices to your on-premises or Cloud-Delivered Firewall Management Center. It also presents you with other key features you may benefit from and helps you enable and configure them.

Onboard Devices

Before you onboard a device, make sure that you have successfully completed the installation wizard and licensed the device. Then use Security Cloud Control Firewall Management's onboarding wizard to onboard your device. Security Cloud Control can easily manage large deployments.

See Onboard Devices and Services.


Note

Once you have onboarded devices to a Security Cloud Control Firewall Management tenant, you cannot migrate the devices from one Security Cloud Control Firewall Management tenant to another. If you want to move your devices to a new tenant, you need to re-onboard the devices to the new tenant.

For a complete list of devices that Security Cloud Control supports and manages, see Supported Devices, Software, and Hardware.

Cisco Online Privacy Statement

Cisco Systems, Inc. and its subsidiaries (collectively "Cisco") are committed to protecting your privacy and providing you with a positive experience on our websites and while using our products and services ("Solutions"). Please read Cisco Online Privacy Statement carefully to get a clear understanding of how we collect, use, share, and protect your personal information.

Managing On-Premises Firewall Management Center with Security Cloud Control

About On-Premises Firewall Management Center

On-Premises Firewall Management Center is a centralized management console with graphical user interface. You can use it to perform administrative, management, analysis, and reporting tasks. This console is similar to ASDM and FDM but differs in certain features.

On-Premises Firewall Management Center support is limited to onboarding, viewing its managed devices, viewing, managing network objects, and cross launching to the on-premises Firewall Management Center UI for managing associated devices and objects. Additional features will be available soon. If a feature is not supported by Security Cloud Control at this time, use the on-premises Firewall Management Center console. To learn more about the features provided by on-premises Firewall Management Center, see Cisco Secure Firewall Management Center Configuration Guide for your system's version.

For a list of on-premises Firewall Management Center devices and software versions that Security Cloud Control supports, see Software and Hardware support by Security Cloud Control.

Version Support

Security Cloud Control supports version 6.4 and later. On-Premises Firewall Management Center can manage older devices, typically a few major versions back. For example, devices running version 6.6.0 can manage devices running version 6.4.0. If an on-premises Firewall Management Center manages a device that is running a version earlier than 6.4, the device may be displayed in the Security Devices page, but cannot be deployed to or its policies modified from Security Cloud Control. You must make changes and deploy from the on-premises Firewall Management Center UI.


Note

If a managed device is disabled, or unreachable, Security Cloud Control may display the device in the Security Devices page, but cannot successfully send requests or view device information.

How does Security Cloud Control Communicate with an FMC

Security Cloud Control acts as a REST API client to send requests to on-premises Firewall Management Center, and then on-premises Firewall Management Center uses its designated client to channel the requests to its managed devices.

As the device does not allow multiple logins with the same credentials, you must create a new user on the on-premises Firewall Management Center specifically for Security Cloud Control communication. This user must have administrator level permissions. This new user will have to be replicated on Security Cloud Control, as either a Security Cloud Control-provided Administrator or a custom user role with system and devices permissions. Without an admin login, Security Cloud Control cannot use REST API commands to modify or create policies, rules, or objects.

Onboard or Remove an On-Premises Firewall Management Center

You can onboard or remove an on-premises Firewall Management Center at any time. On-Premises Firewall Management Center and its registered devices must be running at least version 6.4 to be read by Security Cloud Control. To onboard an on-premises Firewall Management Center and its registered devices, see Onboard an FMC.

Once an on-premises Firewall Management Center is onboarded, select the on-premises Firewall Management Center from Administration > Integrations > Firewall Management Center and click Devices under Management or any actions on the right pane to open up the Verify FMC Cross Launch URL wizard, which lets you enter the public IP address or the FQDN and the port number of your management center. Click Continue to cross launch to the selected on-premises Firewall Management Center web UI in a new tab using the IP address you entered. You can also add external links manually using the Add External Links option under External Links on the right pane.

Removing an on-premises Firewall Management Center from your Security Cloud Control tenant also removes the devices registered to that on-premises Firewall Management Center. See Remove an FMC from Security Cloud Control for more information.

If an on-premises Firewall Management Center experiences an "Invalid Credentials" status after onboarding, you can reconnect the appliance. See Troubleshoot Invalid Credentials for more information.


Note

Devices running Firewall 6.6 do not support the reconnect feature. If you have to reconnect the appliance, we recommend removing the on-premises Firewall Management Center and re-onboarding the appliance.

Devices Managed by an On-Premises Firewall Management Center

Once you onboard an on-premises Firewall Management Center to Security Cloud Control, all the devices registered to that on-premises Firewall Management Center are also imported into Security Cloud Control. On the Security Devices page, you can view device information such as name, IP address, device type, software version, and state. Note that your on-premises Firewall Management Center is displayed on the Services page and the devices it manages are listed on the Security Devices page. In the Services page, you can see information such as version, devices managed, device type, and status. Clicking the devices icon on the Services page, which shows the number of devices your FMC manages, directs you to the Security Devices page with a filter applied to display all devices managed by the selected on-premises Firewall Management Center.

You can perform actions using options in the Device Actions, Monitoring, Device Management, and Policies panels available from the Security Devices page. If you select a device that is currently managed by an FMC and click these options, Security Cloud Control automatically launches the on-premises Firewall Management Center console that manages the devices using the cross-launch URL you had entered. Use the filter icon to further organize the Security Devices page. From this page, you can view all the devices managed by the onboarded on-premises Firewall Management Center and other supported device types. In addition, you can expand or collapse devices in a cluster and select them individually or as a group to perform actions.

Device Health Status

Security Cloud Control displays the health status of threat defense devices on the Security Devices page, such as Normal, Error, Warning, and Disabled. You can click the status of a device to navigate to the Health Monitoring page that corresponds to the device in the on-premises Firewall Management Center UI.


Note

Security Cloud Control automatically updates the device health status every 10 minutes. You can also do this manually by selecting the device and clicking Check for Changes.

Manage Security Policies in Security Cloud Control

Security policies examine network traffic with the ultimate goal of allowing the traffic to its intended destination or dropping it if a security threat is identified. You can use Security Cloud Control to configure security policies on many different types of devices.

Objects

After you onboard an on-premises Firewall Management Center to Security Cloud Control, you can choose to discover objects from on-premises Firewall Management Center and manage them in Security Cloud Control. You can do this by choosing Administration > Integrations > Firewall Management Center, selecting the desired on-premises Firewall Management Center, and clicking Settings. You can enable the Discover & Manage Network Objects toggle button. When this option is enabled, Security Cloud Control automatically imports all the objects from the On-Premises Firewall Management Center-managed devices into Security Cloud Control. Once imported, the objects can be managed from Security Cloud Control. Note that you must have the super admin or admin user role to be able to use the Settings button.

When making a configuration change to an object from Security Cloud Control, the change gets staged in Security Cloud Control and you can manually push the change to the on-premises Firewall Management Center after reviewing it from Pending Changes. When you make a configuration change to an object from the on-premises Firewall Management Center UI, Security Cloud Control detects that change as an out-of-band change that can be synchronized later. If you want your changes to be automatically synchronized with on-premises Firewall Management Center and not staged for review, enable the Enable automatic sync of network objects toggle button.

If you have existing objects in Security Cloud Control that you want to assign to your on-premises Firewall Management Center, select the on-premises Firewall Management Center from the Services page and choose Assign Objects on the right pane. Security Cloud Control displays all the existing objects and lets you select ones that you want to associate with the on-premises Firewall Management Center that you selected. This helps ensure consistent network object definitions across platforms managed by Security Cloud Control. Note that you can use the Assign Objects button only if Discover & Manage Network Objects is enabled for the selected on-premises Firewall Management Center.


Note

  • You cannot enable the Discover & Manage Network Objects toggle button if the on-premises Firewall Management Center that you have selected has one or more child domains or has the Change Management workflow enabled on it.

  • You cannot enable the Enable automatic sync of network objects toggle button if the Discover & Manage Network Objects toggle button is disabled.

On-Premises Firewall Management Center supports the following object types:

  • Network Objects

  • Network Group Objects

Object Issues

Security Cloud Control identifies duplicate, inconsistent, or unused objects, and you can filter the issues based on their issue states. However, Security Cloud Control cannot resolve object issues.

Eventing

Searching and filtering the historical and live event tables for specific events works the same way as it does for other information in Security Cloud Control. For more information, see Firepower Management Center and Cisco Security Analytics and Logging (SaaS) Integration Guide.

Cisco Security Analytics and Logging

Cisco Security Analytics and Logging allows you to capture connection, intrusion, file, malware, and security intelligence events from all your devices and view them in a single location in Security Cloud Control.

You can view events stored in the Cisco cloud on the Event Logging page in Security Cloud Control. Use filters to review which security rules are triggered in your network. The Logging and Troubleshooting package gives you these capabilities.

With the Firewall Analytics and Monitoring package, the system can apply Secure Cloud Analytics dynamic entity modeling to your events and use behavioral modeling analytics to generate Secure Cloud Analytics observations and alerts. If you obtain a Total Network Analytics and Monitoring package, the system applies dynamic entity modeling to both your device events and your network traffic and generates observations and alerts. You can cross launch from Security Cloud Control to a Secure Cloud Analytics portal provisioned for you, using Cisco Single Sign-On.

The Security Cloud Control Firewall Management Dashboard

The Security Cloud Control Firewall Management dashboard is your central hub for monitoring and managing organization-level details across various categories. Upon logging in, you can access a customizable dashboard that offers critical insights and actions to optimize security and operational efficiency.

Customize Your Dashboard

Make your dashboard fit your specific needs by customizing the visible widgets.

  1. On the Home page, click Customize.

  2. Select or deselect the widgets you want to view on the dashboard.

  3. You can drag and drop the widgets to arrange them as you prefer.

Top Information

This section provides detailed insights into various tenant-level metrics. If enabled, you can view the following widgets:

  • Configuration States: Indicates the discrepancies between the configurations on your devices and those maintained by Security Cloud Control. This comparison helps identify any inconsistencies or conflicts that may exist.

    For more information, see Device Management.

  • Change Log Management: Helps you manage the change logs for precise operational control. The widget displays Completed and Pending change logs.

    For more information, see Change Logs.

  • RA VPN Sessions: Helps you monitor your Remote Access VPN sessions.

    For more information, see RA VPN Sessions.

  • Overall Inventory: Helps you monitor the health and status of all devices. The widget displays the total number of devices, categorized into Issues, Pending Actions, Other, Online and devices that are nearing or have already reached their last day of hardware support.

    For more information, see All Devices.

  • Site-to-Site VPN: Helps you manage and assess your site-to-site VPN connections. The widget displays the total number of VPN tunnels and the percentage that are Active and Idle.

    For more information, see Site-to-site VPN.

  • Accounts and Assets:

    • Helps you track and manage your multicloud accounts and resources effectively. You can launch the Multicloud Defense Controller from here.

    • Click +Add Account to add a new account.

    For more information, see Multicloud Defense Controller.

  • Top Risky Destinations: Helps you identify and monitor the top risky destinations that are granted access. The widget lists Applications and URL Categories and allows you to filter data for the last 90, 60, or 30 days. You can filter between Allowed (default) and Blocked traffic.

  • Top Intrusion and Malware Events: Helps you monitor and respond to top intrusion and malware events. The widget displays Intrusion Events and Malware Events and allows you to filter data for the last 90, 60, and 30 days. You can filter between Allowed (default) and Blocked events.

Announcements

Click the Announcements icon to view the most recent Security Cloud Control features and updates. Links to related documentation are provided if you need more information on any of the items listed.