Configure On-Premises Firewall Management Center-Managed Secure Firewall Threat Defense Devices

View Onboarded On-Premises Management Center

To view onboarded on-premises management centers follow these steps:

  1. In the left pane, click Administration > Integrations > Firewall Management Center.

  2. Click the FMC tab.

View On-Premises Management Center High Availability Pair

The high availability pair is displayed in the Services page. On expanding the pair, you can see the primary and secondary on-premises management center nodes along with their current statuses.

To cross-launch the active on-premises management center, perform these steps:

  1. In the Services page, check the corresponding high availability pair.

  2. In the right pane, click the functionality you want to open in the on-premises management center.

    The Verify FMC Cross Launch URL window is displayed. By default, the public IP address or FQDN of the currently active on-premises management center is shown and will be used to open the on-premises management center. If needed, you can specify the URL of the standby on-premises management center to cross-launch it.

You can add cross-launch URLs to each on-premises management center node. When cross-launching from the pair, the active node is cross-launched and you need not verify which node is currently active.

To cross-launch to a specific on-premises management center node, perform these steps:

  1. Expand the high availability pair and click primary or secondary on-premises management center node you want to launch.

  2. In the External Links pane on the right, click FMC Cross Launch URL to cross-launch the selected on-premises management center.

    To update the public IP address or the FQDN and the port number of your on-premises management centerhover over the FMC Cross Launch URL and click the edit icon.


Note

If you either break high availability or switch roles on the on-premises management center (version 7.4.x or earlier), you must disable the SecureX integration and then enable it again on the secondary on-premises management center. To do this, navigate to the secondary on-premises management center, choose .

Breaking a high-availability on-premises management center pair converts the participating management centers into two standalone on-premises management centers.

Discover and Manage On-Prem Firewall Management Center Network Objects

If you have an On-Premises Firewall Management Center that you manage using Security Cloud Control and you want to share and manage its objects, do the following:

Procedure

Step 1

In the left pane, choose Tools & Services > Firewall Management CenterAdministration > Integrations > Firewall Management Center to view the Services page.

Step 2

If you already have onboarded an on-premises management center to Security Cloud Control, select it.

If you want to onboard a new on-premises management center, see Onboard an On-Prem Firewall Management Center.

Step 3

Choose Settings from the Actions pane on the right. Note that you do not get to see the Actions pane when you select more than one on-premises management center.

Note

 

You must be an admin or a super admin to be able to use Settings.

Step 4

Enable the Discover & Manage Network Objects toggle button. If you want your changes to be automatically synchronized with on-premises management center and not staged for review, turn the Enable automatic sync of network objects toggle on.

Note

 

  • You cannot turn the Discover & Manage Network Objects toggle on if the on-premises management center that you have selected has one or more child domains or has the Chanage Management workflow enabled on it.

  • You cannot turn the Enable automatic sync of network objects toggle on if the Discover & Manage Network Objects toggle is turned off.

For every new on-premises management center onboarded to Security Cloud Control, this toggle button needs to be enabled manually. Once you enable this option, Security Cloud Control starts to discover objects from your on-premises management center, which you can share, manage, and use to set consistent object definitions across other platforms managed by Security Cloud Control.

In Security Cloud Control, when you add overrides to objects that are discovered from an on-premises management center and push the changes back to the on-premises management center, these objects start accepting overrides in the on-premises management center even if they were not accepting overrides before—the Allow Overrides checkbox in View Network Object window is checked automatically when an override is added from Security Cloud Control.

Note

 

If you want to assign already-existing objects in Security Cloud Control to your on-premises management center, choose the on-premises management center and click Assign Objects from the Actions pane.

Preview and Deploy On-Premises Firewall Management Center Configurations

If you have made configuration changes to an object, for instance, changing a value or adding an override to an object, you can deploy all of those changes at once to your on-premises management center:


Note

Note that this task only pushes the configuration changes to the on-premises management center. Ensure you manually deploy these changes to your Firewall Threat Defense devices on your on-premises management center. See Configuration Deployment in the Cisco Secure Firewall Management Center Device Configuration Guide for more information.

Procedure

Step 1

In the navigation pane, click Tools & Services > Firewall Management CenterAdministration > Integrations > Firewall Management Center and select the On-Premises Firewall Management Center, to which you want to preview and deploy changes.

Note

 

Security Cloud Control detects that your on-premises management center is out of sync and displays the status as Not Synced.

Step 2

Click Preview and Deploy on the details pane on the right.

Step 3

Review any warnings and click Deploy Now. The deployment starts immediately without a review of the changes. Click Discard All if you do not want to proceed with the deploy after previewing.

Step 4

Alternatively, you can also click the button at the top-right of the screen to view the Devices with Pending Changes window. Select the devices you want and review the pending changes on the devices that you selected before you deploy them.

Step 5

Click Deploy Now to deploy the changes.

Discard On-Premises Firewall Management Center Configuration Changes

If you want to undo all the configuration changes you made in Security Cloud Control, for instance to the objects that are shared between your Security Cloud Control and on-premises management center, use this procedure. Note that when you do this, Security Cloud Control completely overwrites its local copy of the configuration with the configuration stored on the device.

Procedure

Step 1

In the left pane, click Tools & Services > Firewall Management CenterAdministration > Integrations > Firewall Management Center.

Step 2

Select the On-Premises Firewall Management Center, for which you want to discard changes.

Step 3

Click Discard Changes in the Not Synced pane on the right.

When you click Discard Changes, your on-premises management center's configuration status is in a Not Synced state. After you discard your changes, the copy of the configuration on Security Cloud Control will be the same as the copy of the configuration on the on-premises management center and the configuration status in Security Cloud Control returns to Synced.

Remove an On-Premises Firewall Management Center from Security Cloud Control

If you choose to remove an on-premises management center from Security Cloud Control, all devices by that on-premises management center will also be removed.

Before you begin

Disable the auto-onboarding option to remove one or more on-premises management centers onboarded using auto-onboarding functionality.

  1. In the left pane, choose Settings > General Settings.

  2. In the Tenant Settings section, disable Auto onboard On-Prem FMCs integrated to Cisco Security Cloud.

Procedure

Step 1

In the left pane, click Tools & Services > Firewall Management Center.

Step 2

In the left pane, click Administration > Integrations > Firewall Management Center.

Step 3

Ensure the FMC tab is selected and choose the on-premises management center you want to remove.

Step 4

In the Device Actions pane located to the right, click Remove On-Prem FMC and its managed devices.

Step 5

Click OK to confirm that you want to remove the on-premises management center and its managed devices from your tenant.

Step 6

Refresh your browser to see an updated list of available devices.