Home
Support
Product Support
Security
Cisco Secure Firewall 4200 Series
Install and Upgrade Guides

Secure Firewall 4200 Threat Defense Getting Started: Cloud-Delivered Firewall Management Center

View all Saved Content

PDF

Is this helpful?

Helpful Unhelpful

Feedback

Thank you for your feedback. Your response has been recorded.

Ask about this document

Cisco Configuration Guide, Release 4.2

Table of contents

Expand all sections

About this document

Before You Begin

Power on the firewall
Which application is installed: Firewall Threat Defense or ASA?
Access the Firewall Threat Defense CLI
Check the version and reimage
Obtain licenses
(If Needed) Power off the firewall

Cable and Onboard the Firewall

Cable the firewall
Onboard the firewall
Perform initial configuration

Configure a Basic Policy

Navigate to the Cloud-delivered Firewall Management Center
Configure interfaces
Configure the DHCP server
Configure NAT
Configure an access control rule
Enable SSH on the outside interface
Deploy the configuration

Before You Begin

Updated: March 18, 2026

Overview

Check your software version and reimage if necessary, obtain your licenses, and make sure you can connect.

The Secure Firewall 4200 is a high-end firewall designed to meet the security requirements of large enterprises, datacenters, and service providers. It provides superior threat defense within a compact 1 RU form factor. Key features and benefits include:

Cryptographic acceleration architecture preserves performance with SSL and VPN decryption
Space saving 1 RU form factor
16-node cluster
2 interface module bays for additional interface support, up to 400G interfaces and fail-to-wire network modules
2 SSDs for event storage and malware analysis
Resilience with dual management interfaces
SD-WAN capable with simplified site-to-site communication using on-demand tunnels and dynamic application path selection across multiple WAN interfaces
AI/ML-powered to detect anomalies, remediate threats, and optimize the policy for peak performance with Cisco's native AI/ML solution.

Install the firewall at a branch office and manage it on the outside interface using the Security Cloud Control (formerly Cisco Defense Orchestrator).

Note

Outside management is not supported with clustering or multi-instance mode. In this case, use the Management interface for Security Cloud Control access.

This guide specifically covers outside management, but you can refer to Cisco Security Cloud Control: Cloud-Delivered Firewall Management Center for Firewall Threat Defense for management using the Management interface.

Power on the firewall

How to power on the Secure Firewall 4200 and confirm it started successfully by checking the front-panel LEDs for power and system status.

Which application is installed: Firewall Threat Defense or ASA?

Learn how to determine whether your Secure Firewall 4200 is running Firewall Threat Defense or ASA by connecting to the console port and identifying the CLI prompt.

Access the Firewall Threat Defense CLI

How to access the Firewall Threat Defense CLI on the Secure Firewall 4200 for setup or troubleshooting, including logging into FXOS and switching to the FTD CLI when needed.

Check the version and reimage

Learn how to check the current Firewall Threat Defense software version and decide whether to reimage the Secure Firewall 4200 to your target release before you begin configuration.

Obtain licenses

Learn how to obtain Secure Firewall 4200 licenses in Cisco Smart Software Manager and Cisco Commerce Workspace, including identifying required license types and the license PIDs used to order additional entitlements.

(If Needed) Power off the firewall

How to safely power off the Secure Firewall 4200 to avoid file system damage, using either the FXOS CLI shutdown command or the Firewall Management Center shutdown workflow.

Need help?

Open a support case

(Requires a Cisco Service Contract)

Bias-free language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.