Home
Support
Product Support
Security
Cisco Secure Firewall Threat Defense
Install and Upgrade Guides

Secure Firewall 6100 Threat Defense Getting Started: Cloud-Delivered Firewall Management Center

Releases

Center
Center

View all Saved Content

PDF

Is this helpful?

Helpful Unhelpful

Feedback

Thank you for your feedback. Your response has been recorded.

Ask about this document

Cisco Configuration Guide, Release 4.2

Table of contents

Expand all sections

About this document

Before You Begin

Power on the firewall
Which application is installed: Firewall Threat Defense or ASA?
Access the Firewall Threat Defense CLI
Check the version and reimage
Obtain licenses
(If Needed) Power off the firewall

Cable and Onboard the Firewall

Cable the firewall
Onboard the firewall
Perform initial configuration

Configure a Basic Policy

Navigate to the Cloud-delivered Firewall Management Center
Configure interfaces
Configure the DHCP server
Configure NAT
Configure an access control rule
Enable SSH on the outside interface
Deploy the configuration

Configure a Basic Policy

Updated: March 19, 2026

Overview

Configure a basic security policy to get your Secure Firewall 6100 up and running.

Configure a basic security policy with the following settings:

Inside and outside interfaces—Assign a static IP address to the inside interface, and use DHCP for the outside interface.
DHCP server—Use a DHCP server on the inside interface for clients.
Default route—Add a default route through the outside interface.
NAT—Use interface PAT on the outside interface.
Access control—Allow traffic from inside to outside.

You can also ccustomize your security policy to include more advanced inspections.

Navigate to the Cloud-delivered Firewall Management Center

How to open Cloud-Delivered Firewall Management Center from Security Cloud Control so you can configure policies and manage Secure Firewall 6100 in a separate management tab.

Configure interfaces

Learn how to configure Secure Firewall 6100 interfaces, including assigning inside and outside zones and setting IP addressing for routed deployments.

Configure the DHCP server

How to enable the DHCP server on a Secure Firewall 6100 interface so internal clients can automatically receive IP addresses and related network settings.

Configure NAT

Learn how to create an interface PAT (NAT) policy so inside clients can access external networks using the outside interface IP address.

Configure an access control rule

How to add an access control rule to allow traffic from the inside zone to the outside zone on Secure Firewall 6100, and apply optional security inspection policies.

Enable SSH on the outside interface

Learn how to enable SSH access to the Secure Firewall 6100 outside interface so you can manage the device remotely from approved IP addresses.

Deploy the configuration

How to deploy policy changes to the Secure Firewall 6100 so your interface, NAT, DHCP, and access control updates take effect on the device..

Need help?

Open a support case

(Requires a Cisco Service Contract)

Bias-free language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.