Walkthroughs Supported in Secure Firewall Management Center

Walkthroughs in Firewall Management Center guide you to perform the steps required to achieve a task by taking you through each step, one after the other, until you complete the task. To access walkthroughs in Firewall Management Center, choose Help (help icon) > On-screen Assistance > How-Tos.

You can also use the global search feature of the Firewall Management Center to quickly find walkthroughs of your interest. Search for the walkthrough title or terms in the walkthrough title for better search results.

For more information about searching and finding walkthroughs of your interest in Firewall Management Center, see Search for How To Walkthroughs in Cisco Secure Firewall Management Center Administration Guide.


Note

In Firewall Management Center, Version 10.0, the availability of Walkthroughs is limited. Also, some of the previously available Walkthroughs may no longer be accessible in Version 10.0.

The following is the list of feature walkthroughs supported in the Firewall Management Center:

Use case

Walkthrough Title

Firewall Management Center Version

Register and Preprovision SD-WAN Branch Office Devices Using Device Template

  • Create a Device Template with SD-WAN Branch Device Configurations

  • Configure BGP Routing Policy in a Device Template

  • Add a Branch Device Using a Device Template and Registration Key

  • Add Multiple Branch Devices Using a Device Template and Serial Numbers

7.6.0 through 7.7.x

Set Up Your Device

  • Manage Devices Using Device Template

  • Configuring Single Sign-On in the Firewall Management Center

7.6.0 and later

Configure Identity Policies

  • Create a Microsoft Active Directory realm, directories, realm sequence, and identity policy

  • Configure a Microsoft Azure Active Directory identity realm

  • Create an Azure AD (SAML) Realm for Active or Passive Authentication

  • Create a Passive Identity Agent Identity Source

  • Create a user for the Passive Identity Agent

7.6.0 and later

Configure SD-WAN Capabilities

  • Configure Direct Internet Access with Path Optimization for Applications

  • Secure Branch-to-Hub Communication Using Dynamic Virtual Tunnel Interface

7.4.1 through 7.7.x
Manage Your Chassis

  • Register a Chassis with the Management Center

  • Create a Chassis Platform Settings Policy

  • Add a Secure Firewall Threat Defense Instance in the Chassis

7.4.1 and later

Set Up Your Device

Configure External Authentication

7.4.1 through 7.7.x

Configure a Site-to-Site VPN Topology with Dynamic VTI

  • Create a Route-Based Site-To-Site VPN with Dynamic VTI

  • Create a Virtual Router

  • Assign Interfaces to the Virtual Router

  • Configure a BGP Routing Policy for a Site-to-Site VPN with Dynamic VTI.

  • Add an Access Control Rule to Allow VTI Traffic

7.4.0 through 7.7.x

Loopback Support for BGP Routing

  • Create a Loopback Interface

  • Configure Loopback Interface as Source for the BGP Neighbor

7.4.0 and later

Snort 3 IPS – A Feature Walkthrough

View the Summary Layer

7.4.0 and later

Working with Snort 3

Convert all Snort 2 Custom Rules to Snort 3

7.4.0 and later

Configure Decryption Policies

  • Create a Decryption Policy and Decrypt–Resign Rules

  • Create a Decryption Policy and Decrypt–Known Key Rules

7.3.0 through 7.7.x

Snort 3 IPS – A Feature Walkthrough

  • View the Base Policy Layer

  • Customize the Base Policy Using Rule Overrides

  • Customize the Base Policy Using Group Overrides and Recommendations

  • 7.2.6 through 7.2.x

  • 7.4.0 and later

Configuring VPN

  • Renew a Certificate Using Manual Re-Enrollment

  • Renew a Certificate Using Self-Signed, SCEP, or EST Enrollment

  • Configure LDAP Attribute Map for Remote Access VPN

  • Add SAML Single Sign-On Server Object

7.2.6 and later

Configure Dynamic Access Policy for Remote Access VPN

  • Create a Dynamic Access Policy

  • Create a Dynamic Access Policy Record

  • Associate Dynamic Access Policy with Remote Access VPN

7.2.6 and later

Troubleshoot Your Device

  • Collect packet capture for Firewall Threat Defense device

  • Collect Packet Trace to Troubleshoot Firewall Threat Defense Device

7.2.6 and later

The New Access Control Policy UI–A Feature Walkthrough

  • Accessing the New AC Policy UI

  • The New AC Policy UI–Rules Table

  • The New AC Policy UI–Rule Creation

  • The New AC Policy UI–Rule Editing

7.2.0 through 7.7.x

Working with Snort 3

  • Convert Devices from Snort 2 to Snort 3

  • Edit the Default Discovery Rule to Identify the Hosts in the Network

  • Configure Secure Firewall Recommended Rules

  • Synchronize the Snort 2 Rules Changes with Snort 3

7.2.0 and later

Configure User Identity–Dynamic Objects

  • Configure Dynamic Objects

  • Configure an Access Control Policy Rule for a Dynamic Object

7.2.0 through 7.7.x

Create and Install an Identity Certificate on Device for Remote Access VPN Configuration

  • PKCS12 Cert Enrollment Object

  • Manual Cert Enrollment Object

  • Self-signed Cert Enrollment Object

  • SCEP Cert Enrollment Object

  • Install Manual Certificate

  • Install PKCS12, SCEP, or Self-Signed Certificate

  • Configure Remote Access VPN

7.2.0 and later

Working with Snort 3

  • Create a Snort 3 Intrusion Policy

  • Create a Snort 3 Network Analysis Policy

  • View the Network Analysis Policy Mapping

7.1.0 and later

Create and Manage a Cluster

  • Create a Cluster

  • Modify an Existing Cluster

  • Add Nodes to an Existing Cluster

  • Remove a Data Node from a Cluster

  • Break a Cluster

  • Delete a Cluster

  • Break a Node from Clustering

  • Delete a Data Node from Clustering

7.1.0 through 7.7.x

Change the Firewall Management Center Access Interface from Management to Data

  • Initiate the Interface Migration from Management to Data Interface

  • Enable Firewall Management Center Access on an Interface

  • Configure Dynamic DNS

  • Deploy Configuration Changes

  • Update the Hostname or IP Address in the Firewall Management Center

  • Confirm the Management Connection Status

7.1.0 through 7.7.x

Change the Firewall Management Center Access Interface from Data to Management

  • Initiate the Interface Migration from Data to Management Interface

  • Deploy Configuration Changes

  • Update the Hostname or IP Address in FMC

  • Check the Management Connection Status

7.1.0 through 7.7.x

Upgrade

Upgrade Secure Firewall Threat Defense

7.1.0 through 7.7.x

Working with Snort 3

  • Enable or Disable Snort 3 on an Individual Device

7.1.0 through 7.7.x
Getting Started

Enabling the SecureX Ribbon (Deprecated)

  • 7.0.0

  • 7.1.0

Add a Device to Firewall Management Center Using Remote Branch Deployment

  • Set up a Device and Discover it in the Firewall Management Center using Remote Branch Deployment

  • Verify the Remote Branch Deployment Configuration Details

7.0.0 through 7.7.x

Configuring Identity Policies

  • Create an Identity Policy Using the ISE/ISE-PIC Identity Source

  • Create an Identity Policy Using the TS Agent Identity Source

  • Create a Trusted Certificate Authority Object

6.7.0 through 7.4.1

Set Up Your Device.

  • Register the Firewall Management Center with Cisco Smart Account.

  • Configure Date and Time

  • Configure Interface Settings

  • Create an access control policy

  • Configure Static Routing

  • Add an Access Control Rule–A Feature Walkthrough

  • Create a NAT Policy–A Feature Walkthrough

  • Create a High Availability (HA) Pair

6.7.0 and later

Configure Network Discovery Policies

  • Customize Your Network Discovery Policy

  • Enable Indications of Compromise Rules in the Network Discovery Policy

  • View Network Maps To Evaluate the Efficacy of Your Network Discovery Policy

6.7.0 and later

Create a Decryption Policy With One or More Do Not Decrypt Rules (formerly known as Create an SSL Do Not Decrypt Policy)

  • Create a decryption policy

  • Create Do Not Decrypt rule

  • Associate the Decryption Policy With an Access Control Policy

  • Add an Access Control Rule for a Decryption Policy

6.7.0 through 7.7.x

Create a Decryption Policy With One or More Decrypt–Resign Rules (formerly known as Create an SSL Decrypt–Resign Policy)

  • Create an Internal Certificate Authority Object

  • Create a Decryption Policy With One or More Decrypt–Resign Rules

  • Associate the Decryption Policy With an Access Control Policy

  • Add an Access Control Rule for a Decryption Policy

6.7.0 through 7.7.x

Create a Decryption Policy With One or More Decrypt–Known Key Rules (formerly known as Create an SSL Decrypt–Known Key Policy)

  • Create an Internal Certificate Object

  • Create a Decryption Policy With One or More Decrypt–Known Key Rules

  • Associate the Decryption Policy With an Access Control Policy

  • Add an Access Control Rule for a Decryption Policy

6.7.0 through 7.7.x

Create a Decryption Policy With One or More Block Rules (formerly known as Create an SSL Decrypt–Known Key Policy)

  • Create a Decryption Policy

  • Create One or More Block or Block With Reset Rules

  • Associate the Decryption Policy With an Access Control Policy

  • Add an Access Control Rule for a Decryption Policy

6.7.0 through 7.7.x

Create Intrusion Policies

  • Create a Snort 2 Intrusion Policy

  • Associate an Intrusion Policy With an Access Control Rule

6.7.0 and later

Create File (Malware) Policies

  • Create a File-Based Control Policy Using Advanced Malware Protection (AMP)

  • Associate a File (Malware) Policy to an Access Control Policy

6.7.0 and later

Configure Identity Policies

  • Create a Microsoft Active Directory identity realm and directories (formerly known as Create an Identity Realm and Directories)

  • Create an Identity Realm Sequence

  • Create the TS Agent User and Role

  • Create the ISE/ISE-PIC Identity Source

  • Create an Identity Policy

  • Create an Identity Rule

  • Associate the Identity Policy With an Access Control Policy

  • Add an Access Control Rule for an Identity Policy

6.7.0 and later

Configure and Customize Site-to-Site VPN

  • Configure a Policy-Based Site-to-Site VPN

  • Customize IKE Options for an Existing Site-to-Site VPN Deployment

  • Customize IPsec Options for an Existing Site-to-Site VPN Deployment

  • Customize Advanced Settings for an Existing Site-to-Site VPN Deployment

6.7.0 and later

Certificate Authentication for Remote Access (RA) VPN

  • Creating a Certificate Map for Certificate Authentication in RA VPN

  • Associating a Certificate Map to a Connection Profile

6.7.0 and later

Configuring Traffic Filtering for Remote Access (RA) VPN Connections

  • Creating an Extended Access List for Filtering Traffic on an RA VPN Connection

  • Adding an Extended Access List to a Group Policy for Filtering Traffic on an RA VPN Connection

6.7.0 and later

Configure a VTI tunnel.

  • Create a Route-based VPN

  • Configure a Static Route for VTI

  • Configure BGP Routing for VTI

  • Configure an Access Control Rule To Allow Encrypted Traffic Over VTI

6.7.0 and later

Configure Virtual Routing for Secure Firewall Threat Defense

  • Create a Virtual Router

  • Assign Interfaces to Virtual Routers

  • Configure Routing Policy

  • Configure NAT for a Virtual Router

  • Provide Internet Access with Overlapping Address Spaces

6.7.0 and later
Configure Routing

Configure SSL Cipher Suites

6.7.0 and later

Getting Started

Change the Theme of the Web Interface (formerly known as Switch to Classic or Dusk Theme)

6.7.0 and later

Set Up Your Device

Set up a Device and add it to Management Center

6.7.0 through 7.7.x