• What's Next, on page 165
About Threat Defense Management by CDO
Cloud-Delivered Secure Firewall Management Center
The cloud-delivered management center offers many of the same functions as an on-premises management
center and has the same look and feel. When you use CDO as the primary manager, you can use an on-prem
management center for analytics only. The on-prem management center does not support policy configuration
or upgrading.
CDO Onboarding Methods
You can onboard a device in the following ways:
• Low-touch provisioning using the serial number—
• An administrator at the central headquarters sends the threat defense to the remote branch office.
There is no pre-configuration required. In fact, you should not configure anything on the device,
because low-touch provisioning does not work with pre-configured devices.
The central administrator can preregister the threat defense on CDO using the
threat defense serial number before sending the device to the branch office.
Note
• The branch office administrator cables and powers on the threat defense.
• The central administrator completes configuration of the threat defense using CDO.
You can also onboard using a serial number using the device manager if you already started configuring
the device, although that method is not covered in this guide.
• Onboarding wizard using CLI registration—Use this manual method if you need to perform any
pre-configuration or if you are using a manager interface that low-touch provisioning does not support.
Threat Defense Manager Access Interface
You can use the Management interface or the outside interface for manager access. However, this guide covers
outside interface access. Low-touch provisioning only supports the outside interface.
The Management interface is a special interface configured separately from the threat defense data interfaces,
and it has its own network settings. The Management interface network settings are still used even though
you are enabling manager access on a data interface. All management traffic continues to be sourced from or
destined to the Management interface. When you enable manager access on a data interface, the threat defense
forwards incoming management traffic over the backplane to the Management interface. For outgoing
management traffic, the Management interface forwards the traffic over the backplane to the data interface.
Manager access from a data interface has the following limitations:
• You can only enable manager access on one physical, data interface. You cannot use a subinterface or
EtherChannel.
• This interface cannot be management-only.
Cisco Firepower 1010 Getting Started Guide
118
Threat Defense Deployment with CDO
About Threat Defense Management by CDO
To Next Page
Loading...
Need help?
General