If you configure DDNS before you add the threat defense to CDO, the threat defense automatically adds
certificates for all of the major CAs from the Cisco Trusted Root CA bundle so that the threat defense can
validate the DDNS server certificate for the HTTPS connection. The threat defense supports any DDNS server
that uses the DynDNS Remote API specification (https://help.dyn.com/remote-access-api/).
Step 11 Click Connect. The Registration Status dialog box shows the current status of the switch to CDO. After the
Saving Management Center/CDO Registration Settings step, go to CDO, and add the firewall.
If you want to cancel the switch to CDO, click Cancel Registration. Otherwise, do not close the device
manager browser window until after the Saving Management Center/CDO Registration Settings step. If
you do, the process will be paused, and will only resume when you reconnect to the device manager.
If you remain connected to the device manager after the Saving Management Center/CDO Registration
Settings step, you will eventually see the Successful Connection with Management Center or CDO dialog
box, after which you will be disconnected from the device manager.
Figure 101: Successful Connection
Configure a Basic Security Policy
This section describes how to configure a basic security policy with the following settings:
• Inside and outside interfaces—Assign a static IP address to the inside interface. You configured basic
settings for the outside interface as part of the manager access setup, but you still need to assign it to a
security zone.
• DHCP server—Use a DHCP server on the inside interface for clients.
• NAT—Use interface PAT on the outside interface.
• Access control—Allow traffic from inside to outside.
• SSH—Enable SSH on the manager access interface.
Cisco Firepower 2100 Getting Started Guide
152
Threat Defense Deployment with CDO
Configure a Basic Security Policy
To Next Page
Loading...
Need help?
General