Step 2 If you have not already done so, register the management center with the Smart Software Manager.
Registering requires you to generate a registration token in the Smart Software Manager. See the management
center configuration guide for detailed instructions. For Low-Touch Provisioning, you must enable Cloud
Assistance for Low-Touch Provisioning either when you register with the Smart Software Manager, or after
you register. See the System > Licenses > Smart Licenses page.
Register the Threat Defense with the Management Center
Register the threat defense with the management center depending on which deployment method you are
using.
Add a Device to the Management Center Using Low-Touch Provisioning
Low-touch provisioning lets you register devices to the management center by serial number without having
to perform any initial setup on the device. The management center integrates with Cisco Defense Orchestrator
(CDO) for this functionality.
Use this procedure to add a single device to the management center. High availability is only supported when
you use the Management interface, because DHCP is not supported for data interfaces and high availability.
Clustering is not supported.
If the management center is configured for high availability, CDO automatically onboards the threat defense
to the primary management center.
Note
Before you begin
• Make sure the device is unconfigured or a fresh install. Low-touch provisioning is meant for new devices
only. Pre-configuration can disable low-touch provisioning, depending on your settings.
• Cable the outside interface or Management interface so it can reach the internet. If you use the outside
interface for low-touch provisioning, do not also cable the Management interface; if the Management
interface gets an IP address from DHCP, the routing will be incorrect for the outside interface.
• Make sure you have at least one access control policy configured on the management center so you can
assign it to new devices. You cannot add a policy using CDO.
• If the device does not have a public IP address or FQDN, or you use the Management interface, set a
public IP address/FQDN for the management center (if different from the management center management
interface IP address; for example, it is behind NAT) so the device can initiate the management connection.
See . You can also configure the public IP address/FQDN in CDO during this procedure.
• The management center must be registered to the Smart Software Manager. A valid evaluation license
is sufficient, but if it expires, you will not be able to add new devices until you successfully register.
• If you registered a device using IPv4 and want to convert it to IPv6, you must delete and reregister the
device.
Cisco Firepower 2100 Getting Started Guide
70
Threat Defense Deployment with a Remote Management Center
Register the Threat Defense with the Management Center
To Next Page
Loading...
Need help?
General