Review The Network Deployment And Default Configuration - Cisco Firepower 1010 Getting Started Manual

Firepower Threat Defense Deployment with CDO
• Cloud Secure Device Connector—The CDO support team deploys a cloud-based SDC for every tenant
• On-Premises Secure Device Connector—An on-premises SDC is a virtual appliance installed in your
For more information, including links for installing an on-premises SDC and cloud SDC IP addresses for
which you may need to grant access to your network (for credentials-based onboarding), see
Connector
CDO Onboarding Methods
You can onboard a device in the following ways:
• Registration key (recommended)—We recommend this method especially if your device uses DHCP to
• Credentials (username and password) and an IP address—You can onboard an FTD using the device
• (6.7+) Serial number—For Low-Touch Provisioning where you do not need to preconfigure the device

Review the Network Deployment and Default Configuration

You can perform initial setup of the FTD using FDM from either the Management 1/1 interface or the inside
interface. The dedicated Management interface is a special interface that does not allow through traffic and
that has its own network settings.
See the following typical network deployments depending on your Secure Device Connector (SDC) type and
onboarding method.
Cloud SDC Network, Registration Key Onboarding
The following figure shows the recommended network deployment for registration key onboarding using the
cloud SDC. You can use an on-premises SDC with registration key onboarding, but this example shows the
more common cloud SDC use case. You can also use credentials-based onboarding with a cloud SDC, but
that method requires additional configuration in FDM, which may not be desirable.
If you connect the outside interface directly to a cable modem or DSL modem, we recommend that you put
the modem into bridge mode so the FTD performs all routing and NAT for your inside networks. If you need
to configure PPPoE for the outside interface to connect to your ISP, you can do so after you complete initial
setup in FDM.
when the tenant is created.
network. We recommended that you use an on-premises SDC if you use credentials-based onboarding.
If you use the cloud SDC instead, then you need to allow HTTPS access from the cloud SDC to the
interface used for CDO management. The typical network deployment would require you to enable
HTTPS access on the FTD outside interface, which can be a security risk and also prevents use of the
outside interface for VPN client termination.
(SDC).
obtain its IP address. If that IP address changes, your device remains connected to CDO.
admin username and password as well as a static IP address or FQDN. We recommend using an
on-premises SDC connected to the inside interface for this method.
using FDM, see the Low-Touch Provisioning chapter in this guide. You can also onboard using a serial
number if you already started configuring the device in FDM, although that method is not covered in
this guide. See Onboard an FTD using the Device's Serial Number
Review the Network Deployment and Default Configuration
for more information.
Cisco Firepower 1010 Getting Started Guide
Security Device
27