About Threat Defense Management By Cdo - Cisco Firepower 1010 Getting Started Manual

Hide thumbs Also See for Firepower 1010:

Getting started manual (182 pages)

Hardware installation manual (50 pages)

Getting started (42 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

Table of Contents

About Threat Defense Management by CDO

•

About Threat Defense Management by CDO

Cloud-Delivered Secure Firewall Management Center

The cloud-delivered management center offers many of the same functions as an on-premises management

center and has the same look and feel. When you use CDO as the primary manager, you can use an on-prem

management center for analytics only. The on-prem management center does not support policy configuration

or upgrading.

CDO Onboarding Methods

You can onboard a device in the following ways:

• Low-touch provisioning using the serial number—

• Onboarding wizard using CLI registration—Use this manual method if you need to perform any

Threat Defense Manager Access Interface

You can use the Management interface or the outside interface for manager access. However, this guide covers

outside interface access. Low-touch provisioning only supports the outside interface.

The Management interface is a special interface configured separately from the threat defense data interfaces,

and it has its own network settings. The Management interface network settings are still used even though

you are enabling manager access on a data interface. All management traffic continues to be sourced from or

destined to the Management interface. When you enable manager access on a data interface, the threat defense

forwards incoming management traffic over the backplane to the Management interface. For outgoing

management traffic, the Management interface forwards the traffic over the backplane to the data interface.

Manager access from a data interface has the following limitations:

• You can only enable manager access on one physical, data interface. You cannot use a subinterface or

• This interface cannot be management-only.

Cisco Firepower 1010 Getting Started Guide

118

What's Next, on page 165

• An administrator at the central headquarters sends the threat defense to the remote branch office.

There is no pre-configuration required. In fact, you should not configure anything on the device,

because low-touch provisioning does not work with pre-configured devices.

Note

The central administrator can preregister the threat defense on CDO using the

threat defense serial number before sending the device to the branch office.

• The branch office administrator cables and powers on the threat defense.

• The central administrator completes configuration of the threat defense using CDO.

You can also onboard using a serial number using the device manager if you already started configuring

the device, although that method is not covered in this guide.

pre-configuration or if you are using a manager interface that low-touch provisioning does not support.

EtherChannel.

Threat Defense Deployment with CDO

Table of Contents

Chapters

Table of Contents

About Threat Defense Management By Cdo - Cisco Firepower 1010 Getting Started Manual

About Threat Defense Management by CDO

Chapters

Related Manuals for Cisco Firepower 1010

Related Content for Cisco Firepower 1010

Table of Contents