Cisco Defense Orchestrator (CDO)/Cloud Firewall Management Center (FMC) is Cisco Cloud Management Solution for Firewalls. It provide the convenience and ease of use for managing multiple firewall from a single management console. It reduces the complexity and time to manage multiple firewall individually with Firewall Device Manager (FDM).
Below is the setup diagram. We will not cover the configuration of IP Tables in this tutorial.
There are 3 method to onboard FDM to CDO.
I will Use Registration Key method to onboard FDM in this tutorial.
Step 1 – Prepare the Firewall Threat Defense (FTD) to be onboarded
- Ensure that you have sufficient license. (You can start with trial license and convert to actual license as well but do note that the trial license default only support DES.)
- To manage Firewall Device Manager you need to ensure that Inbound HTTPS (port 443) is allowed. (If you are using 2 Tier Firewall. Make sure the proper Port Address Translation (PAT)/ Network Address Translation (NAT) is configure on the 1st Tier Firewall)
Step 2 – Configure Firewall Device Manager (FDM)
If you are using 2-Tier firewall and FTDv is behind the 1st Tier Firewall then you need to ensure that Inbound port 443 are allowed.
1. Go to Device -> Management Access
2. In Device -> Data Interface click on CREATE DATA INTERFACE.
3. Configure the Add Management Access
Interface : Outside
Protocols: HTTPS
Allowed Networks : any-ipv4 (you can change this to restrict only allow ip addresses. Remember to add in CDO IP Addresses if you are specifying allow ip)
This is how the configuration will look like when it is done.
Step 3 – Configure Cisco Defense Orchestrator
Next let’s configure CDO to onboard FDM.
1. After you login to CDO click on + Onboard.
2. Click on FTD
3. Choose Management Mode: FDM and Use Registration Key
4. Configure the name and database updates option. Copy the registration key. You will need to use this to onboard the FDM. You can activate the smart license if you have one.
Step 4 – Configure Cloud Services in FDM to register and onboard FDM to CDO using the registration key.
1. Select Device and the Register at Cloud Services.
2. Select the Region and then paste in the Registration Key and then click register.
Once that is done it takes about 10mins for the registration to Complete. And you will see the following in CDO and FDM.
Additional Resources.
You can find the CDO/Cloud FMC onboarding options in Cisco Official Document.