Onboard an On-Premises Firewall Management Center to Security Cloud Control

Limitations and Guidelines

These are the limitations applicable to onboarding an on-premises Firewall Management Center:

• When you onboard an on-premises Firewall Management Center, all devices registered to it are also onboarded. If a managed device is disabled or unreachable, Security Cloud Control may display that device in the Security Devices page. However, the system cannot send requests to or view information for the device.

• Onboarding an on-premises Firewall Management Center does not cascade the policies in on-premises Firewall Management Center to Security Cloud Control or Cloud-Delivered Firewall Management Center. You can migrate a Firewall Threat Defense managed by on-premises Firewall Management Center to Cloud-Delivered Firewall Management Center using the built-in Migrate FTD to cdFMC feature, which brings all the policies linked to the device. For more information, see Migrate Threat Defense to Cloud-delivered Firewall Management Center.

• We recommend creating a new user on on-premises Firewall Management Center specifically for Security Cloud Control communication with administrator-level permissions. If you onboard an on-premises Firewall Management Center and simultaneously log in to that on-premises Firewall Management Center using the same credentials, the onboarding process fails.

• To create a new user on on-premises Firewall Management Center for Security Cloud Control communication, set the Maximum Number of Failed Logins for user configuration to zero.

• For on-premises Firewall Management Centers running version 7.4 or later, if you experience a switchover and the FMC is no longer connected to the cloud, try disabling SecureX and then re-enabling it.