About Secure Device Connector

A Secure Device Connector (SDC) is an intelligent proxy that lets Cisco devices communicate with Security Cloud Control Firewall Management when the devices are not directly reachable from the internet. When you onboard a device by using device credentials, you can deploy an SDC in your network to proxy communication between the device and Security Cloud Control Firewall Management.If the device is directly reachable from the internet, you can allow direct communication through the device's outside interface instead of using an SDC. The SDC performs these functions:

  • Monitors Security Cloud Control Firewall Management for commands and messages for your managed devices.

  • Executes commands on behalf of Security Cloud Control Firewall Management.

  • Relays messages to your managed devices.

  • Returns device responses.

Communication between the SDC and Security Cloud Control Firewall Management uses HTTPS with TLS 1.3 and AES-128-GCM. Credentials for onboarded devices and services are encrypted from the browser to the SDC and are encrypted at rest by using AES-128-GCM. Only the SDC has access to those credentials.

A user with the Super Administrator role is required to create a Secure Device Connector or a Secure Event Connector (SEC).

You can onboard these devices to Secure Device Connector through an SDC:

  • Secure Firewall ASA

  • On-Premises Firewall Management Center using credentials method

  • Meraki MX devices

  • Generic SSH devices

  • Cisco IOS devices

Secure Firewall Threat Defense devices that are managed by Cloud-Delivered Firewall Management Center do not require an SDC and do not support onboarding through proxies. Ensure that these devices have proper DNS settings and outbound internet connectivity so they can connect to Cloud-Delivered Firewall Management Center.

See Allow inbound access for direct cloud connectivity for information explaining how to allow communication between an SDC and Security Cloud Control.

For more information, refer to Deploy a VM for Running the Secure Device Connector and Secure Event Connector.