Deploy a Threat Defense Device with AWS
Use the following procedure to onboard and preliminarily provision the firewall of a threat defense device that is associated with an AWS VPC to be managed by cloud-delivered Firewall Management Center.
Before you begin
Confirm the following prerequisites are fulfilled prior to generating a virtual threat defense and deploying to an AWS environment:
-
You must have the cloud-delivered Firewall Management Center feature enabled and associated with your tenant.
Procedure
Step 1 | Log in to Security Cloud Control. |
Step 2 | In the navigation pane, click Security Devices and click the blue plus button. |
Step 3 | Select the FTD tile. |
Step 4 | Under Management Mode, be sure FTD is selected. |
Step 5 | Select Use AWS VPC as the onboarding method. If there is no AWS VPC already onboarded, you can click the provided link from this step and onboard the virtual environment. |
Step 6 | Select the availability zone from the drop-down menu. Select the zone where the cloud threat defense is located, and not where your local computer is located. |
Step 7 | Select the management interface subnet with either of the following options:
Note that the diagnostic interface will use the same interface as the management interface. |
Step 8 | Click Select to assign the subnets. Click Next. |
Step 9 | Enter the device name in the Device Name field and click Next. |
Step 10 | In the Policy Assignment step, use the drop-down menu to select an access control policy to deploy once the device is onboarded. If you have no policies configured, select the Default Access Control Policy. |
Step 11 | Select the Subscription Licenses you want applied to the device. You must have at least the URL license selected for virtual threat defense devices. |
What to do next
It may take a few minutes for the device to appear in Security Cloud Control's Security Devices page as it cannot synchronize until Security Cloud Control has successfully deployed the cloud formation, initliaized the device connections, and established communication with both the virtual device and the AWS VPC environment.
If necessary, you can modfiy the virtual threat defense device performance tier selection after onboarding through the cloud-delivered Firewall Management Center UI.