Onboard an FTD to Cloud-Delivered FMC with a CLI Registration Key

Use the procedure below to onboard a device to the cloud-delivered Firewall Management Center with a CLI registration key.

Note	If your device is currently managed by an FMC, onboarding the device to cloud-delivered Firewall Management Center will fail. We strongly recommend using the Migrate FTD to Cloud feature. See Migrate Firepower Threat Defense to Cloud.

SUMMARY STEPS

Review the limitations and prerequisites in Prerequisites to Onboard a Device to Cloud-Delivered Firewall Management Center
Log in to CDO.
In the navigation pane, click Inventory and click the blue plus button.
Select the FTD tile. Note that if you have previously onboarded devices managed by FDM, click the FTD or FDM tile.
Under Management Mode, be sure FTD is selected.
Select Use CLI Registration Key as the onboarding method.
Enter the device name in the Device Name field and click Next.
In the Policy Assignment step, use the drop-down menu to select an access control policy to deploy once the device is onboarded. If you have no policies configured, select the Default Access Control Policy.
Specify whether the FTD device you are onboarding is a physical or virtual device. If you are onboarding a virtual device, you must select the device's performance tier from the drop-down menu.
Select the base licenses you want applied to the device. Click Next.
CDO generates a command with the registration key and other parameters. To establish and maintain communication with CDO, paste the registration key parameters where it's appropriate for the device type. See the example below to identify the different parameters in the key:
Click Next in the CDO onboarding wizard.
(Optional) Add labels to your device to help sort and filter the Inventory page. Enter a label and select the blue plus button. Labels are applied to the device after it's onboarded to CDO.

DETAILED STEPS

Step 1

Review the limitations and prerequisites in Prerequisites to Onboard a Device to Cloud-Delivered Firewall Management Center

Step 2

Step 3

In the navigation pane, click Inventory and click the blue plus button.

Step 4

Select the FTD tile. Note that if you have previously onboarded devices managed by FDM, click the FTD or FDM tile.

Step 5

Under Management Mode, be sure FTD is selected.

Warning

By selecting FTD under Management Mode, you will not be able to manage the device using Firepower Device Manager. All existing policy configurations on device will be reset. (Except interface configurations). You will need to re-configure policies after you onboard the device.

At any point after selecting FTD as the management mode, you can click Manage Smart License to enroll in or modify the existing smart licenses avialable for your device. If you currently do not have any smart licenses available for your tenant, you can opt for the 90-day Evaluation License. If you have already activated the 90-day evaluation mode, the onboarding wizard displays how many days are left.

Step 6

Select Use CLI Registration Key as the onboarding method.

Step 7

Enter the device name in the Device Name field and click Next.

Step 8

In the Policy Assignment step, use the drop-down menu to select an access control policy to deploy once the device is onboarded. If you have no policies configured, select the Default Access Control Policy.

Step 9

Specify whether the FTD device you are onboarding is a physical or virtual device. If you are onboarding a virtual device, you must select the device's performance tier from the drop-down menu.

Step 10

Select the base licenses you want applied to the device. Click Next.

Step 11

CDO generates a command with the registration key and other parameters. To establish and maintain communication with CDO, paste the registration key parameters where it's appropriate for the device type. See the example below to identify the different parameters in the key:

configure manager add { hostname } regkey [ nat_id ] display name

Syntax Description


`hostname`	Specifies the CDO tenant name.
`regkey`	Specifies the unique alphanumeric registration key required to onboard a device to CDO and register to cloud-delivered Firewall Management Center.
`nat_id`	Specifies an alphanumeric string used during the registration process between CDO and the device when one side does not specify an IP address.
`display name`	Specifies the name of the tenant as it appears in the CDO account. This name is preceeded by cisco-.

Firepower 4100/9300 Series - Deploy the logical device at this point and paste the CDO hostname, the CDO registration key, and the NAT ID sections of the generated registration key into the Firepower Chassis Manager. Once you've deployed the device and committed the registration key, you must wait for the logical device to display in the Firepower Chassis Manager before continuning with the rest of this procedure.

Note: If your Firepower 4100 or 9300 Series device is already deployed, paste the entire registration key as is into the device's CLI. Do not paste the command into the FXOS CLI.
Firepower 1000 series, 2100 series, ISA 3000, and FTDv - Open an SSH connection to the device and log in as admin. Copy the entire registration command and paste it into the device's CLI interface at the prompt. In the CLI, enter Y to complete the registration. If your device was previously managed by Firepower Device Manager (FDM), enter Yes to confirm the submission.

Step 12

Click Next in the CDO onboarding wizard.

Step 13

(Optional) Add labels to your device to help sort and filter the Inventory page. Enter a label and select the blue plus button. Labels are applied to the device after it's onboarded to CDO.

What to do next

From the Inventory page, select the device you just onboarded and select any of the option listed under the Management pane located to the right. We strongly recommend the following actions:

Create a custom access control policy to customize the security for your environment.
Enable Cisco Security Analytics and Logging (SAL) to view events in the CDO dashboard or register the device to an FMC for security analytics.