Onboard an On-Premises Firewall Management Center to Security Cloud Control

Security Cloud Control provides these methods to onboard on-premises Firewall Management Centers:

For more information, see Connect Security Cloud Control to your Managed Devices.

Note

Security Cloud Control complements FMC by allowing you to:

Limitations and Guidelines

These are the limitations applicable to onboarding an on-premises Firewall Management Center:

  • Onboarding an on-premises Firewall Management Center also onboards all devices registered to it. If a managed device is disabled or unreachable, Security Cloud Control may display the device in the Security Devices page but cannot send requests to or view information for the device.

  • Onboarding an on-premises Firewall Management Center does not cascade the policies in on-premises Firewall Management Center to Security Cloud Control or Cloud-Delivered Firewall Management Center. However, you can migrate a Firewall Threat Defense managed by on-premises Firewall Management Center to Cloud-Delivered Firewall Management Center using the inbuilt Migrate FTD to cdFMC feature, which brings all policies linked to the device. For more information, see Migrate Threat Defense to Cloud-delivered Firewall Management Center.

  • We recommend creating a new user on on-premises Firewall Management Center specifically for Security Cloud Control communication that has administrator-level permissions. If you onboard an on-premises Firewall Management Center and then log in to that on-premises Firewall Management Center simultaneously using the same credentials, onboarding fails.

  • To create a new user on on-premises Firewall Management Center for Security Cloud Control communication, set the Maximum Number of Failed Logins for user configuration to zero.

  • For on-premises Firewall Management Centers running version 7.4 or older, if you experience a switchover and the FMC is no longer connected to the cloud, try disabling SecureX and then re-enabling it.