Deploy a Threat Defense Virtual in Azure

Onboard a threat defense virtual for Azure that is managed by cloud-delivered Firewall Management Center.

The Azure environment can only support one threat defense virtual. To onboard multiple devices, you must have a separate Azure instance for each of those devices.

Before you begin

Ensure that you have an active Azure subscription.

Procedure

Step 1

Log into CDO.

Step 2

In the left pane, click Inventory and click the plus icon.

Step 3

Under Select a Device or Service Type, click the FTD tile.

Step 4

Under Management Mode, ensure that FTD is selected.

Warning

By selecting FTD under Management Mode, the device is reconfigured to use the cloud-delivered Firewall Management Center as the manager.

Step 5

Click Deploy an FTD to a cloud environment as the onboarding method.

Step 6

Choose Azure as your cloud provider from the drop-down list.

Step 7

(Optional) If you have not registered your CDO account to an Azure subscription, you can do so now. Click Azure Cloud Shell to launch the Azure cloud shell and paste the script that is provided. If you have registered your account or if you have completed executing the script, click Next.

Step 8

Choose a Region to deploy the Azure subscription from the drop-down list.

Step 9

Enter the FTD Password that you wish to use for SSH console access.

Step 10

Enter a Device Name. This name is applied to the threat defense virtual in the Inventory page and Azure resource group.

Step 11

In the Policy Assignment step, use the drop-down menu to select an access control policy to deploy once the device is onboarded. If you have no policies configured, select the Default Access Control Policy.

Step 12

Select the licenses you want to apply to the device. You must select at least the essential license as the base license for this device. Click Next.

Step 13

Click Complete onboarding.

This completes the onboarding wizard. It may take up to 20 minutes for the device to fully onboard and synchronize. To monitor the creation process, expand the Workflows option of the Azure subscription that is hosting the device.

What to do next

Once the device is synchronized, select the device you just onboarded from the Inventory page and select any of the options listed under the Device Management pane located to the right. We strongly recommend the following actions:

  • If you did not already, create a custom access control policy to customize the security for your environment. See Access Control Overview in Managing Firewall Threat Defense with Cloud-Delivered Firewall Management Center in Cisco Defense Orchestrator for more information.

  • Enable Cisco Security Analytics and Logging (SAL) to view events in the CDO dashboard or register the device to an Secure Firewall Management Center for security analytics. See Cisco Security Analytics and Logging in Managing Firewall Threat Defense with Cloud-Delivered Firewall Management Center in Cisco Defense Orchestrator for more information.