(Preview Only) Secure Firewall Threat Defense

Overview

Deploying a gateway directly to a Secure Firewall Threat Defense virtual (FTDv) device can offer several advantages, especially in network security and management. Utilizing this functionality with FTDv lets you take advantage of advanced security features that may not be present in standard ISP gateways. By deploying a gateway directly to an FTDv device, you can take advantage of these security features to protect your network.

Because this is a multi-product task you must navigate between both Multicloud Defense and Cloud-delivered Firewall Management Center to complete the steps. Multicloud Defense deploys and registers the FTDv device including interfaces, gateway configuration, NAT rules, platform settings, whereas you edit your access policy, rules, and objects in your Cloud-delivered Firewall Management Center account.

Follow this set of procedures to successfully create and register a Multicloud Defense Gateway to your FTDv device:

1. Onboard a CSP.

2. Create a Service VPC.

3. Create a Multicloud Defense Gateway.

4. Configure your access policy cdFMC.

Limitations

Read through the following general limitations that apply when you create a gateway for an FTDv device that is manage by Cloud-delivered Firewall Management Center:

• You cannot create a gateway for clustered FTDv devices.

• Only East-West/Egress gateway types are supported.

• You must create a new Service VPC. VPCs created before this feature do not support this functionality; note that when you create a new VPC it can still be used for both Multicloud Defense gateways or FTDv gateways.

• You must use a license purchased through the Cisco Smart Account.

• At this time, gateway updates are not available. Updates are dependent on available FTD versions.

When you create and apply a gateway to your FTDv environment, note that the Multicloud Defense automatically creates a subnet and a corresponding security group for the secondary interface, which is required.