Provision Firewall Profiles

Provision a Firewall Threat Defense Device

This procedure explains how to provision a Firepower Threat Defense (FTD) device managed by Firepower Management Center (FMC).

Before you begin

Procedure

Step 1

Click the menu icon () and choose Provision > Network Devices > Inventory.

The Inventory page displays the device information that is gathered during the discovery process.

Step 2

Check the check box next to the FTD device that you want to provision and click Assign under the Site column.

Step 3

In the Assign Device to Site window, click Choose a Site.

Step 4

In the Choose a Site window, select a site from the hierarchy and click Save.

Step 5

Click Next.

Step 6

Click Now to assign the device to site immediately or click Later to schedule at a specific time.

Step 7

Click Assign.

Note

 

You can view the status of assigning device to site in Activities > Tasks.

Step 8

From the Actions drop-down list, choose Provision > Provision Device.

The Provision Firewall Profile window appears.

Step 9

Review the details in the Confirm Profile page and click Next.

Step 10

Review the details in the Firewall Type page and click Next.

The FTD Configuration page appears.

Step 11

If you have associated a routed mode firewall with the site, do the following:

  1. Expand the Outside Interface area, choose an outside interface from the Select Physical Interface drop-down list, and choose Static IP or DHCP radio button.

    • Static IP: Enter the IP address and a subnet mask.

    • DHCP: The IP address is obtained from DHCP.

  2. Expand the Inside Interface area, choose an inside interface from the Select Physical Interface drop-down list, and choose Static IP or DHCP radio button.

    • Static IP: Enter the IP address and a subnet mask.

    • DHCP: The IP address is obtained from DHCP.

Step 12

If you have associated a transparent mode firewall with the site, do the following:

  1. Expand the Outside Interface area and choose an outside interface from the Select Physical Interface drop-down list.

  2. Expand the Inside Interface area and choose an inside interface from the Select Physical Interface drop-down list.

  3. Expand the Bridge Virtual Interface area, and do the following:

    • Bridge Group Number: Enter a bridge group number. The valid number is from 1 to 250.

    • IP: Enter the IP address of the FTD device.

    • Subnet Mask: Enter a subnet mask.

Step 13

Click Next.

Step 14

In the Summary window, review the device specifications.

Step 15

To proceed, click Deploy.

The Provision Firewall device(s) dialog box appears.

Step 16

Click Now, Later, or Generate configuration preview radio button.

  • Now: Starts the provision immediately.

  • Later: Schedules the provisioning at a specific time.

  • Generate configuration preview: Generates preview which can be later used to deploy on selected devices.

Step 17

Click Apply.

Note

 

You can view the status of provisioning firewall device in Activities > Tasks. If you have chosen Generate configuration preview in the Provision Firewall device(s) dialog box, you can view the status in Activities > Work Items.