Updates to Cloud-delivered Firewall Management Center

Security Cloud Control released an update to the cloud-delivered Firewall Management Center. Read the Release Notes for Cloud-delivered Firewall Management Center to learn more.

Cloud-delivered Firewall Management Center Evaluation License Updates

The cloud-delivered Firewall Management Center now offers a 90-day evaluation license. After this period, you can still onboard threat defense devices, but deployments are blocked until the cloud-delivered Firewall Management Center is registered with Cisco Smart Software Manager. You'll receive alert notifications on Security Cloud Control when the evaluation period nears expiration.

See Cloud-Delivered Firewall Management Center Licenses for more information.

Secure Device Connector and Secure Event Connector Now Maintained on Ubuntu VM

Security Cloud Control has deprecated the use of CentOS 7 for the on-premises Secure Device Connector (SDC) and Secure Event Connector (SEC) because CentOS 7 has reached its end-of-life status. The SDC and SEC are now installed and maintained on an Ubuntu VM. Migrating your SDC and SEC to Ubuntu ensures that you receive updates to those applications.

For more information about the migration process, see Migrate an On-Premises Secure Device Connector and Secure Event Connector from a CentOS 7 Virtual Machine to an Ubuntu Virtual Machine.

Share Event Data With Cisco Talos

You can now enable or disable the sharing of event data with Cisco's threat intelligence group, Talos. Sharing event data helps Talos improve its threat detection and response capabilities, allowing it to provide more targeted security insights for your network. This feature is enabled by default. Click Administration > General Settings to change this setting.

Updates to Firewall Migration Tool

Cisco Security Cloud Control (formerly Cisco Defense Orchestrator) released an updated version of the Firewall Migration Tool. You can now perform bulk update of preshared keys for site-to-site VPN configurations, choose to continue or abort the migration when the configuration being migrated has an error-containing parameter, add your target threat defense device as a spoke to an existing hub and spoke VPN configuration, and do much more. See the Cisco Secure Firewall Migration Tool Release Notes for a list of features included in the release.

Updates to Cloud-delivered Firewall Management Center

Cisco Defense Orchestrator released an update to the cloud-delivered Firewall Management Center. Read the Release Notes for Cloud-delivered Firewall Management Center to learn more.

Tenant Creation in the Multi-Tenant Portal

You can now create tenants, add users, and enable cloud-delivered Firewall Management Center and Multicloud Defense in the provisioned tenants.

For more information, see Manage Multi-Tenant Portal.

Analyze and Optimize Security Policies Using Policy Analyzer and Optimizer

You can now use the new Policy Analyzer and Optimizer to analyze your policies, detect anomalies, and receive curated remediation recommendations. Applying these recommendations ensures that your policies are always in an optimal state, which enhances firewall performance. This tool can analyze policies in both cloud-delivered Firewall Management Center and CDO-managed On-Premises Firewall Management Centers, version 7.2 or later. On the left pane, choose Insights > Policy Analyzer and Optimizer.

See Analyzing, Detecting, and Fixing Policy Anomalies Using Policy Analyzer and Optimizer for more information.

Updates to Firewall Migration Tool

You can now configure a threat defense high availability (HA) pair on the migration tool when migrating configurations from a Secure Firewall ASA HA pair to a threat defense device. In addition, you can configure a site-to-site hub and spoke VPN topology when migrating site-to-site VPN configurations from a Secure Firewall ASA.

See Cisco Secure Firewall Migration Tool Release Notes for more information.

Onboard a Secure Firewall Threat Defense 3100, 4100, 4200, or 9300 Chassis Using Cisco Defense Orchestrator

You can now add a Firepower 3100, 4100, 4200, or 9300 chassis to the cloud-delivered Firewall Management Center through Cisco Defense Orchestrator.

The management center and the chassis share a separate management connection using the chassis MGMT interface. The management center offers chassis-level health alerts. For configuring 4100 or 9300, you still need to use the Secure Firewall chassis manager or FXOS CLI. For 3100 or 4200, you can use the chassis management interface within the cloud-delivered Firewall Management Center. See Onboard a Chassis for more information.

Updates to Cloud-delivered Firewall Management Center

Cisco Defense Orchestrator released an update to the cloud-delivered Firewall Management Center. Here are the highlights of the update! Read the Release Notes for Cloud-delivered Firewall Management Center to learn more.

Platform

• Threat defense Version 7.6.0 support

High Availability/Scalability

• Multi-instance mode for the Secure Firewall 3100

Access Control: Threat Detection and Application Identification

• Bypass decryption for sensitive and undecryptable traffic

Access Control: Identity

• Microsoft Azure AD as a user identity source

Health Monitoring

• Collect health data without alerting

• Chassis-level health alerts for the Firepower 4100/9300

Administration

• Threat defense high availability automatically resumes after restoring from backup.

• Change management ticket takeover; more features in the approval workflow.

Troubleshooting

• Troubleshoot Snort 3 performance issues with a CPU and rule profiler.

Management Center REST API

• Updates to management center REST API.

Generic Text Dynamic Attributes Connector Support

A Generic Text Dynamic Attributes Connector, allows you to maintain a list of IP addresses in a text file and then enforce an access control policy using that list. For example, you could use the list of IP addresses in an “allow list” or a “block list” in an access control rule. Periodically, after the text file containing the IP addresses is updated, Cisco Secure Dynamic Attribute Connector updates any access control rules that use that IP address list. You can specify up to 10,000 IP addresses per text file. See “Creating a Generic Text ” for more information.

VPN Tunnel Support for Multicloud Defense

You can now create a VPN tunnel in Multicloud Defense with a Multicloud Defense Gateway as one endpoint and a managed device or a cloud service provider such as GCP as the other endpoint. See Multicloud Defense User Guide for more information.

Enhanced Audit Logs in CDO

Audit Logs now display user-related and system-level actions, including User Login, Tenant Association and Disassociation, User Role Change, and Active Directory Group modifications.

For more information, see Audit Logs.

Upgraded ASA Access Control Policy Interface

CDO now introduces an upgraded ASA access control policy interface featuring enhanced shared access lists, simplified rule management, and enhanced search result navigation.

See Manage ASA Network Security Policy for more information.

New Threat Defense Dashboard Widgets for Application Monitoring

CDO now features four new dashboard widgets: Top Web Applications, Top Client Applications, Top Blocked Web Applications, and Top Users by Blocked Connections. These new widgets provide you with an at-a-glance view of the most used web and client applications as well as the users with the most blocked connections. Note that the information the threat defense dashboard provides depends on how you license, configure, and deploy the devices in your system. Click Analytics > FTD Dashboard to view the new dashboard widgets.

See About the FTD Dashboard for more information.

Pause Threat Defense to Cloud-delivered Firewall Management Center Migration to Review Imported Shared Policies

You can now pause the threat defense to the cloud-delivered Firewall Management Center migration process to review the imported shared policy configuration. At this stage, neither the evaluation period is initiated, nor the threat defense's manager is changed, which provides you time to review the configurations. After reviewing the configuration, you can resume the migration process to import the device-specific configuration to the cloud-delivered Firewall Management Center during the scheduled migration period. Click Tools & Services > Migrate FTD to cdFMC.

See Threat Defense to Cloud-delivered Firewall Management Center Migration for more information.

Firewall Management with Cisco AI Assistant

CDO administrators now have a more efficient way to manage Secure Firewall Threat Defense policies and access documentation with the integration of the Cisco AI Assistant in Cisco Defense Orchestrator (CDO) and cloud-delivered Firewall Management Center. The Cisco AI Assistant has several key features:

• Pre-Enabled Assistant: The AI Assistant is enabled by default on every CDO tenant. If needed, you can disable it on the General Settings page of your tenant.

• Easy Access: CDO Super Admins and Admin can access the AI Assistant directly from the top menu bar of their tenant’s dashboard after logging in.
  
  

• User Orientation: Upon opening the AI Assistant widget for the first time, users are greeted with a carousel window that introduces the AI Assistant, explains data privacy protections, and provides tips on effective usage.

• Policy Rule Assistance: The AI Assistant simplifies the process of creating policy rules on Secure Firewall Threat Defense devices. Administrators can quickly create access control rules using simple prompts.

• Product Knowledge Resource: The AI Assistant has ingested CDO's and the cloud-delivered Firewall Management's documentation. If you need help, you can ask it a question.

• User-Friendly Interface:

  • Simple Text Input Box: Located at the bottom of the window for easy engagement with the Assistant.

  • Thread History: The questions, or series of questions, you ask the AI Assistant are called threads. The AI Assistant retains your thread history so you can refer to the questions you’ve asked.

  • Feedback: Provide feedback on the Assistant’s responses with thumbs up or thumbs down.

See the Cisco AI Assistant User Guide for more information.

CDO in India!

CDO is now available in India at https://in.cdo.cisco.com. You can create yourself a tenant in India by going to https://www.getcdo.com.

Updates to Cloud-Delivered Firewall Management Center

Cisco Defense Orchestrator released an update to the cloud-delivered Firewall Management Center. Read the Release Notes for Cloud-delivered Firewall Management Center to learn about the many new features included in the update.

CDO in Australia!

CDO is now available in Australia at https://aus.cdo.cisco.com. You can create yourself a tenant in Australia by going to https://www.getcdo.com.

CDO API

CDO now offers a RESTful API that allows you to programmatically interact with CDO. The API provides access to a wide range of CDO features, including device management and deployment, object management, searches, changelog monitoring, and user management. Learn more by reading the Cisco Defense Orchestrator API Documentation. You can also reach the CDO API documentation by navigating from the user menu located in the top right corner of your CDO tenant.

Note	The CDO GraphQL API is no longer supported or available.

Updates to Firewall Migration Tool

CDO now hosts an updated version of the Firewall Migration Tool. You can now optimize network and port objects before migrating them from a Secure Firewall ASA device to a threat defense device. In addition, you can migrate DHCP, DDNS, and SNMPv3 configurations from an FDM-managed device to a threat defense device.

To know more about the other new features, refer to the Cisco Secure Firewall Migration Tool Release Notes.

CDO Tenant Notifications and User Notification Preferences Relocation

The tab for notifications and user preferences have moved. Notifications, now located in the navigation bar located to the left with Settings > Notification Settings, allow you to manage email subscriptions and third-party service integrations. User Preferences, now located Username ID > Preferences > Notification Preferences, can be configured to trigger whenever a device associated with your tenant experiences a specific action, a device certificate is expiring or has expired, or a background log search starts, finishes or fails. Note that User Notification Preferences are unique to each individual user whereas Tenant Notifications are applied to every user affiliated with the tenant. See Tenant Management for more information.

Device Certificate Expiry Notification

CDO now monitors the expiration status of the Cisco Secure Client (formerly AnyConnect) certificate, and the management certificate of ASA, FDM-Managed, and FTD devices. It notifies the user when these certificates are nearing their expiration date or have expired.

See Device Certificate Expiry Notification.

Cisco Security Cloud Control support for Multicloud Defense

The Cisco Security Cloud Control enterprise now supports adding an existing Multicloud Defense account; you can add a Multicloud Defense tile to your Security Cloud enterprise dashboard to monitor and centralize your management of other Cisco product instances, user identity, and user access management across Cisco Security Cloud portfolio. See Multicloud Defense in Cisco Security Cloud Control in the Multicloud Defense User Guide for more information.

Dark Theme in CDO

CDO now offers a Dark theme option for a more customizable user interface look. Click the admin drop-down on the top right corner, navigate to Preferences > General Preferences, and click Dark in the Theme field. The default theme is the Light theme.

See User Settings for more information.

Automatically Synchronize Network Objects to On-Prem Secure Firewall Management Centers

You can now automatically and continuously synchronize your network objects in CDO to On-Prem FMCs managed by CDO. Note that this feature is disabled by default. To enable this feature, navigate to Tools & Services > Firewall Management Center, select an On-Prem FMC, choose Settings in the Actions pane, click Discover and Manage Network Objects, and click Enable automatic sync of network objects. Ensure you have the Discover and Manage Network Objects toggle enabled.

See Discover and Manage On-Prem Firewall Management Center Network Objects for more information.

Improved CDO Tenant Provisioning

You can now create a CDO tenant using an enhanced, faster provisioning process. You can also create new CDO tenants even if you already have tenants. In addition, if you have an On-Premises Firewall Management Center that is not SecureX-enabled, you can now register it to the Cisco Security Cloud through CDO. If you do not have a CDO account, you can create one during the registration process. See Create a CDO Tenant for more information.

Disable Individual Threat Defense Devices From Sending Event Logs to the Cisco Cloud

You can now disable individual cloud-delivered Firewall Management Center-managed threat defense devices (Version 7.4.1 or later) from sending event logs to the Cisco cloud. This device-level control allows you to temporarily stop threat defense devices from sending event logs sent to the cloud, if required. To specify which threat defense devices are to be disabled from sending event logs to the Cisco cloud, click Inventory, select the corresponding threat defense devices, and click Cloud Events from the Device Management pane.

Simplified Secure Device Connector and Secure Event Connector Installation on Ubuntu

You can now easily deploy Secure Device Connector and Secure Event Connector on Ubuntu server using the GitHub project available on the Cisco DevNet site. For more information, refer to this document and watch this video on YouTube.

Updates to Cloud-Delivered Firewall Management Center

Cisco Defense Orchestrator released an update to the cloud-delivered Firewall Management Center. Read the Release Notes for Cloud-delivered Firewall Management Center to learn about the many new features included in the update.

Updates to Firewall Migration Tool

CDO now hosts an updated version of the Firewall Migration Tool. You can now migrate WebVPN configurations from your Secure Firewall ASA devices to Zero Trust Access Policy configurations on threat defense devices managed by the cloud-delivered Firewall Management Center. You can also migrate SNMP, DHCP, DVTI configurations from ASAs to threat defense devices and ECMP routing configurations when migrating from a multi-context ASA device to a single-instance threat defense device. Read the Cisco Secure Firewall Migration Tool Release Notes to know about the other new features included in the release.