Walkthroughs Supported in Secure Firewall Management Center

The walkthroughs guide you to perform the steps required to achieve a task by taking you through each step, one after the other, until you complete the task. To view the walkthroughs, on the management center menu bar, choose Help > How-Tos. You can use the global search feature of the management center to quickly find walkthroughs of your interest. Search for the walkthrough title or terms in the walkthrough title for better search results. For more information about searching and finding walkthroughs of your interest in the management center, see Search for How To Walkthroughs.

The following is the list of feature walkthroughs supported in the management center:

Version

Use case

Walkthrough Title

7.6.0 and later

Register and Preprovision SD-WAN Branch Office Devices Using Device Template.

  • Create a Device Template with SD-WAN Branch Device Configurations.

  • Configure BGP Routing Policy in a Device Template.

  • Add a Branch Device Using a Device Template and Registration Key.

  • Add Multiple Branch Devices Using a Device Template and Serial Numbers.

7.6.0 and later

Set up your device.

  • Manage Devices Using Device Template

  • Configuring Single Sign-On in the Management Center

7.6.0 and later

Configure identity policies.

  • Create a Microsoft Active Directory realm, directories, realm sequence, and identity policy

  • Configure a Microsoft Azure Active Directory identity realm

  • Create an Azure AD (SAML) Realm for Active or Passive Authentication

  • Create a Passive Identity Agent Identity Source

  • Create a user for the Passive Identity Agent

7.4.1 and later

Configure SD-WAN capabilities..

  • Configure Direct Internet Access with Path Optimization for Applications.

  • Secure Branch-to-Hub Communication Using Dynamic Virtual Tunnel Interface.
Manage your chassis.

  • Register a Chassis with the Management Center.

  • Create a Chassis Platform Settings Policy.

  • Add a Secure Firewall Threat Defense Instance in the Chassis.
Set up your device.

Configure External Authentication.

7.4.0 and later

Configure a Site-to-Site VPN Topology with Dynamic VTI.

  • Create a Route-Based Site-To-Site VPN with Dynamic VTI.

  • Create a Virtual Router.

  • Assign Interfaces to the Virtual Router.

  • Configure a BGP Routing Policy for a Site-to-Site VPN with Dynamic VTI.

  • Add an Access Control Rule to Allow VTI Traffic.

Loopback Support for BGP Routing.

  • Create a Loopback Interface.

  • Configure Loopback Interface as Source for the BGP Neighbor.

Snort 3 IPS – A Feature Walkthrough.

View the Summary Layer.

Working with Snort 3.

Convert all Snort 2 Custom Rules to Snort 3.

7.3.0 and later

Configure Decryption Policies.

  • Create a Decryption Policy and Decrypt–Resign Rules.

  • Create a Decryption Policy and Decrypt–Known Key Rules.

  • 7.2.6

  • 7.4.0 and later

Snort 3 IPS – A Feature Walkthrough.

  • View the Base Policy Layer.

  • Customize the Base Policy Using Rule Overrides.

  • Customize the Base Policy Using Group Overrides and Recommendations.

7.2.6 and later

Configuring VPN

  • Renew a Certificate Using Manual Re-Enrollment.

  • Renew a Certificate Using Self-Signed, SCEP, or EST Enrollment.

  • Configure LDAP Attribute Map for Remote Access VPN.

  • Add SAML Single Sign-On Server Object.

Configure Dynamic Access Policy for Remote Access VPN.

  • Create a Dynamic Access Policy.

  • Create a Dynamic Access Policy Record.

  • Associate Dynamic Access Policy with Remote Access VPN.

Troubleshoot Your Device.

  • Collect packet capture for Threat Defense device.

  • Collect Packet Trace to Troubleshoot Threat Defense Device.

7.2.0 and later

The New Access Control Policy UI–A Feature Walkthrough.

  • Accessing the New AC Policy UI.

  • The New AC Policy UI–Rules Table.

  • The New AC Policy UI–Rule Creation.

  • The New AC Policy UI–Rule Editing.

Working with Snort 3.

  • Convert Devices from Snort 2 to Snort 3.

  • Edit the Default Discovery Rule to Identify the Hosts in the Network.

  • Configure Secure Firewall Recommended Rules.

  • Synchronize the Snort 2 Rules Changes with Snort 3.

Configure User Identity–Dynamic Objects.

  • Configure Dynamic Objects.

  • Configure an Access Control Policy Rule for a Dynamic Object.

Create and Install an Identity Certificate on Device for Remote Access VPN Configuration.

  • PKCS12 Cert Enrollment Object.

  • Manual Cert Enrollment Object.

  • Self-signed Cert Enrollment Object.

  • SCEP Cert Enrollment Object.

  • Install Manual Certificate.

  • Install PKCS12, SCEP, or Self-Signed Certificate.

  • Configure Remote Access VPN.

7.1.0 and later

Working with Snort 3.

  • Create a Snort 3 Intrusion Policy.

  • Enable or Disable Snort 3 on an Individual Device.

  • Create a Snort 3 Network Analysis Policy.

  • View the Network Analysis Policy Mapping.

Create and Manage a Cluster.

  • Create a Cluster.

  • Modify an Existing Cluster.

  • Add Nodes to an Existing Cluster.

  • Remove a Data Node from a Cluster.

  • Break a Cluster.

  • Delete a Cluster.

  • Break a Node from Clustering.

  • Delete a Data Node from Clustering.

Change the Management Center Access Interface from Management to Data.

  • Initiate the Interface Migration from Management to Data Interface.

  • Enable Management Center Access on an Interface.

  • Configure Dynamic DNS.

  • Deploy Configuration Changes.

  • Update the Hostname or IP Address in the Management Center.

  • Confirm the Management Connection Status.

Change the Management Center Access Interface from Data to Management.

  • Initiate the Interface Migration from Data to Management Interface.

  • Deploy Configuration Changes.

  • Update the Hostname or IP Address in FMC.

  • Check the Management Connection Status.

Upgrade Secure Firewall Threat Defense.

  • 7.0.0

  • 7.1.0

Enabling the SecureX Ribbon.

7.0.0 and later

Add a Device to Management Center Using Remote Branch Deployment.

  • Set up a Device and Discover it in the Management Center using Remote Branch Deployment.

  • Verify the Remote Branch Deployment Configuration Details.

6.7.0 through 7.4.1

Configuring identity policies.

  • Create an Identity Policy Using the ISE/ISE-PIC Identity Source.

  • Create an Identity Policy Using the TS Agent Identity Source.

  • Create a Trusted Certificate Authority Object.

6.7.0 and later

Set Up Your Device.

  • Register the Management Center with Cisco Smart Account.

  • Set up a Device and add it to Management Center.

  • Configure Date and Time.

  • Configure Interface Settings.

  • Create an access control policy.

  • Configure Static Routing.

  • Add an Access Control Rule–A Feature Walkthrough.

  • Create a NAT Policy–A Feature Walkthrough.

  • Create a high availability (HA) pair.

Configure network discovery policies.

  • Customize your Network Discovery Policy.

  • Enable Indications of Compromise Rules in the Network Discovery Policy.

  • View Network Maps To Evaluate the Efficacy of Your Network Discovery Policy.

Create a Decryption Policy With One or More Do Not Decrypt Rules (formerly known as Create an SSL Do Not Decrypt Policy).

  • Create a decryption policy.

  • Create Do Not Decrypt rule.

  • Associate the Decryption Policy With an Access Control Policy.

  • Add an Access Control Rule for a Decryption Policy.

Create a Decryption Policy With One or More Decrypt–Resign Rules (formerly known as Create an SSL Decrypt–Resign Policy).

  • Create an Internal Certificate Authority Object.

  • Create a Decryption Policy With One or More Decrypt–Resign Rules.

  • Associate the Decryption Policy With an Access Control Policy.

  • Add an Access Control Rule for a Decryption Policy.

Create a Decryption Policy With One or More Decrypt–Known Key Rules (formerly known as Create an SSL Decrypt–Known Key Policy).

  • Create an Internal Certificate Object.

  • Create a Decryption Policy With One or More Decrypt–Known Key Rules.

  • Associate the Decryption Policy With an Access Control Policy.

  • Add an Access Control Rule for a Decryption Policy.

Create a Decryption Policy With One or More Block Rules (formerly known as Create an SSL Decrypt–Known Key Policy).

  • Create a Decryption Policy.

  • Create One or More Block or Block With Reset Rules.

  • Associate the Decryption Policy With an Access Control Policy

  • Add an Access Control Rule for a Decryption Policy.

Create Intrusion Policies.

  • Create a Snort 2 Intrusion Policy..

  • Associate an Intrusion Policy With an Access Control Rule.

Create File (Malware) Policies.

  • Create a File-Based Control Policy Using Advanced Malware Protection (AMP).

  • Associate a File (Malware) Policy to an Access Control Policy.

Configure identity policies.

  • Create a Microsoft Active Directory identity realm and directories (formerly known as Create an Identity Realm and Directories).

  • Create an Identity Realm Sequence.

  • Create the TS Agent User and Role.

  • Create the ISE/ISE-PIC Identity Source.

  • Create an Identity Policy.

  • Create an Identity Rule.

  • Associate the Identity Policy With an Access Control Policy.

  • Add an Access Control Rule for an Identity Policy.

Configure and Customize Site-to-Site VPN.

  • Configure a Policy-Based Site-to-Site VPN.

  • Customize IKE Options for an Existing Site-to-Site VPN Deployment.

  • Customize IPsec Options for an Existing Site-to-Site VPN Deployment.

  • Customize Advanced Settings for an Existing Site-to-Site VPN Deployment.

Certificate Authentication for Remote Access (RA) VPN

  • Creating a Certificate Map for Certificate Authentication in RA VPN.

  • Associating a Certificate Map to a Connection Profile.

Configuring Traffic Filtering for Remote Access (RA) VPN Connections.

  • Creating an Extended Access List for Filtering Traffic on an RA VPN Connection.

  • Adding an Extended Access List to a Group Policy for Filtering Traffic on an RA VPN Connection.

Configure a VTI tunnel.

  • Create a Route-based VPN (VTI).

  • Configure a Static Route for VTI.

  • Configure BGP Routing for VTI.

  • Configure an Access Control Rule To Allow Encrypted Traffic Over VTI.

Configure Virtual Routing for Secure Firewall Threat Defense.

  • Create a Virtual Router.

  • Assign Interfaces to Virtual Routers.

  • Configure Routing Policy.

  • Configure NAT for a Virtual Router.

  • Provide Internet Access with Overlapping Address Spaces.

  • Configure SSL Cipher Suites.

  • Change the Theme of the Web Interface (formerly known as Switch to Classic or Dusk Theme).