FTD Managers
Table 1: FTD Managers
DescriptionManager
FDM is a web-based, simplified, on-device manager. Because it is simplified, some
FTD features are not supported using FDM. You should use FDM if you are only
managing a small number of devices and don't need a multi-device manager.
Both FDM and CDO can discover the configuration on the firewall, so you
can use FDM and CDO to manage the same firewall. FMC is not compatible
with other managers.
Note
To get started with FDM, see Firepower Threat Defense Deployment with FDM, on
page 61.
Firepower Device Manager (FDM)
CDO is a simplified, cloud-based multi-device manager. Because it is simplified, some
FTD features are not supported using CDO. You should use CDO if you want a
multi-device manager that offers a simplified management experience (similar to FDM).
And because CDO is cloud-based, there is no overhead of running CDO on your own
servers. CDO also manages other security devices, such as ASAs, so you can use a
single manager for all of your security devices.
In 6.7 and later, CDO offers Low Touch Provisioning that lets branch offices plug in
their hardware and leave it alone: the firewall will automtically register with CDO.
Both FDM and CDO can discover the configuration on the firewall, so you
can use FDM and CDO to manage the same firewall. FMC is not compatible
with other managers.
Note
To get started with CDO low-touch provisioning, see Firepower Threat Defense
Deployment with CDO and Low-Touch Provisioning, on page 5.
To get started with CDO provisioning, see Firepower Threat Defense Deployment with
CDO, on page 23.
Cisco Defense Orchestrator (CDO)
FMC is a powerful, web-based, multi-device manager that runs on its own server
hardware, or as a virtual device on a hypervisor. You should use FMC if you want a
multi-device manager, and you require all features on the FTD. FMC also provides
powerful analysis and monitoring of traffic and events.
In 6.7 and later, FMC can manage FTDs from the outside (or other data) interface instead
of from the standard Management interface. This feature is useful for remote branch
deployments.
FMC is not compatible with other managers because the FMC owns the FTD
configuration, and you are not allowed to configure the FTD directly,
bypassing the FMC.
Note
To get started with FMC on the Management network, see Firepower Threat Defense
Deployment with FMC, on page 85.
To get started with FMC on a remote network, see Firepower Threat Defense Deployment
with a Remote FMC, on page 117.
Firepower Management Center (FMC)
Cisco Firepower 1100 Getting Started Guide
2
Which Operating System and Manager is Right for You?
FTD Managers
To Next Page
Loading...
Need help?
General