Secure Firewall Management
Center (formerly Firepower Management
Center)
|
The management center is a powerful, web-based, multi-device manager that runs on its own server hardware, or as a virtual device on a hypervisor.
You should use the management center if you want a multi-device manager, and you require all features on the threat
defense. The management center also provides powerful analysis and monitoring of traffic and events.
In 6.7 and later, the management center can manage the threat
defenses from the outside (or other data) interface instead of from
the standard Management interface. This feature is useful for
remote branch deployments.
Note
|
The management center is not compatible with other managers because the management center owns the threat
defense configuration, and you are not allowed to configure the threat
defense directly, bypassing the management center.
|
To get started with the management center, see Threat Defense Deployment with the Management Center.
|
Secure
Firewall Device Manager (formerly Firepower Device
Manager)
|
The device
manager is a web-based, simplified, on-device manager. Because it is simplified, some threat
defense features are not supported using the device
manager. You should use the device
manager if you are only managing a small number of devices and don't need a multi-device manager.
Note
|
Both the device
manager and CDO in FDM mode can discover the configuration on the
firewall, so you can use the device
manager and CDO to manage the same firewall. The management center is not compatible with other managers.
|
To get started with the device
manager, see Threat Defense Deployment with the Device Manager.
|
Cisco Defense Orchestrator (CDO)
|
CDO offers two management modes:
-
(7.2 and later) Cloud-delivered management center mode with
all of the configuration functionality of an on-premises
management center. For the analytics functionality, you can
use either Secure Cloud Analytics in the cloud or an on-prem
management center.
-
(Existing CDO users only) Device manager mode with a
simplified user experience. This mode is only available to
users who are already using CDO to manage threat
defenses in device manager mode. This mode is not covered in this
guide.
Because CDO is cloud-based, there is no overhead of running CDO on
your own servers. CDO also manages other security devices, such as
ASAs, so you can use a single manager for all of your security
devices.
CDO is not covered in this guide.
To get started with CDO, see the CDO
home page.
|
Secure Firewall Threat Defense REST API
|
The threat defense REST API lets you automate direct configuration of the threat
defense. This API is compatible with the device
manager and CDO use because they can both discover the configuration on the firewall. You cannot use this API if you are managing
the threat
defense using the management center.
The threat defense REST API is not covered in this guide. For more information, see the Cisco Secure Firewall Threat Defense
REST API Guide.
|
Secure Firewall Management Center REST API
|
The management center REST API lets you automate configuration of management center policies that can then be applied to managed threat
defenses. This API does not manage the threat
defense directly.
The management center REST API is not covered in this guide. For more information, see the Secure Firewall Management Center REST API Quick Start
Guide.
|