Home > Articles > Certification > Cisco Certification > CCNP Security / CCSP

  • Print
  • + Share This
This chapter is from the book

Device Management

When using the Firewall MC, all managed devices are members of a group named Global. You also can group your firewalls into subgroups that share similar properties (such as configuration settings or geographic location). Grouping similar devices facilitates management of those devices. You can also import existing configurations into Firewall MC. These activities are accessed through the Devices configuration tab. The tasks in this section include the following:

  • Managing groups

  • Importing devices

  • Managing devices

Managing Groups

Select Devices > Managing Groups to add new groups to the system, modify existing groups, and delete existing groups (see Figure 14-5). When defining group names, it is helpful to use descriptive names that clearly identify the different groups. For example, you may identify your groups based on geographic region or department within the company.

NOTE

Subgroup names must be unique within an enclosing group.

Figure 5Figure 14-5 Managing Groups

When managing groups, you can perform the following operations:

  • Add—Add new groups

  • Edit—Rename existing groups

  • View—View the description for a group

  • Move—Move the group to a new location in the hierarchy

  • Delete—Remove an existing group

Importing Devices

After defining your device groups, you can then import devices into those groups using the Devices > Import Devices option. When importing devices, you perform the following four basic steps:

  1. Select the target group.

  2. Select the import type.

  3. Define firewall device basic information.

  4. Review summary details.

You have several options when importing devices into Firewall MC (see Figure 14-6). Table 14-5 explains the various import options that are available.

Table 14.5 Device Import Options

Import Option

Description

Create Firewall Device

Allows you to add a single device manually.

Import configuration from device

Allows you to provide device credentials manually that enable the Firewall MC server to communicate directly with the device to retrieve the configuration.

Import configuration file for a device

Allows you to import configuration information for a single device from a configuration file.

Import multiple firewall configurations from a CSV file

Allows the Firewall MC server to communicate directly with multiple firewalls (specified in a comma-separated value [CSV] file) to retrieve configuration information.

Import configuration files for multiple devices

Allows you to import multiple configuration files from a single directory. Each file contains configuration information for a single device.


NOTE

You can import from a device only once. To reimport a device’s configuration, you must first delete the device and then import it again.

Figure 6Figure 14-6 Select Import Type

If you select the Import configuration from device option as the import type, you must provide the following parameters that Firewall MC needs to communicate with the device being imported (see Figure 14-7):

  • Contact User Name—(Optional) The username used when connecting to the firewall

  • Contact IP Address—The IP address used to connect to the firewall

  • Password—The firewall enable password

Figure 7Figure 14-7 Firewall Contact Information

After specifying all of the characteristics for the device being imported, you will see an Import Status window (see Figure 14-8). This window displays the progress of the actual import process, and it automatically updates itself every 60 seconds. You can also force the window to update by clicking the Refresh button.

Figure 8Figure 14-8 Import Status Window

When the import is complete, you can view the configuration of the device by clicking the View Config link located in the Details section of the Import Status window (see Figure 14-8).

Managing Devices

Sometimes you need to remove devices or move them from one group to another. To perform these types of device operations, select Devices > Managing Devices. The Managing Devices window enables you to move a device from one group to another and remove existing devices (see Figure 14-9).

Figure 9Figure 14-9 Managing Devices

  • + Share This
  • 🔖 Save To Your Account