Plan device connectivity
Security Cloud Control Firewall Management connects to managed devices either through the cloud connector or through an SDC.
|
Connection method |
Use when |
Required network access |
|---|---|---|
|
Direct cloud connector |
The device is directly reachable from the internet. |
Allow inbound access from the Security Cloud Control Firewall Management IP addresses for your cloud region on port `443`, or on the port that you use for device management. |
| SDC |
The device is not directly reachable from the internet, or the source explicitly requires an on-premises SDC. |
Allow full inbound access from the SDC host on port `443`, or on the port that you use for device management. Ensure that the SDC VM can reach the device management interface. |
An FDM-managed device can be onboarded to Security Cloud Control Firewall Management by using device credentials, a registration key, or its serial number whether it is directly accessible from the internet. If the device does not have direct internet access, but it resides on a network that does, the Security Services Exchange connector that is delivered as part of the device can reach the Security Services Exchange cloud and allow the FDM-managed device to be onboarded.
The source explicitly states that you need an on-premises SDC to onboard the following:
-
An ASA device that is not accessible from the cloud
-
An FDM-managed device that is not accessible from the cloud when you use the credentials onboarding method
-
A Cisco IOS device
-
A device with SSH access.
All other devices and services do not require an on-premises SDC because Security Cloud Control Firewall Management connects by using its cloud connector.