Cisco
Login
Search

Cisco Secure Access Help Traffic Steering for Zero Trust Access Client-Based Connections Manage Threat Defense Devices for Universal Zero Trust Network Access Associate Private Resources with Threat Defense Devices Associate Private Resources with Firewall Threat Defense

Last updated: Aug 29, 2025

Associate Private Resources with Firewall Threat Defense

Before you begin

You must have created the private resources on Secure Access.

Procedure

1

In Cisco Defense Orchestrator, click Products > Secure Access.

Secure Access product menu displays in the left navigation bar.
2

Click Connect > Network Connections.
3

Click the FTDs tab.

The available Firepower Threat Defense devices that are configured for universal zero trust network access are displayed.

Ensure that the device is associated with a trusted network to enforce policies on traffic originating from the trusted network before proceeding to the next step.

After a Threat Defense device is onboarded, it is automatically associated with a default trusted network if one exists. Otherwise, you must create a trusted network and associate it with the Threat Defense device.
4

Click the name of a Threat Defense device to configure.
5

In the right pane, click Associate Resources.


 

  • Only those resources that are enabled for zero trust access may associate with a Threat Defense device.

  • A Threat Defense device must reach the associated private resources.

  • Resources associated with a Threat Defense device are shared with other devices with the same FQDN.
6

In the Associate Private Resources dialog box, make the following selections to specify the access policy enforcement and traffic flow for a user:

  • Use Threat Defense device to enforce policy only for on-premises users: From the Use this FTD to enforce policy drop-down list, select the private resources, which a user should be able to access only from an on-premises location.

  • Use Threat Defense device to enforce policy for both on-premises and remote users: From the Always use this FTD to enforce policy drop-down list, select the private resources for which the selected Threat Defense device always enforces policy, regardless of whether the user is located on-premises or is remote.

The following figure shows an example of using a Threat Defense device to enforce access rules for the vftd-quic-app for on-premises users and vftd-amazon-app for all users, whether on-premises or remote.
7

Click Save.

The configurations are applied to the device, and the UZTA Configuration status column for the device displays Synced.

The following figure shows an example.

Configuration status can also be:

  • Syncing—updates to the Threat Defense device are ongoing.

  • Out of sync—modifications to Secure Access configurations are pending update to the Threat Defense device.

  • Failed to sync—configurations were not updated on the Threat Defense device.

To view a detailed and granular status for each resource and rule associated with a Threat Defense device, perform the actions outlined:

  1. Click the numeral in the Associated Resources column.

    In the slide-in pane, under the Associated Resources section, click View resources associated with this FTD.

    The configuration status of each resource is displayed.

  2. Similarly, to check the configuration status of each rule that is enforced by the Threat Defense device, click the numeral in the Rules Enforced column.

    In the slide-in pane, under the Rules Enforced section, click View rules enforced by this Firewall.

    The configuration status of each rule that is enforced is displayed.

Universal ZTNA is now set up for your clients to securely access the private resources in your network.
Previous topic Associate Private Resources with Threat Defense Devices Next topic Assign a Trusted Network to Threat Defense devices