Cisco

How search works in the Security Help Center:

  • The most relevant topics (based on weighting and matching to search terms) are listed first in the search results by default
  • Common Boolean operations are supported
  • Use double quotes to find a phrase (“specific phrase”)
  • Apply facets on the Search Results page to further scope search results by category
Login

Log In to the Cisco Security Documentation Portal

Search

Cisco Multicloud Defense User Guide

  • Multicloud Defense User Guide
    • About Multicloud Defense
      • About Multicloud Defense
        • Multicloud Defense Naming Conventions
        • Supported Regions
        • Recommended Versions of Multicloud Defense Components
          • Third Party Product Support and Versioning
        • Multicloud Defense in Cisco Security Cloud Control
      • Multicloud Defense Components
      • Multicloud Defense Controller Dashboard
        • My Profile Information
      • Multicloud Defense 90-Day Free Trial
  • Setup with the Multicloud Defense Wizard
    • Setup with the Multicloud Defense Wizard
      • Connect Cloud Account
        • Connect An AWS Account
        • Connect Azure Account
        • Connect Google Cloud Platform Account
        • Connect to an OCI Account
          • Prepare Your OCI Account
          • Connect Oracle Account
      • Enable Traffic Visibility
        • Enable Traffic for an AWS Account
        • Enable Traffic for an Azure Account
        • Enable Traffic for a GCP Project
      • Secure Your Account
        • Centralized Model: Add a VPC or VNet
        • Distributed Model
          • Azure Distributed Model: Create a Gateway
  • Account Onboarding
    • AWS
      • AWS Overview
      • Connect AWS Account to Multicloud Defense Controller from the Multicloud Defense Dashboard
        • CloudFormation Outputs
        • Roles Created by Multicloud Defense
          • MCDControllerRole
          • MCDGatewayRole
          • MCDInventoryRole
          • InventoryMonitorRule
    • Azure
      • Prepare Your Azure Account
        • Register Application in Microsoft Entra ID
        • Create a custom role to assign to the Application
        • Connect an Azure Subscription to the Multicloud Defense Controller from the Multicloud Defense Dashboard
        • Accept Marketplace Terms
      • Connect an Azure Subscription to the Multicloud Defense Controller from the Multicloud Defense Dashboard
        • VNet Route Tables for your Azure Subscription
        • Roles Created by Multicloud Defense
          • Azure IAM Roles
      • Post-Onboarding Procedures
        • Azure VNet Setup
          • Subnets
          • Security Groups
          • Launch ARM Template
    • GCP
      • GCP Overview
        • Overview of Creating a GCP Controller Service Account
        • Create a GCP Firewall Service Account
      • Connect a GCP Project to the Multicloud Defense Controller from the Multicloud Defense Dashboard
        • Roles Created by Multicloud Defense
          • GCP IAM Roles
    • OCI
      • Prepare Your OCI Account
      • Connect the Oracle OCI Tenant to the Multicloud Defense Controller from the Multicloud Defense Dashboard
    • Remove a Cloud Service Provider From Multicloud Defense
      • Delete a GCP Project From Multicloud Defense
      • Delete an AWS Account From Multicloud Defense
      • Delete an Azure Account From Multicloud Defense
      • Delete an OCI Account From Multicloud Defense
  • Secure Your AI Assets with AI Defense
    • AI Defense
      • AI Defense Integration with Multicloud Defense
  • Discovery
    • Asset and Inventory Discovery
      • Discovery Summary
      • Inventory
        • Applications
        • Discovered Assets
        • Enable Asset Discovery and Inventory
      • Security Insights
        • Types of Security Insights
          • Security Groups
          • Application Security Groups
          • Network ACL
          • Subnets
          • Route Tables
          • Network Interfaces
          • VPCs\VNets
          • Applications
          • Load Balancers
          • Instances
          • Tags
          • Certificates
          • Topology
          • Insights
      • Rules and Findings
        • Rules and Findings
        • Pre-Defined Rules
        • Custom Rules
        • Findings
  • Multicloud Defense Gateway
    • The Multicloud Defense Gateway and Service VPCs or VNets
      • Supported Gateway Use Cases
        • Secure Firewall Threat Defense Virtual
        • Multicloud Defense Egress Gateways
        • Multicloud Defense Ingress Gateways
        • Multicloud Defense East-West Gateways
        • Multicloud Defense Distributed Gateways
        • Gateways Deployed in Centralized / Hub Mode
        • Advanced Gateway Configuration: Use Your Own Load Balancer
      • Configure Service VPCs and Service VNets
        • Create a Service VPC or VNet
        • Secure Spoke VPC or VNet
          • Manage the Service VPC/VNet
          • Export a Spoke VPC or VNet
          • Delete a Spoke VPC or Vnet
      • Configure Your Gateway
        • Before You Begin
          • Resources Created by Multicloud Defense
        • Add a Multicloud Defense Gateway
        • Create an FTDv Gateway
        • Edit a Multicloud Defense Gateway
        • Upgrade the Multicloud Defense Gateway
        • Upgrade Your Threat Defense Virtual Device
        • Abort a Multicloud Defense Gateway
        • Enable a Multicloud Defense Gateway
        • Disable a Multicloud Defense Gateway
        • Export a Multicloud Defense Gateway
        • Delete a Multicloud Defense Gateway
        • Protect Multiple Servers with Ingress Gateways
    • Site-to-Site VPN Tunnel Connection
      • Prerequisites and Limitations for Site-to-Site VPN Tunnels
      • Enable VPN Within the Gateway
      • Create a Site-to-Site VPN Connection
      • Edit a Site-to-Site VPN Tunnel
      • Clone a Site-2-Site VPN Tunnel Connection
      • Delete a VPN Tunnel Connection
    • Bring Your Own VPC into Multicloud Defense
      • Bring Your Own VPC
      • Guidelines to Configure Bring Your Own VPC
      • Bring Your Own VPC Into Multicloud Defense
      • Deploy the Multicloud Defense Gateway
      • Protect Egress Forwarding Proxy for Subnets
      • Troubleshooting For Bring Your Own VPC
    • Configure a Virtual Network Connection for Azure Virtual WAN
      • Overview of Virtual WAN
      • Guidelines for Virtual WAN Connections to Azure vHub
      • Create Service VPC with Virtual WAN Attachment
      • Modify Service VPC with Virtual WAN Attachment
  • Security Policies
    • Policy Objects
      • Objects Overview
      • How to Tag Object Resources
      • Add a Tagged Object to a Policy
      • Address Objects
        • Address Objects
          • Src/Dest
            • Dynamic Cloud Constructs
            • Geo IP
            • Group
            • Source or Destination Address Object Parameters
          • Reverse Proxy Target Address Object
            • Reverse Proxy Target Address Object Parameters
          • System Objects
        • Create a Source/Destination Address Object
        • Create a Reverse Proxy Target Address Object
        • Edit Address Objects
        • Clone Address Objects
        • Delete Address Object
        • View Details
      • FQDN Objects
        • FQDN Match Object
          • Standalone vs. Group
          • Create Standalone FQDN Match Object
          • Create Group FQDN Match Object
          • Associate the Object
          • Block an FQDN Match Object
      • Service Objects
        • Reverse Proxy Service Object (Ingress)
        • Forward Proxy Service Object (Egress / East-West)
        • Forwarding Service Object (Egress / East-West)
    • Rules and Rule Sets
      • Policy Management
        • Policy Rule Set Gateway and Management
      • Rules
      • Rule Sets and Rule Set Groups
        • Create Policy Rule Set
        • Create a Rule in a Rule Set
          • Add or Edit a Forwarding Rule in a Rule Set
          • Add or Edit a Reverse Proxy Rule in a Rule Set
          • Add or Edit a Forward Proxy Rule in a Rule Set
          • Disable, Edit, Clone, or Delete Rules in a Rule Set
        • Create a Policy Rule Set Group
    • Objects
      • About the Multicloud Defense Connector
      • Import Objects From Security Cloud Control
    • Address Objects
      • Address Objects
        • Src/Dest
          • Dynamic Cloud Constructs
          • Geo IP
          • Group
          • Source or Destination Address Object Parameters
        • Reverse Proxy Target Address Object
          • Reverse Proxy Target Address Object Parameters
        • System Objects
      • Create a Source/Destination Address Object
      • Create a Reverse Proxy Target Address Object
      • Edit Address Objects
      • Clone Address Objects
      • Delete Address Object
      • View Details
    • FQDN Objects
      • FQDN Match Object
        • Standalone vs. Group
        • Create Standalone FQDN Match Object
        • Create Group FQDN Match Object
        • Associate the Object
        • Block an FQDN Match Object
    • Service Objects
      • Reverse Proxy Service Object (Ingress)
      • Forward Proxy Service Object (Egress / East-West)
      • Forwarding Service Object (Egress / East-West)
    • Certificates and Keys
      • Certificates and Keys
        • Import Certificate
        • AWS - KMS
        • AWS - Secrets Manager
        • Azure Key Vault
        • GCP - Secret Manager
      • Server Certificate Validation
        • Server Certificate Validation in the TLS Decryption Profile
        • Server Certificate Validation in the FQDN Service Object
        • Certificate for Custom Root CA
    • Certificate and Keys Tech Notes
      • Generate a Self-Signed Root CA
      • Generate a Certificate Signed by your Self-Signed Root CA
      • Generate an Intermediate CA Signed by Your Root CA
      • App Certificate signed using the Intermediate CA
      • Install Root CA as Trusted CA on the Hosts
  • Traffic Discovery and Visiblilty
    • Types of Traffic
      • Enable DNS Logs
        • AWS: Enable DNS Logs
        • GCP: Enable DNS Logs
        • Azure: DNS Logs
      • Enable VPC Flow Logs
        • AWS: Enable VPC Flow Logs
        • GCP: Enable VPC Flow Logs
        • Azure: Enable NSG Flow Logs
  • Profiles for Security and Gateway
    • Security Profiles
      • Decryption Profile
        • Create a Decryption Profile
      • Network Intrusion (IDS/IPS) Profile
        • Create an IPS/IDS Profile
      • Data Loss Prevention (DLP) Profile
        • Create a Data Loss Prevention Profile
      • Anti-Malware Profile
        • Create an Anti-Malware Profile
      • Web Application Firewall (WAF) Profile
        • Create WAF Profile
          • Event Filtering
      • Layer 7 DOS
        • Create L7 DoS Profile
      • URL (Uniform Resource Locator) Filter Profile
        • Create the URL Filtering Profile
      • Fully Qualified Domain Name Filter Profile
        • Create a Standalone FQDN Filter Profile
        • Create a Group FQDN Filter Profile
      • Malicious IP Profile
        • Create a Malicious IP Profile
        • IP Reputation
      • (Preview Only) Identity Profile
        • Create an Identity Profile
      • (Preview Only) User Profile
        • Create a User Profile
      • AI Guardrails Profile
        • Create an AI Guardrails Profile
    • Gateway Profiles
      • Packet Capture Profile
        • Create a Packet Capture Profile
      • Log Forwarding Profile
        • Create a Standalone Log Forwarding Profile
        • Create a Log Forwarding Group
      • Gateway Metrics Forwarding Profile
        • Create a Standalone Metrics Forwarding Profile
        • Create a Group Metrics Forwarding Profile
      • (Preview Only) Network Packet Broker Profile
        • Create Network Packet Broker Profile
      • Network Time Protocol Profile
        • Create a Profile
      • IPSec Profile
        • Create an IPSec Profile
      • BGP Profile
        • Create a BGP Profile
    • Profile Actions
      • View a Profile Details
      • Edit a Standalone Metrics Forwarding Profile
      • Edit a Group Profile
      • Add a Gateway Association to a Profile
      • Remove a Gateway Association
      • Delete a Profile
    • FQDN and URL Filtering Categories
      • FQDN / URL Filtering Categories
      • Malicious Categories
      • Full List of Categories
      • Associating a Filtering Profile with a Policy Ruleset Rule
      • Cisco Talos Intelligence URL / IP Lookup Tool
  • Investigate and Analysis
    • Flow Analytics
      • Flow Analytics - Traffic Summary
      • Flow Analytics - All Events
        • Event Logs
      • Firewall Events
      • Network Threats
      • Web Attacks
      • URL Filtering
      • FQDN Filtering
      • HTTPS Logs
      • VPN Logs
      • EndUser Logs
      • HTTP2 Logs
      • AI Guardrails Logs
    • Network Analytics
      • Stats
        • Total Bandwidth
        • CPU Usage
        • Memory Usage
        • Connection Rate
        • HTTP Request Rate
    • System Status
      • Audit Logs
        • Search Filter
      • System Logs
        • Search Filter
  • Threat Research
    • Threat Research
      • Network Intrusion
      • Web Protection
      • Malicious Sources
  • Cloud Visibility Reports
    • Cloud Visibility Reports
      • Generate a Discovery Report
      • Generate a Threat And Cloud Analytics Report
  • Alerting and Log Forwarding
    • Alerting Overview
      • Alert Services Overview
    • Alert Destinations / SIEMs
      • Datadog
        • Create an Alert Profile Service
        • Create an Alert Rule
      • Microsoft Sentinel
        • Create an Alert Profile Service
        • Create an Alert Rule
      • PagerDuty
        • Create an Alert Profile Service
        • Create an Alert Rule
      • ServiceNow
        • Create an Alert Rule
        • Create an Alert Profile Service
      • Slack
        • Create a Slack Alert Rule
        • Create an Alert Profile Service
      • Microsoft Teams
        • Create a Microsoft Teams Alert Profile Service
        • Create a Microsoft Teams Service Rule
      • Webex
        • Create an Alert Profile Service
        • Create an Alert Rule
      • Splunk
        • Create a Splunk Profile Service
        • Create a Splunk Rule
    • Log Forwarding Overview
      • Security Events and Traffic Logs
        • Create a Standalone Event or Traffic Log Profile
        • Edit a Standalone Event or Traffic Log Profile
        • Create a Group Event or Traffic Log Profile
        • Edit a Group Event or Traffic Log Profile
        • View an Event or Traffic Log Forwarding Profile
        • Delete an Event or Traffic Log Profile
      • Discovery Logs
        • Create a Standalone Discovery Log Profile
        • Edit a Standalone Discovery Log Profile
        • Create a Group Discovery Log Profile
        • Edit a Group Discovery Log Profile
        • View a Discovery Log Profile Details
        • Add a Discovery Log Profile with a Cloud Account
        • Remove a Discovery Log Profile from a Cloud Account
        • Delete a Discovery Log Profile
      • Gateway Metrics Forwarding Profile
        • Create a Standalone Metrics Forwarding Profile
        • Edit a Standalone Metrics Forwarding Profile
        • Create a Group Metrics Forwarding Profile
        • Edit a Group Profile
        • Delete a Metrics Forwarding Profile
      • Add an Event, Traffic Log Forwarding Profile, or Metrics Forward Profile to a Gateway
      • Remove an Event, Traffic Log Forwarding Profile, or Metrics Forward Profile from a Gateway
    • Log Forwarding Destinations / SIEMs
      • AWS S3 Bucket
      • Datadog
      • GCP Logging
      • Microsoft Sentinel
      • Splunk
      • Sumo Logic
      • Syslogs
      • Webhook
  • Administration
    • Management
      • Management
        • API Keys
          • Create an API Key in Multicloud Defense
          • Delete an API Key from Multicloud Defense
        • Account Level Settings
          • Application Tags
            • Create an Application Tag
            • Edit an Application Tag
            • Delete an Application Tag
          • Custom Tags
            • Create a Custom Tag
            • Edit a Custom Tag
            • Delete a Custom Tag
        • System
        • Metering
      • Alert Profiles
        • Services
          • Create a Service
          • Edit a Service
          • Clone a Service
          • Export a Service
          • Delete a Service
        • Alerts
          • Create an Alert
          • Edit an Alert
          • Clone an Alert
          • Export an Alert
          • Delete an Alert
  • Manage Your Multicloud Defense Account
    • Manage Your Multicloud Defense Account
      • Account (Multicloud Defense Tenant)
      • User Roles in Security Cloud Control
        • Roles in Multicloud Defense
    • Cloud Accounts
      • Cloud Accounts
        • Add Account
        • Manage Inventory
        • Edit a Cloud Account
        • Update Log Profile for a Cloud Account
        • Export a Cloud Account
        • Delete a Cloud Account
      • Inventory
  • Certificates and Awards
  • Troubleshoot Your Account
    • Troubleshoot Connecting Your Account
      • Manually Onboard an Account
        • Manually Onboard a GCP Project
          • GCP Overview
          • Service Accounts
            • Create Multicloud Defense Controller Service Account Using GCP Cloud Console
            • Create a Multicloud Defense Firewall Service Account Using the GCP Cloud Console
          • Enable API
            • Enable API-Using the GCP Cloud Console
          • VPC Setup
            • VPC and Subnets
              • Sample VPC and Subnets using CLI
            • Network Tags (for GCP Gateways)
          • Gateway Creation
        • Manually Onboard an Azure Subscription
          • (Optional) User-assigned Managed Identity for Key Vault and Blob Storage access
          • Register Application in Microsoft Entra ID
          • Create a custom role to assign to the Application
            • Required Values For Multicloud Defense Controller Onboarding
          • Accept Marketplace Terms
      • Graceful Termination of Connections
      • Terraform Onboarding Scripts for Cloud Accounts
        • About Terraform
        • Terraform Repository
        • Exporting Configuration as Terraform Block

Multicloud Defense Gateway The Multicloud Defense Gateway and Service VPCs or VNets Supported Gateway Use Cases

Last updated: Jul 03, 2025

Supported Gateway Use Cases

Previous topic The Multicloud Defense Gateway and Service VPCs or VNets Next topic Secure Firewall Threat Defense Virtual
© 2025 Cisco System, Inc.
Privacy policyTerms of Service