Onboard an FDM-Managed HA Pair Running Threat Defense Version 6.6 or Version 6.7 and later

To onboard an FDM-managed HA pair running threat defense version 6.6 or 6.7, you must onboard the device one at a time. It does not matter if you onboard the active or standby, the primary or secondary device.

Note

If you onboard either device of an HA pair with a registration key, you must onboard the other peer device in the same method.

Use the following steps for onboard an HA pair running version 6.6 or 6.7:

Procedure

Step 1

Onboard a peer device. See Onboard an FDM-Managed Device Running Software Version 6.6+ Using a Registration Key

Step 2

In the navigation pane, click Inventory.

Step 3

Click the Devices tab to locate your device.

Step 4

Click the FTD tab. Once the device is synced, select the device so it is highlighted. In the action pane located directly below Device Details, click Onboard Device.

Step 5

Enter the HA Peer Device Name for the peer device that has already been onboarded. Click Next.

Step 6

If you provided a smart license for the first device, CDO repopulates that license so you can use it for onboarding this current device. Click Next.

Step 7

CDO automatically generates that registration key for the device you are preparing to onboarding. Click the Copy icon to copy the registration key.

Step 8

Log into the Secure Firewall device manager UI of the device you want to onboard to CDO.

Step 9

Under System Settings, click Cloud Services.

Step 10

In the Enrollment Type area, click Security/CDO Account.

Note

For devices running version 6.6, note that the Tenancy tab for CDO is titled Security Account and you must manually enable CDO in the Secure Firewall device manager UI.

Step 11

In the Region field, select the Cisco cloud region that your tenant is assigned to:

  • If you log in to apj.cdo.cisco.com, choose APJ.

  • If you log in to aus.cdo.cisco.com, choose Australia.

  • If you log in to defenseorchestrator.eu, choose EU.

  • If you log in to in.cdo.cisco.com, choose India.

  • If you log in to defenseorchestrator.com, choose US.

Step 12

In the Registration Key field, paste the registration key that you generated in CDO.

Step 13

For devices running version 6.7 or later in the Service Enrollment area, check Enable Cisco Defense Orchestrator.

Step 14

Review the information about the Cisco Success Network Enrollment. If you do not want to participate, uncheck the Enroll Cisco Success Network check box.

Step 15

Click Register and then Accept the Cisco Disclosure. FDM sends the registration request to CDO.

Step 16

Return to CDO, in the Create Registration Key area, click Next.

Step 17

In the Smart License area, you can apply a smart license to the FDM-managed device and click Nextor you can click Skip to continue the onboarding with a 90-day evaluation license or if the device is already smart-licensed. For more information, see Updating an Existing Smart License of an FDM-Managed Device.

Note

If your device is running version 6.6, you need to manually enable communication to CDO. From the device's FDM-managed UI, navigate to System Settings > Cloud Services and, in the Cisco Defense Orchestrator tile, click Enable.

Step 18

Return to CDO, click Go to Inventory. CDO automatically onboards the device and combines them as a single entry. Similar to the first peer device you onboard, the device status changes from "Unprovisioned" to "Locating" to "Syncing" to "Synced."