Deploy From CDO to your Meraki Device
CDO does not deploy configuration changes directly to a Meraki MX device; deployment is a multi-step process. See the diagram below:
When you log in to CDO to manage policies, configuration changes that you make for an onboarded Meraki MX device are staged in CDO until you decide to deploy them. When you deploy them, CDO pushes the configuration changes to either an on-premise Secure Device Connector (SDC) or the Cisco Cloud SDC. The SDC securely transfers the changes to the Meraki Dashboard and the dashboard then pushes the changes to the Meraki MX device. Note that the API key generated from the Meraki dashboard is communicated to the SDC and not to CDO. CDO does not store or retain any keys, passwords, or credentials. For more information on what the SDC does and how it protects you information, see Secure Device Connector (SDC).
CDO manages firewall policies while Meraki dashboard manages the network the policies are applied to. Both operations affect how traffic flows through the Meraki MX device and how it is processed.
One difference between CDO and the Meraki dashboard is the use of objects. For rules that are created on the Meraki dashboard, CDO takes Meraki IP address groups or IP address ranges and turns them into objects that can be attached or associated to rules and the device policy. When you deploy objects that are created in CDO to Meraki appliances, the Meraki dashboard translates those objects back into IP address groups or ranges. Objects in CDO are unique and versatile since they are compatible with other device platforms; if you have other devices onboarded in CDO, you may be able to create a single object for all your devices. See Objects Associated with Meraki Devices for more information.