Skip to main content

 

 

Cisco Defense Orchestrator

Onboard a Firepower Threat Defense High Availability Pair

Onboarding Scenario 

  • Your High Availability (HA) pair is already formed prior to onboarding to the Defense Orchestrator.
  • Both devices are in a healthy state. The pair could be either primary/active and secondary/standby or primary/standby and secondary/active modes.
  • Your HA pair is managed by FDM, not FMC. If your HA pair is managed by FMC, you must break HA and reimage both devices to be remotely managed by FDM. 
  • Your SDC connects to CDO at https://www.defenseorchestrator.com.

Onboarding Procedure

To onboard an FTD HA pair that has been created outside of CDO, follow this procedure:

  1. Onboard either the primary or the secondary device first. To onboard an FTD device, see Onboard a Firepower Threat Defense Device Using Username, Password, and IP Address.

CDO issues a CHECK_AND_INITIATE_HA_PEER_COMBINE request during the onboard process and detects that this device is configured for HA. 

Note: If you onboard a device that is in standby mode first, CDO disables the ability to deploy or read from that device. You can only read or deploy to the active device within an HA pair. 

  1. Onboard the other device within the pair. 

CDO issues the CHECK_AND_INITIATE_HA_PEER_COMBINE request during the onboard process and detects that this device is configured for HA. CDO then pushes an ftdHAPeerDeviceCombineStateMachine request to combine and synchronize the devices into a pair. The combined pair is displayed as primary <device name> / secondary <device name>. 

  1. Once both devices are successfully synched to CDO, the Devices & Services page displays the HA pair as a single entity. 

 

Related Articles

  • Was this article helpful?