Skip to main content



Cisco Defense Orchestrator

Onboard an FTD Using Credentials

This is the simplest method of onboarding a Firepower Threat Defense (FTD) Device. However, the recommended way of onboarding an FTD to CDO is by using a registration key. 

Before Onboarding

Important: Before you onboard an FTD device to CDO, read Onboard an FTD. It lists the general device requirements and onboarding prerequisites needed to onboard a device.

You need the following information to onbaord an FTD using this method:  

  • The device's administrator username and password.
  • The device's IP address of the interface you are using to manage the device. This may be the Management interface, an inside interface, or the outside interface depending on how you have configured your network.
  • The FTD must be managed by Firepower Device Manager (FDM) and configured for local management in order for you to onboard it to CDO. It cannot be managed by Firepower Management Center (FMC). 

Note: If you connect to and your FTD is running software version 6.4, you must use this method. You can only onboard an FTD device running software version 6.5+.

Onboarding Procedure

Use this procedure to onboard an FTD device using only the administrator username and password and the device's Management IP address:

  1. Log in to CDO.
  2. In the navigation pane, click Devices & Services and click the blue plus button blue_cross_button.png to Onboard a device.
  3. Click FTD.

Important: When you attempt to onboard an FTD, CDO prompts you to read and accept the Firepower Threat Defense End User License Agreement (EULA), which is a one-time activity for your tenant. Once you accept the EULA, CDO won't prompt you again to accept it unless the EULA changes. 

  1. On the Onboard FTD Device screen, click Use Credentials.
  2. In the Device Details step:
  • Provide a name for your device. 
  • In the Location field, enter the IP address of the interface you are using to manage the device, hostname, or fully qualified domain name of the FTD. The default port is 443. 

Click Next.

  1. In the Database Updates area, the Immediately perform security updates, and enable recurring updates is enabled by default.
    This option immediately triggers a security update as well as automatically schedules the device to check for additional updates every Monday at 2AM. See Update FTD Security Databases and Schedule a Security Database Update for more information.
    Note: Disabling this option does not affect any previously scheduled updates you may have configured through FDM.
    Click Next.
  2. Enter the device administrator's username and password. Click Next.
  3. If there are pending changes on the device's FDM, you will be notified and you can revert the changes or log in to FDM and deploy the pending changes. If there are no pending changes on FDM, you will not see a prompt.
  4. (Optional) Once the credentials are verified, you're prompted to label the device. See Labels and Label Groups for more information.
  5. Click Go to Devices & Services.
  6. Once the device is onboarded, CDO shows it on the Devices & Services page with a "Synced" status.

Related Topics