Skip to main content

 

 

Cisco Defense Orchestrator

Onboard an FMC

You can onboard a Firepower Management Center (FMC) to CDO. Onboarding an FMC also onboards all of the devices registered to the FMC. 

Be aware that if a managed device is disabled, or unreachable, CDO may display the device in the Device & Services page, but cannot successfully send requests or view device information.

Note: CDO does not support creating or modifying objects or policies associated with the FMC or the devices registered to the FMC. You must make these changes in the FMC. 

Prerequisites

Warning: We recommend creating a new user on the FMC specifically for CDO communication that has administrator-level permissions. If you onboard an FMC and then simultaneously log into that FMC with the same login credentials, onboarding fails.

If you create a new user on the FMC for CDO communication, the Maximum Number of Failed Logins for the user configuration must be set to "0".

Limitations

You cannot onboard the following FMC environments:

  • You must onboard an FMC with admin login credentials. 
  • You cannot bulk onboard FMCs. You must onboard this platform one at a time. 
  • Devices registered to the FMC must be standalone. CDO does not support clustered devices or high availability (HA) pairs. 
  • FMCs running Firepower 6.6 do not support the reconnect feature. We recommend removing the FMC and re-onboarding the appliance. 

 

Onboarding Procedure

To onboard an FMC to CDO, follow this procedure:

  1. From the CDO Navigation Bar, click Devices & Services. 
  2. Click the blue plus button blue_cross_button.png to begin onboarding the device.
  3. Click Firepower Management Center (FMC)
  4. Enter the device name and location. Click Next
  5. Enter the Username and Password of the account credentials you want to use to access the FMC. Click Next
  6. The device is onboarded. From here you can opt to add labels to your FMC, or click Go to Devices & Services to view the page of onboarded devices. If healthy, the FMC is displayed with a Synced status. 

Note:  Note that the devices managed by the FMC are automatically named as "<fmcname>_<manageddevicename>."

 

Related Articles:

  • Was this article helpful?