Onboarding an Firepower Management Center (FMC) also onboards all of the devices registered to the FMC.
Be aware that if a managed device is disabled, or unreachable, CDO may display the device in the Device & Services page, but cannot successfully send requests or view device information.
Note: CDO does not support creating or modifying objects or policies associated with the FMC or the devices registered to the FMC. You must make these changes in the FMC.
- Caution: We recommend creating a new user on the FMC specifically for CDO communication that has administrator-level permissions. If you onboard an FMC and then simultaneously log into that FMC with the same login credentials, onboarding fails.
- If you create a new user on the FMC for CDO communication, the Maximum Number of Failed Logins for the user configuration must be set to "0".
- Review Connect Cisco Defense Orchestrator to Your Managed Devices.
These are the limitations applicable to onboarding an FMC:
- You must onboard an FMC with administrator login credentials.
- You cannot bulk onboard FMCs. You must onboard this platform one at a time.
- Devices registered to the FMC must be standalone. CDO does not support clustered devices or high availability (HA) pairs.
- FMCs running Firepower 6.6 do not support the reconnect feature. We recommend removing the FMC and re-onboarding the appliance.
To onboard an FMC to CDO, follow this procedure:
- From the CDO Navigation Bar, click Devices & Services.
- Click the blue plus button to begin onboarding the device.
- Click FMC (Firepower Management Center)
- Click the Secure Device Connector button and select a Secure Device Connector installed in your network. If you would rather not use an SDC, CDO can connect to your FMC using the Cloud Connector. Your choice depends on how you connect CDO to your managed devices.
- Enter the device name and location. Click Next.
- Enter the Username and Password of the account credentials you want to use to access the FMC. Click Next.
- The device is onboarded. From here you can opt to add labels to your FMC, or click Go to Devices & Services to view the page of onboarded devices. If healthy, the FMC is displayed with a Synced status.
Note: Note that the devices managed by the FMC are automatically named as "<fmcname>_<manageddevicename>."