Skip to main content



Cisco Defense Orchestrator

Onboard an FTD HA Pair using Username, Password, and IP Address

CDO strongly recommends onboarding FTD devices with a registration key. See Onboard an FTD HA Pair with a Registration Key for more information.

Before You Begin

Before you onboard your FTD HA pair, be sure both devices meet the following requirements: 

  • Your High Availability (HA) pair is already formed prior to onboarding to the Defense Orchestrator.
  • Both devices are in a healthy state. The pair could be either primary/active and secondary/standby or primary/standby and secondary/active modes.  Unhealthy devices will not successfully sync to CDO. 
  • Your HA pair is managed by Firepower Device Manager (FDM), not Firepower Management Center (FMC).
  • Your SDC connects to CDO at

Note: If you onboard a device that is in standby mode first, CDO disables the ability to deploy or read from that device. You can only read or deploy to the active device within an HA pair. 

Onboarding Both Devices in an HA Pair

If you onboard either device of an HA pair with a username and password, you must onboard the other peer device in the same method.

To onboard an FTD HA pair that has been created outside of CDO, follow this procedure:

  1. Onboard one of the peer devices within the HA pair. See Onboard an FTD Using Credentials to onboard the first device.
  2. Once the device is synced, select the device. In the action pane located directly below Device Details, click Onboard Device
  3. In the pop-up window, enter the HA peer's device name and location.
  4. Click Onboard Device. Once both devices are successfully synced to CDO, the HA pair is displayed as a single entity in the Devices & Services page. 


Related Articles

  • Was this article helpful?