Skip to main content



Cisco Defense Orchestrator

Troubleshoot Onboarding


  • Check device connectivity with a ping. Try to ping FP management IP address from ASA directly. If the ICMP blocks communication from outside, you will not be able to ping FP management interface from the Internet. cUrl / wget helps to check if FP management interface is accessible on configured IP/Port. 
  • Check ASA and/or ASDM software versions for compatibility. See Hardware and Software Supported by CDO for more information. 
  • Use the ASA logs to identify if CDO traffic is blocked by the ASA. Through SSH, attempts to connect to FP HTTP management interface are logged in /var/log/httpd/httpsd_access_log.

Module Misconfiguration

  • Unsupported configuration. CDO may not be able to support the device's configuration if the module does not meet specific requirements. See ASA prerequisites in Onboard an ASA Device for more information about configuration requirements and certificate support. 

HTTP Authentication

  • CDO issues an token-based SSO to authenticate an ASA device during the onboarding process. A token issue may be caused by attempt to onboard FP module from non-admin context in case of ASA in multi-context mode. Invalid tokens are identified as ASDM SSO logins in /var/log/mojo/mojo.log a


  • Was this article helpful?