Skip to main content



Cisco Defense Orchestrator

What's New for Cisco Defense Orchestrator

Follow Cisco Defense Orchestrator on YouTube.

March 25, 2021

Cisco Security Analytics and Logging Availability in APJC

Cisco Security Analytics and Logging is now available in the Asia (APJC) region through the newly commissioned Tokyo data store. Security Analytics-enabled accounts will have access to the Cisco Stealthwatch Cloud service in Sydney, Austraila for security-related alerting. With this, the Asia region has been brought up to par with capabilities available in the Americas and EU regions. See the Cisco Security Analytics and Logging Ordering Guide for more information.

March 18, 2021 

EtherChannel Interface Support

CDO now supports EtherChannel interface configuration on supported models running Firepower Version 6.5 and later, such as the Firepower 1010, 1120,1140,1150, 2110, 2120, 2130, 2140. EtherChannel is a port link aggregation technology or port-channel architecture that allows the grouping of several physical Ethernet links to create one logical Ethernet link for the purpose of providing links between switches, routers and servers.

Note that the configuration that you apply to the physical ports affects only the LAN port where you apply the configuration. For more information about device support and configuration limitations, see Guidelines and Limitations for Firepower Interface Configuration for more information.

March 15, 2021

ASA Remote Access VPN Support

CDO now allows creating Remote Access Virtual Private Network (RA VPN) configuration on Adaptive Security Appliance (ASA) devices to enable remote users to connect to the ASA and securely access the remote network. It also allows managing the RA VPN settings that have already been configured using other ASA management tools, such as the Adaptive Security Defense Manager (ASDM) or Cisco Security Manager (CSM).

AnyConnect is the only client that is supported on endpoint devices for RA VPN connectivity.

CDO supports the following aspects of RA VPN functionality on ASA devices:

  • SSL client-based remote access
  • IPv4 and IPv6 addressing
  • Shared RA VPN configuration across multiple ASA devices

See Configuring Remote Access VPN for an ASA for more information.

ASA File Management Support

CDO provides the File Management tool for performing basic file management tasks such as viewing, uploading, or deleting files present on the ASA device's flash (disk0) space. Using this tool, you can upload any files such as the AnyConnect software images, DAP.xml, data.xml, host scan image files to a single or multiple ASA device using URL-based file upload from the remote server.

This tool helps you to upload the newly released AnyConnect image to multiple ASA devices simultaneously.  

See ASA File Management for more information.


February 11, 2021

Multiple Secure Device Connector Support

You can now deploy more than one on-premises Secure Device Connector (SDC) for your tenant. This allows you to manage more devices with CDO and maintain communication performance between CDO, your SDCs, and your managed devices.

You can move managed ASA, AWS VPC, and Meraki MX devices from one SDC to another. 

Having multiple SDCs also allows you to use one CDO tenant to manage devices in isolated network segments. Do this by assigning all managed devices in the isolated network segment to a single SDC. 

See Using Multiple SDCs on a Single CDO Tenant for more information. 

January 21, 2021

FMC Object Reading

Now when you onboard an FMC to CDO, CDO imports the objects from the FMC-managed FTD devices. Once imported to CDO, the objects are read-only. Though the FMC objects are read-only, CDO allows you to apply a copy of the objects to other devices on your tenant that are not managed by the FMC. The copy is disassociated from the original object so you can edit the copy without changing the value of the object that was imported from the FMC. FMC objects can be used on any device you manage that support that object type.  See FMC Objects for more information. 

January 14, 2021

Exporting CLI Command Results

You can export the results of CLI commands issued to a standalone device, or several devices, to a comma separated value (.csv) file so you can filter and sort the information in it however you like. You can export the CLI results of a single device, or many devices at once. See Export CLI Command Results for more information. 

Configuring Cloud Services for your FTD Devices

Connecting to the Cisco Success Network and configuring which events are sent to the Cisco cloud are features that can be configured on FTD devices running software version 6.6 or higher.   

Cisco Success Network

By enabling Cisco Success Network, you are providing usage information and statistics to Cisco to improve the FTD and to make you aware of unused or additional features that will help you maximize the value of Cisco products in your network. When you enable the Cisco Success Network, your device establishes a secure connection to the Cisco Cloud and maintains this secure connection at all times. See Connecting to the Cisco Success Network for more information. 

Send Events Directly to Cisco Cloud

You can now specify which types of events you send from your FTD directly to the Cisco cloud. Once stored in the Cisco cloud, you can use cloud applications, such as Cisco Threat Response, to analyze the events and to evaluate threats that the device might have encountered. See Sending Events to the Cisco Cloud for more information.

Web Analytics

Enabling web analytics provides anonymous product usage information to Cisco based on page hits. The information includes pages viewed, the time spent on a page, browser versions, product version, device hostname, and so forth. This information can help Cisco determine feature usage patterns and improve the product. All usage data is anonymous and no sensitive data is transmitted. See Enabling or Disabling Web Analytics for more information. You can use CDO to configure this feature on all versions of FTD. 

January 7, 2021

FTD HA Pair Onboarding

CDO has enhanced the process of onboarding an FTD HA pair. Once you onboard one of the HA peers with either the registration token method or the login credentials method, CDO automatically detects that the corresponding peer is not onboarded yet and prompts you to take action. The improvement minimizes the effort required to onboard both devices, shortens how long it takes to onboard the peer device, and reuses any registration keys or smart license tokens you may have used to onboard the first device. See Onboard an FTD HA Pair with a Registration Key or Onboard an FTD HA Pair using Username, Password, and IP Address respectively for more information. 

You can onboard either the active or the standby device, and once synced, CDO will always detect that the device is part of an HA pair. 

Note: We strongly recommend onboarding your FTD devices with the registration token method.