About Migrating Threat Defense to Cloud-delivered Firewall Management Center

Cisco Defense Orchestrator admin users can migrate threat defense devices to the cloud-delivered Firewall Management Center from on-prem management centers running Version 7.2 or later. In addition, you can migrate devices to the cloud-delivered Firewall Management Center from an on-prem management center 1000/2500/4500, we support a temporary upgrade from Version 7.0 to Version 7.4.

Before initiating the migration process, it is important to upgrade the on-prem management center models to a CDO-supported version and onboard it to CDO. Only after this step, you can proceed with migrating the devices that are associated with the on-prem management center.

You have a 14-day evaluation period to review and assess the migration changes that are made to the threat defense devices before CDO automatically commits them. During this evaluation period, if you are not satisfied with the changes, you can either undo the changes and continue managing the device with the on-prem management center or commit the migration changes. It's important to note that after the evaluation period expires, CDO will automatically commit the changes, and it will no longer be possible to undo them.

After migrating the devices, the cloud-delivered Firewall Management Center onboards the threat defense devices and imports all shared policies and associated objects, device-specific policies, and device configuration from the on-prem management center to the cloud-delivered Firewall Management Center. In addition, the devices can be found in CDO's Inventory page.


Cloud-delivered Firewall Management Center handles all duplicate policy and object names that are identified during the on-prem management center migration process. This behavior is explained in detail later in this document.

User Roles

The user roles of the on-prem management center are no longer applicable in CDO after migration. Your authorization to perform tasks on the migrated device is based on your user role in CDO. See the Users topic to understand the on-prem management center and cloud-delivered Firewall Management Center user role mapping.