Migrate Secure Firewall Threat Defense from Secure Firewall Management Center to Cloud

Cisco Defense Orchestrator allows a user with CDO Admin rights to migrate the threat defense devices from the management center to the cloud.

Before initiating the migration process on the threat defense devices, the management center associated with those devices must already be onboarded to CDO.

On migrating the threat defense to the cloud, CDO onboards the devices and imports all shared policies and associated objects, device-specific policies, and device configuration from the management center to CDO.


CDO handles all duplicate policy and object names that are identified during the management center migration process. This behavior is explained in detail later in this document.

The events and analytics management can be transferred to CDO or retained with the management center.

Once you perform the migration, you have 14 days to evaluate your changes. The evaluation period allows you to modify or change specific actions or change the management of these devices back to the management center. After the evaluation period, you cannot revert any changes.