Onboard an On-Prem Management Center
Review Connect Cisco Defense Orchestrator to your Managed Devices for more information.
Note | CDO does not support creating or modifying objects or policies associated with the On-Prem Management Center or the devices registered to the On-Prem Management Center. You must make these changes in the On-Prem Management Center UI. |
Limitations and Guidelines
These are the limitations applicable to onboarding an On-Prem Management Center:
-
You can onboard an On-Prem Management Center to CDO. Onboarding an On-Prem Management Center also onboards all of the devices registered to the On-Prem Management Center. Be aware that if a managed device is disabled, or unreachable, CDO may display the device in the Inventory page, but cannot successfully send requests or view device information.
-
We recommend creating a new user on the On-Prem Management Center specifically for CDO communication that has administrator-level permissions. If you onboard an On-Prem Management Center and then simultaneously log into that On-Prem Management Center with the same login credentials, onboarding fails.
-
If you create a new user on the On-Prem Management Center for CDO communication, the Maximum Number of Failed Logins for the user configuration must be set to "0".
Network Requirements
Before you onboard a device, ensure the following ports have external access. If communication ports are blocked behind a firewall, onboarding the device may fail.
Port | Protocol/Feature | Platforms | Direction | Details |
---|---|---|---|---|
7/UDP | UDP/audit logging | Management Center | Outbound | Verify connectivity with the syslog server when configuring audit logging. |
53/tcp 53/udp |
DNS |
Outbound |
DNS |
|
67/udp 68/udp |
DHCP |
Outbound |
DHCP |
|
123/udp |
NTP |
Outbound |
Synchronize time. |
|
162/udp |
SNMP |
Outbound |
Send SNMP alerts to a remote trap server. |
|
389/tcp 636/tcp |
LDAP |
Outbound |
Communicate with an LDAP server for external authentication. Obtain metadata for detected LDAP users (Management Center only). Configurable. |
|
443/tcp |
HTTPS |
Management Center |
Inbound |
Allow inbound connection to port 443 if you are onboarding the management center with an on-premises Secure Device Connector. |
443/tcp |
HTPS |
Management Center |
Outbound |
Allow outbound traffic from port 443 if onboarding the management center to CDO using the cloud connector. |
443/tcp |
HTPS |
Management Center |
Outbound |
Allow outbound connection for port 443 if onboarding the management center using SecureX. |
443/tcp |
HTTPS |
Outbound |
Send and receive data from the internet. |
|
514/udp |
Syslog (alerts) |
Outbound |
Send alerts to a remote syslog server. |
|
1812/udp 1813/udp |
RADIUS |
Outbound |
Communicate with a RADIUS server for external authentication and accounting. Configurable. |
|
8305/tcp |
Appliance communications |
Both |
Securely communicate between appliances in a deployment. Configurable. If you change this port, you must change it for all appliances in the deployment. We recommend you keep the default. |