Onboard an FDM-Managed High Availability Pair

To onboard an Secure Firewall Threat Defense HA pair to CDO, you must onboard each device of the pair individually. Once both peers of the pair are onboarded CDO automatically combines them as a single entry in the Inventory page. Onboard the devices using either the device login credentials or a registration key. We recommend onboarding both devices with the same method. Also be aware that if you onboard a device that is in standby mode first, CDO disables the ability to deploy or read from that device. You can only read or deploy to the active device within an HA pair.

Note

CDO strongly recommends onboarding devices with a registration key. Onboarding with a registration key is slightly different for Threat Defense devices running specific versions. See Onboard an FDM-Managed HA Pair Running Version 6.4 or Version 6.5 and Onboard an FDM-Managed HA Pair Running Version 6.6 or Version 6.7 and later for more information.

Before you onboard an Threat Defense HA pair to CDO, review the following:

• Your HA pair is already formed prior to onboarding to CDO.

• Both devices are in a healthy state. The pair could be either primary/active and secondary/standby or primary/standby and secondary/active modes. Unhealthy devices will not successfully sync to CDO.

• Your HA pair is managed by Secure Firewall device manager, not Secure Firewall Management Center.

• Your cloud connector connects to CDO at https://www.defenseorchestrator.com.