ASA File Management

CDO provides the file management tool to help you perform basic file management tasks such as viewing, uploading, or deleting files present on the ASA device's flash (disk0) space.


You cannot manage files present on disk1.

The File Management screen lists all the files present on the device's flash (disk0). On a successful file upload, you can click the refresh icon to see the file. By default, this screen refreshes automatically every 10 minutes. The Disk Space field shows the amount of disk space on the disk0 directory.

You can upload the AnyConnect image to single or multiple ASA devices. After a successful upload, the AnyConnect image is associated with the RA VPN configuration on the selected ASA devices. This helps you to upload the newly released AnyConnect package to multiple ASA devices simultaneously.

Upload File to the Flash System

CDO supports only URL based file upload from the remote server. The supported protocols for uploading the file are HTTP, HTTPS, TFTP, FTP, SMB, or SCP. You can upload any files such as the AnyConnect software images, DAP.xml, data.xml, and host scan image files to a single or multiple ASA device.


CDO doesn't upload the file to selected ASA devices if the remote server's URL path is invalid or for any issues that may occur. You can navigate to the device Workflows for more details.

Suppose the device is configured for High Availability, CDO uploads the file to the standby device first, and only after a successful upload, the file is uploaded to the active device. The same behavior applies during the file removal process.

The syntax of supported protocols for uploading the file:




HTTP http://[[path/ ]filename]
HTTPS https://[[path/ ]filename]
TFTP tftp://[[path/ ]filename] tftp://
FTP ftp://[[user[:password]@]server[:port]/[path/ ]filename] ftp://'dlpuser:rNrKYTX9g7z3RgJRmxWuGHbeu'
SMB smb://[[path/ ]filename] smb://
SCP scp://[[user[:password]@]server[/path]/ filename] scp://root:cisco123@

Before You Begin

  • Make sure that the remote server is accessible from the ASA device.

  • Make sure that the file is already uploaded to the remote server.

  • Make sure that there is a network route from the ASA device to that server.

  • If FQDN is used in the URL, make sure that DNS is configured.

  • The remote server's URL must be a direct link without prompting for authentication.

  • If the remote server IP address is NATed, you have to provide the NATed public IP address of the remote server location.


If you upload a file to an ASA that is configured as a peer in a failover, CDO does not acknowledge the new file for the other peer in the failover pair and the device status changes to Not Synced. You must manually deploy changes to both devices for CDO to recognize the file in both devices.