Onboard an FDM-Managed Device Running Software Version 6.4 or 6.5 Using a Registration Key
This procedure describes how to onboard an FDM-managed device using a registration key. This method is the recommended way of onboarding the FDM-managed device to Cisco Defense Orchestrator and is beneficial if your FDM-managed device is assigned an IP address using DHCP. If that IP address changes for some reason, your FDM-managed device remains connected to CDO. Additionally, your FDM-managed device can have an address on your local area network, and as long as it can access the outside network, it can be onboarded to CDO using this method.
Warning | If you already have a SecureX or Cisco Threat Response (CTR) account, you will need to merge your CDO tenant and SecureX/CTR account in order for your devices to be registered with SecureX. Until your accounts are merged, you will not be able to see your device's events in SecureX or benefit from other SecureX features. We strongly recommend merging your accounts before you create a CDO module in SecureX. Your accounts can be merged through the SecureX portal. See Merge Accounts for instructions. |
Before Onboarding
-
For customers running version 6.4, this method of onboarding is only supported for the US region (defenseorchestrator.com).
-
For customers running version 6.4, and connecting to the EU region (defenseorchestrator.eu), they must onboard their device using its device username, password, and IP address.
-
Customers running version 6.5 or later, and connecting either to the US, EU, or APJC region (apj.cdo.cisco.com) regions can use this method of onboarding.
-
Review Connect Cisco Defense Orchestrator to your Managed Devices for the networking requirements needed to connect CDO to yourFDM-managed device.
-
Make sure your device is managed by Secure Firewall device manager, not Secure Firewall Management Center.
-
Devices running version 6.4 and 6.5 must not be registered with Cisco Smart Software Manager before onboarding them with a registration key. You will need to unregister the smart licenses of those FDM-managed devices before onboarding them to CDO. See "Unregistering a Smart-licensed Firewall device manager" below.
-
The device may be using a 90-day evaluation license.
-
Log in to the FDM-managed device and make sure that there are no pending changes waiting on the device.
-
Make sure DNS is configured properly on your FDM-managed device.
-
Make sure the time services are configured properly on the FDM-managed device.
-
Make sure the FDM-managed device shows the correct date and time otherwise the onboarding will fail.
What to do next
Do one of these two these things:
-
Unregsiter your FDM-managed device from Cisco Smart Software Manager if it is already smart-licensed. You must unregister the device from Cisco Smart Software Manager before you onboard it to CDO with a registration Key.Continue to Unregister a Smart-licensed FDM-Managed Device.
-
If your device is not already smart-licensed, continue to Procedure to Onboard an FDM-Managed Device Running Software Version 6.4 or 6.5 Using a Registration Key.