Onboard an FDM-Managed Device Running Software Version 6.6+ Using a Registration Key

This procedure describes how to onboard an FDM-managed device running Version 6.6+ using a registration key. This method is the recommended way of onboarding the FDM-managed device to Cisco Defense Orchestrator and is beneficial if your FDM-managed device is assigned an IP address using DHCP. If that IP address changes for some reason, your FDM-managed device remains connected to CDO. Additionally, your FDM-managed device can have an address on your local area network, and as long as it can access the outside network, it can be onboarded to CDO using this method.


If you already have a SecureX or Cisco Threat Response (CTR) account, you will need to merge your CDO tenant and SecureX/CTR account in order for your devices to be registered with SecureX. Until your accounts are merged, you will not be able to see your device's events in SecureX or benefit from other SecureX features. We strongly recommend merging your accounts before you create a CDO module in SecureX. Your accounts can be merged through the SecureX portal. See Merge Accounts for instructions.

If you want to onboard an FDM-managed device running version 6.4 or 6.5, see Onboard an FDM-Managed Device Running Software Version 6.4 or 6.5 Using a Registration Key.

Before Onboarding

  • This method of onboarding is currently available for version 6.6+ and to customers connecting to defenseorchestrator.com, defenseorchestrator.eu, and apj.cdo.cisco.com.

  • Review Connect Cisco Defense Orchestrator to your Managed Devices for the networking requirements needed to connect CDO to your FDM-managed device.

  • Make sure your device is managed by Secure Firewall device manager, not Secure Firewall Management Center.

  • The device can be using a 90-day evaluation license or it can be smart-licensed. Devices running version 6.6+ can be onboarded to CDO using a registration key without unregistering any installed smart licenses.

  • The device cannot already be registered with Cisco Cloud Services. See "Unregistering an FDM-Managed Device from Cisco Cloud Services" below before onboarding.

  • Log in to the device's Secure Firewall device manager UI and make sure that there are no pending changes waiting on the device.

  • Make sure DNS is configured properly on your FDM-managed device.

  • Make sure the time services are configured on the FDM-managed device.

  • Make sure the FDM-managed device shows the correct date and time otherwise the onboarding will fail.

What to do next:

Do one of these things: