Connect CDO to your Managed Devices

CDO connects to the devices that it manages through the cloud connector or through a Secure Device Connector (SDC).

If your device can be accessed directly from the internet, you should be using the cloud connector to connect to your device. If you can, configure the device to allow inbound access on port 443 from the CDO IP addresses in your cloud region.

If your device is not accessible from the internet, you can deploy an on-premises SDC in your network to allow CDO to communicate with your devices.

Configure the device to allow full inbound access on port 443 (or whichever port you have configured for your device management).

You need an on-premises SDC in your network to onboard:

All other devices and services do not require an on-premise SDC. CDO will connect using its “cloud connector”. See the next section to know the IP addresses that must be allowed for inbound access.

Connecting Devices to CDO Through the Cloud Connector

When connecting CDO directly to your device through the cloud connector, you should allow inbound access on port 443 (or whichever port you have configured for your device management) for the various IP addresses in the EMEA, United States, or APJ region.

If you are a customer in the Asia-Pacific-Japan (APJ) region, and you connect to CDO at https://www.apj.cdo.cisco.com/, allow inbound access from the following IP addresses:

  • 54.199.195.111

  • 52.199.243.0

If you are a customer in the Australia (AUS) region, and you connect to CDO at https://aus.cdo.cisco.com, allow inbound access from the following IP addresses:

  • 13.55.73.159

  • 13.238.226.118

If you are a customer in Europe, the Middle East, or Africa (EMEA) region, and you connect to CDO at https://defenseorchestrator.eu/, allow inbound access from the following IP addresses:

  • 35.157.12.126

  • 35.157.12.15

If you are a customer in the India (IN) region, and you connect to CDO at https://in.cdo.cisco.com, allow inbound access from the following IP addresses:

  • 35.154.115.175

  • 13.201.213.99

If you are a customer in the United States (US) region, and you connect to CDO at https://defenseorchestrator.com, allow inbound access from the following IP addresses:

  • 52.34.234.2

  • 52.36.70.147

Connecting CDO to SDC

When connecting CDO to your device through an SDC, the devices you want CDO to manage must allow full inbound access on port 443 (or whichever port you have configured for your device management). This is configured using a management access control rule.

You must also ensure that the virtual machine on which the SDC is deployed has network connectivity to the management interface of the managed device.