View a Threat Defense Migration Job

The migration dashboard provides the status of all migration jobs initiated from the CDO. You can expand a specific job to see the status of individual devices associated with that tenant. This helps you keep track of the progress of your migration and identify issues, if any, that need to be addressed.

If you have set up alerts for device workflows, click the notifications icon to see the alerts that have been triggered during the migration process. Additionally, if you have opted to receive email notifications from CDO, you will also receive an email notification regarding alerts, if any.

About the 14-day Evaluation Period

When a migration job is successful, you have 14 days to test and assess migration changes using cloud-delivered Firewall Management Center. If you are convinced about the migration changes, we recommend that you commit the devices manually, and not wait for CDO to automatically commit the migration changes. See Commit Migration Changes Manually.

Note that for the on-prem management center 1000/2500/4500, you would have migrated devices from Version 7.4, which is unsupported for general operations. To return the on-prem management center to a supported version you must remove the re-migrated devices, reimage back to Version 7.0.x, restore from backup, and re-register the devices.

  • You cannot revoke the actions that are specified in the migration commit window after committing the changes.

  • You can cancel the migration during the evaluation period and return the device to the on-prem management center.

  • You cannot delete a device from either the on-prem management center or cloud-delivered Firewall Management Center during the evaluation period.


Changes can be made and deployed to the device using CDO during the evaluation period. If you switch device management back to the on-prem management center, CDO-specific changes made during the evaluation period is not saved on the device once it is reverted to the source CDO tenant. You must deploy the changes from the on-prem management center to the device after reverting the device's manager.

  • Name: Represents the job name that shows the on-prem management center name and the date and time when the job was initiated.

  • Number of FTDs: Shows the total number of devices that are being migrated to the cloud.

  • Status: Shows the status of the job. Expand the job to see the status of individual devices.

    When a job is completed successfully, the FTD Migration job is successful message appears in the Status column. You can click the tooltip to see the number of days remaining for evaluating the manager.

    You can click Commit Migration Changes to commit the changes manually before the 14 days evaluation period ends.

  • Last Update: Shows the date and time that are updated only when a change is made to the device.

  • Actions: Click to execute the following actions:

After a successful migration, CDO deploys the configuration to the device. If the system identifies errors or warnings in the changes to be deployed, it displays them in the Validation Messages window. To view complete details, click the arrow icon before the warnings or errors. If the deployment fails, see the Best Practices for Deploying Configuration Changes section of Firepower Management Center Device Configuration Guide X.Y.

Configure Relam Sequence for Identity Policy

If the device contains an identity policy with a Realm or ISE configuration, configure your device as a proxy for CDO to communicate with the identity source. The identity policies don't function if CDO fails to connect to the Identity Realms.

A tooltip appears in the Status column for a device that requires additional configuration.

  1. Click the tooltip icon and then click Learn more.

  2. In the Configure Proxy window, click Configure my realms.

    To add a proxy sequence, see the Create a Proxy Sequence section in the Firepower Management Center Device Configuration Guide, 7.2.