Onboard an FDM-Managed HA Pair Running Version 6.6 or Version 6.7 and later

To onboard an FDM-managed HA pair running version 6.6 or 6.7, you must onboard the device one at a time. It does not matter if you onboard the active or standby, the primary or secondary device.

Note	If you onboard either device of an HA pair with a registration key, you must onboard the other peer device in the same method. Use the following steps for onboard an HA pair running version 6.6 or 6.7:

Procedure

Step 1

Onboard a peer device. See Onboard an FDM-Managed Device Running Software Version 6.6+ Using a Registration Key for more information.

Step 2

In the navigation pane, click Inventory.

Step 3

Click the Devices tab to locate your device.

Step 4

Click the FTD tab. Once the device is synced, select the device so it is highlighted. In the action pane located directly below Device Details, click Onboard Device.

Step 5

Enter the HA Peer Device Name for the peer device that has already been onboarded. Click Next.

Step 6

If you provided a smart license for the first device, CDO repopulates that license so you can use it for onboarding this current device. Click Next.

Step 7

CDO automatically generates that registration key for the device you are preparing to onboarding. Click the Copy icon to copy the registration key.

Step 8

Log into the Secure Firewall device manager UI of the device you want to onboard to CDO.

Step 9

Under System Settings, click Cloud Services.

Step 10

In the Enrollment Type area, click Security/CDO Account.

Note	For devices running version 6.6, note that the Tenancy tab for CDO is titled Security Account and you must manually enable CDO in the Secure Firewall device manager UI.

Step 11

In the Region field, select the Cisco cloud region that your tenant is assigned to:

If you log in to defenseorchestrator.com, choose US.
If you log in to defenseorchestrator.eu, choose EU.
If you log in to apj.cdo.cisco.com, choose APJ.

Step 12

In the Registration Key field, paste the registration key that you generated in CDO.

Step 13

For devices running version 6.7 or later in the Service Enrollment area, check Enable Cisco Defense Orchestrator.

Step 14

Review the information about the Cisco Success Network Enrollment. If you do not want to participate, uncheck the Enroll Cisco Success Network checkbox.

Step 15

Click Register and then Accept the Cisco Disclosure. FDM sends the registration request to CDO.

Step 16

Return to CDO, in the Create Registration Key area, click Next.

Step 17

In the Smart License area, you can apply a smart license to the FDM-managed device and click Nextor you can click Skip to continue the onboarding with a 90-day evaluation license or if the device is already smart-licensed. For more information, see Applying or Updating a Smart License.

Note	If your device is running version 6.6, you need to manually enable communication to CDO. From the device's FDM-managed UI, navigate to System Settings > Cloud Services and, in the Cisco Defense Orchestrator tile, click Enable.

Step 18

Return to CDO, click Go to Inventory. CDO automatically onboards the device and combines them as a single entry. Similar to the first peer device you onboard, the device status changes from "Unprovisioned" to "Locating" to "Syncing" to "Synced."