Migrate Threat Defense to Cloud-delivered Firewall Management Center


Step 1

In the navigation bar on the left, click Tools & Services > Migrations > Migrate FTD to cdFMC.

Step 2

Click icon to initiate the threat defense migration process.

You can initiate only one migration job at one time.

Step 3

In the Select OnPrem FMC step, perform the following:

  1. You can click the Onboard an FMC link to onboard the on-premise management center if you have not done already. See Onboard an FMC.

  2. Select the management center from the available list and click Next.

In the Select Devices step, you will see the threat defense devices that the selected management center manages. If a high-availability pair is set up on the on-premise management center, the high availability node will be shown instead of the active and standby devices.

The Last Synced time field indicates the time elapsed since the device configuration synchronized into the management center. You can click Sync from OnPrem FMC Now to fetch the latest device changes.

Step 4

In the Select Devices step, perform the following:

  1. Select the devices you want to migrate. In case of a high availability pair, select the high availability node.

    • The devices running on unsupported versions are not available for selection.

    • The devices that are registered for analytics only with the management center or have pending changes to be deployed are not eligible for migration.

  2. In the Multi-Device Action list, you can choose a common action to apply on all devices.

  3. In the Commit Action column, you can choose one of the following actions for the selected device:

    • Retain on OnPrem FMC for Analytics: After the migration process is completed, the analytics management for selected threat defense devices is retained on the management center.

    • Delete FTD from OnPrem FMC: After the migration process is completed, the selected devices are removed from the management center and are available for CDO to handle the analytics. You must configure the devices to send events to CDO for managing analytics. Once the devices are deleted from the management center, they cannot be revoked.


      The device is not deleted from the management center unless the changes are committed, either automatic or manual.

    • Revert Manager to OnPrem FMC, or

    • Retain on On-Prem Firewall Management Center for Analytics or Delete threat defense from On-Prem Firewall Management Center


The actions specified here are committed automatically after 14 days evaluation period or after the changes are committed manually.

Step 5

Click Migrate FTD to cdFMC.

Step 6

Click View Migration to Cloud Progress to see the progress of your job.

What to do next

You can view the overall and individual status of migration jobs and generate a report when a job is completed successfully. See View Threat Defense Migration Jobs.