Procedure to Onboad an FDM-Managed Device Running Software Version 6.6+ Using a Registration Key

To onboard an FDM-managed device using a registration key, follow this procedure:

Procedure

Step 1

Log in to CDO.

Step 2

In the navigation pane, click Inventory and click the blue plus button to Onboard a device.

Step 3

Click FTD.

Important

When you attempt to onboard the FDM-managed device, Cisco Defense Orchestrator prompts you to read and accept the End User License Agreement (EULA), which is a one-time activity in your tenant. Once you accept this agreement, CDO doesn't prompt it again in subsequent onboarding. If the EULA agreement changes in the future, you must accept it again when prompted.

Step 4

On the Onboard FTD Device screen, click Use Registration Key.

Step 5

Enter the device name in the Device Name field. This could be the hostname of the device or any other name you choose.

Step 6

In the Database Updates area, the Immediately perform security updates, and enable recurring updates is enabled by default. This option immediately triggers a security update as well as automatically schedules the device to check for additional updates every Monday at 2AM. See Update FTD Security Databases and Schedule a Security Database Update for more information.

Note

Disabling this option does not affect any previously scheduled updates you may have configured through Secure Firewall device manager.

Step 7

In the Create Registration Key step, CDO generates a registration key.

Note

If you move away from the onboarding screen after the key is generated and before the device is fully onboarded, you will not be able to return to the onboarding screen; however, CDO creates a placeholder for that device on the Inventory page. When you select the device's placeholder, you will be able to see the key for that device, on that page.

Step 8

Click the Copy icon to copy the registration key.

Note

You can skip copying the registration key and click Next to complete the place holder entry for the device and later, register the device. This option is useful when you're attempting to create the device first and register it later, or if you're a Cisco partner installing a Proof of Value (POV) device in a customer network.

On the Inventory page, you will see that the device is now in the connectivity state, "Unprovisioned". Copy the registration key appearing under Unprovisionedto Firewall device manager to complete the onboarding process.

Step 9

Log into the Secure Firewall device manager of the device you are onboarding.

Step 10

Under System Settings, click Cloud Services.

Step 11

In the Region field, select the Cisco cloud region that your tenant is assigned to:

  • If you log in to defenseorchestrator.com, choose US.

  • If you log in to defenseorchestrator.eu, choose EU.

  • If you log in to apj.cdo.cisco.com, choose APJ.

Step 12

In the Enrollment Type area, click Security Account .

Note

For devices running version 6.6, note that the Tenancy tab for CDO is titled Security Account and you must manually enable CDO in Secure Firewall device manager.

Step 13

In the Registration Key field, paste the registration key that you generated in CDO.

Step 14

For devices running version 6.7 or later in the Service Enrollment area, check Enable Cisco Defense Orchestrator.

Step 15

Review the information about the Cisco Success Network Enrollment. If you do not want to participate, uncheck the Enroll Cisco Success Network checkbox.

Step 16

Click Register and then Accept the Cisco Disclosure. Secure Firewall device manager sends the registration request to CDO.

Step 17

Return to CDO, in the Create Registration Key area, click Next.

Step 18

Select all licenses you want to apply to the device. Click Next.

Step 19

Return to CDO, open the Inventory page and see that the device status progresses from "Unprovisioned" to "Locating" to "Syncing" to "Synced."