Cisco Defense Orchestrator (CDO) is a cloud-based, multi-device manager that provides a simple, consistent, and highly secure way of managing security policies on all your ASA devices. CDO helps you optimize your ASA environment by identifying problems with objects and policies and gives you ways to fix them. Use CDO to:
Upgrade your ASA and ASDM images on multiple devices.
Optimize ASA security policies.
Monitor all your ASAs.
Monitor VPN connections.
How Do I Initialize My Account?
The CDO team creates a tenant in our cloud infrastructure for you and helps you create an SDC, which enables your ASAs to communicate with CDO. All you need to do is complete a simple questionnaire by providing information about your network environment, primary ASA use cases, and model of ASA device and quantity required.
CDO is a web-based management product that provides you with both a GUI and CLI to manage your devices one at a time or many at once.
Upgrade ASA and ASDM
CDO provides an intuitive wizard for upgrading ASA and ASDM to the newest available version. Customers have reported time-savings of 75%-90% when upgrading their ASAs using CDO. It's awesome! Ain't it cool? For more information, see ASA and ASM Upgrade Prerequisites and Bulk ASA and ASDM Upgrade.
Optimize Your ASA Policies
Now that you have all your ASAs onboarded, start using CDO to identify and correct problems with network objects, optimize your existing policies, review your VPN connections, and upgrade your ASAs to the newest releases.
CDO allows you to perform all day-to-day activities such as monitoring, troubleshooting and responding to user requests.
CDO change log continuously captures network policy change events as they are performed in CDO. The change log displays information like changes deployed from CDO to your device, changes imported from your device to CDO, and change added and deleted from the device configuration, when it happened and who did it.
Use the ASA Packet Tracker to test the path of a synthetic packet through policy and determine if a rule is inadvertently blocking or allowing access.
Do your ASAs have issues? Maybe they're just a little out of sync, or they need some conflict resolution. Sometimes, your ASAs are unreachable, and all you need to is reconnect. CDO identifies all kinds of problems your ASAs are having. If a change was made to an ASA directly and that change is not reflected in CDO's configuration, CDO shows that there was a conflict detected with that device. For information, see resolve the configuration conflicts.
CDO reports VPN issues that you have on the ASA and ASAv devices in your network. For more information, see Identify VPN Issues.
Are your policies evaluating network traffic? CDO gathers hit rate data on your policies every hour. The longer your devices are managed by CDO, the more meaningful the hit rate data on a particular policy will be. Filter network policies by device and hit count to learn if a policy is effective. If it is not, consider rewriting it or deleting it.
anyone got experience if wanted to change management port example from Eth2/8 to Eth 1/8, what is the process? go to FXOS configure another interface as Management, then plug the cable to it then can d? it does not mention clearly from the documentat...
Dear community, I connected the Printer to the switch port, ISE reads its MAC via Probing. I assigned a static group that I created named "Printers" to that MAC, and created a rule with AuthC(if MAB) and AuthZ(if MAB and if part of the Printers...
Dear community, I have a switch, and in that switch port, is a HUB connected. The hub then has three computers and one Printers connected to it. The computers need to authenticate via PEAP whilst the Printer via MAB. I applied the gen...
Hi Guys,We've installed ISE 3, and we are seeing that we have massive invalid/failed logging attempts to Async ports on few Terminal Servers. See attached screenshots. more than 1 Million attempts !! [We had similar issue with our old ISE, and we forgot a...
Hello, I am facing a problem to have RDP port forward to a PC inside the firewall on ASA-5506-X. ASA version 9.8.Ethernet port 1 configured as ouside, ethernet port 2 configure as inside_1, ethernet port 3 as inside_2. other enthernet ports are disab...