Showing results for 
Search instead for 
Did you mean: 

How Does Cisco Defense Orchestrator Manage Firepower Threat Defense?

Cisco Employee

These days everything is in the cloud. We all know that Cisco Firepower Threat Defense (FTD) is a unified software image, which includes the Cisco ASA features and FirePOWER Services. Using Cisco Defense Orchestrator (CDO), you can manage physical or virtual Firepower Threat Defense (FTD) devices. If you have used the Firepower Device Manager (FDM), you will notice many similarities between the FDM interface and the CDO interface. 

Here is a list of FTD features that CDO manages:

FTD Software and Firepower Hardware Support

Good news! CDO supports Firepower software 6.4 and later versions, which can be installed on several different Firepower hardware devices or virtual machines. For more information, see Software and Hardware Supported by CDO.

Apply Smart-License

CDO allows you to smart-license your FTDs during onboarding or after onboarding. Smart licensing is conveniently built into our workflows and easily accessible from the CDO interface. For more information, see Apply or Update Smart-License.

Onboard an FTD Seamlessly

CDO provides a friendly and intuitive user interface, which makes life easy when onboarding FTD. You can onboard an FTD using the admin’s username and password or with a registration token. The token method is beneficial if your FTD is assigned an IP address using DHCP. For more information, see Onboard FTD.

Manage your Device Settings

CDO is a multi-purpose manager that can upgrade software, configure high availability, configure device settings, and configure the network resources of your FTD. CDO can manage FTDs, which are managed locally by FDM. After licensing your FTD, you can manage its system settings. For more information, see Manage FTD System Settings.

ASA to FTD Migration has never been this easy

Do you have an Adaptive Security Appliance (ASA) that you want to migrate to FTD?

If the answer is a 'yes', CDO provides a wizard to help you migrate these elements of ASA's running configuration to an FTD template that can then be applied to a new deployment FTD device. For more information, see Migrating an ASA to FTD.

Manage your FTD Interfaces

Configure and edit data interfaces or the management/diagnostic interface on an FTD. For more information, see Configure Firepower Interfaces.

Configure Security Policies

It is essential to define effective security policies to protect your network. You can manage the SSL decryption policy, identity policy, security intelligence policy, access control policy, and many more for the FTD device. For more information, see FTD Policy Configuration

Standardize Security Policies Across FTDs

With CDO, it is possible to analyze your existing policies and objects across security devices and identify errors and inconsistencies. Standardizing your policies across devices allows you to implement consistent security throughout your organization.

Create FTD Templates

Another remarkable feature of CDO is to allow the user to create an FTD template, which is a complete copy of an onboarded FTD device's configuration. This promotes security policy consistency between FTD devices. For more information, see FTD Templates.

High Availability Configuration 

Two FTD’s configured as high availability (HA) pair provide greater “uptime” as one provides a backup for the other. If one FTD becomes unavailable during an upgrade or an unexpected device failure, the other takes over and enforces the same security policies as the former. CDO allows you to configure the HA functionality of FTD. For more information, see FTD HA.

Configure a Virtual Private Network

Virtual Private Network connections such as Site-To-Site or Remote Access establishes a secure tunnel between endpoints over a public network, such as the internet, and it can be configured using CDO. For more information, see VPN for FTD.