Onboard an FDM-Managed High Availability Pair

To onboard an Secure Firewall Threat Defense HA pair to Security Cloud Control, you must onboard each device of the pair individually. Once both peers of the pair are onboarded Security Cloud Control automatically combines them as a single entry in the Inventory page. Onboard the devices using either the device login credentials or a registration key. We recommend onboarding both devices with the same method. Also be aware that if you onboard a device that is in standby mode first, Security Cloud Control disables the ability to deploy or read from that device. You can only read or deploy to the active device within an HA pair.

Note

Security Cloud Control strongly recommends onboarding devices with a registration key. Onboarding with a registration key is slightly different for Threat Defense devices running specific versions. See Onboard an FDM-Managed HA Pair Running Version 6.4 or Version 6.5 and Onboard an FDM-Managed HA Pair Running Threat Defense Version 6.6 or Version 6.7 and later for more information.

Before you onboard an Threat Defense HA pair to Security Cloud Control, review the following:

  • Your HA pair is already formed prior to onboarding to Security Cloud Control.

  • Both devices are in a healthy state. The pair could be either primary/active and secondary/standby or primary/standby and secondary/active modes. Unhealthy devices will not successfully sync to Security Cloud Control.

  • Your HA pair is managed by Secure Firewall device manager, not Secure Firewall Management Center.

  • Your cloud connector connects to Security Cloud Control at https://us.manage.security.cisco.com.