Cisco Defense Orchestrator (CDO) is a cloud-based security policy and device manager designed to unify policies across your Cisco firewalls. You can use CDO to deploy and manage IPsec tunnels to Umbrella.
- Cisco ASA (v9.1.2+) device with a static public IP (NAT and/or dynamic IPs not supported).
- Cisco Umbrella SIG Essentials, SIG Advanced or SIG Add-On subscription, or a free SIG trial.
- Cisco ASA Base or Security Plus license to establish an IPsec tunnel.
- Cisco Defense Orchestrator license. For more information, see Licenses.
- Legacy Umbrella Management API key and secret. For information about how to create legacy Umbrella API Management credentials, see Add Umbrella Legacy API Keys.
For full instructions, see Onboard an Umbrella Organization.
ASA network tunnels created by CDO contain a View in CDO link in the Umbrella dashboard that automatically takes you to the appropriate CDO tenant. Switching between Umbrella and CDO will be more convenient if you are using Cisco SecureX to sign into the applications.
- In Umbrella, navigate to Deployments > Core Identities > Network Tunnels and find an ASA network tunnel created in CDO.
- Click the action menu and select View in CDO in the drop-down menu. You are redirected to the tunnel in the CDO dashboard.
A corresponding cross-launch feature is available in CDO to automatically bring you to your Cisco Umbrella dashboard for managing tunnels and policies.
Updated about 1 month ago