Overview of On-Prem Management Center managed Threat Defense Migration to Cloud-delivered Firewall Management Center

Cisco Defense Orchestrator allows a user with CDO Admin rights to migrate the threat defense devices from the management center to the cloud-delivered Firewall Management Center.

Before initiating the migration process on the threat defense, the management center associated with those devices must already be onboarded to CDO.

On migrating the threat defense to the cloud-delivered Firewall Management Center, CDO onboards the devices and imports all shared policies and associated objects, device-specific policies, and device configuration from the management center to CDO.

Note	CDO handles all duplicate policy and object names that are identified during the management center migration process. This behavior is explained in detail later in this document.

The events and analytics management can be transferred to CDO or retained with the management center.

Once the migration is completed, you will have a total of 14 days to assess the changes made. During this period, you have an option to change specific actions or switch the device management to the On-Prem management center. It is important to note that after the evaluation period ends, you can no longer be able to undo any changes made during the migration.

User Roles

The user roles of the on-prem management center are no longer applicable in CDO after migration. Your authorization to perform tasks on the migrated device is based on your user role in CDO. See the Users topic to understand the on-prem management center and cloud-delivered Firewall Management Center user role mapping.