Skip to main content

 

 

Cisco Defense Orchestrator

Apply ASA Policy Changes to Device

When you modify a security policy in Cisco Defense Orchestrator (CDO), changes are staged to impacted devices or services. This results in configurations that are Not Synced. You may review and apply policy changes by clicking Write to Device... on any device or service that is currently Not Synced.

 

Write to Device by Script

Once ASA device policy configuration changes have been completed, the changes need to be reviewed and applied to the device.

  1. Navigate to the Devices tab and select your modified device from the table. Configuration status should show Not Synced, indicating that it has changes that have not yet been applied to the device.
  2. Click Sync from the right sidebar to generate the commands that will be applied to the device to bring it into a synced status with the CDO configuration.
  3. When prompted, click Download Commands to download a copy of the commands locally. These commands will be contained in a text file and can be reviewed before being applied. Commands will also be generated to revert the changes if desired.
  4. Outside of CDO, log onto the device using a standard protocol, and apply the commands that were downloaded.
  5. Once all commands have been entered, return to CDO and again select the modified device on the Devices tab.
  6. Click Refresh to confirm synchronization with CDO.

If a subset of commands were executed or additional commands were executed out of band, CDO indicates the difference by opening a window showing the differences as well as alerting the user by providing an updated status named Conflict Detected.

  • Was this article helpful?