About Configuration Conflicts
On the Devices & Services page, you may see devices or services have the status "Synced," "Not Synced," or "Conflict Detected."
- When a device is Synced, the configuration on CDO and the configuration stored locally on the device are the same.
- When a device is Not Synced, the configuration stored in CDO was changed and it is now different that the configuration stored locally on the device.
- When a device has the status Conflict Detected the configuration on the device was changed outside of CDO, and is now different than the configuration stored on CDO. Changes made to devices outside of CDO are called out-of-band changes.
When your device is Synced, your device is up to date. When your device is Not Synced or is marked Conflict Detected, you need to decide if you want to keep the configuration stored on CDO or the configuration stored on the device to return the device status to Synced.
Resolve "Not Synced" Status
To resolve a device "Not Synced" status, follow this procedure:
- Open the Devices & Service page. Note the name and IP address of the device that is Not Synced.
- Navigate to the Change Log page by selecting Monitoring > Change Log.
- Search for the device that is Not Synced.
- Review any recent changes created on CDO for that device:
- If your intention was to push the configuration change from CDO to the device, open the Devices & Services page, select the device and click, Write Changes.
- If you decide you do not want to push the configuration change from CDO to the device, or you want to "undo" the configuration changes you started making on CDO, click Read Policy. That will overwrite the configuration stored in CDO with the running configuration stored on the device.
Cisco Defense Orchestrator (CDO) allows you to enable or disable Conflict Detection on each live device. If Conflict Detection is enabled and the device's running configuration has changed since it was last loaded into CDO, the device's configuration status will change to Conflict Detected. Changes made to devices managed and not managed by CDO will be detected.
To resolve a device with "Conflict Detected" status, follow this procedure:
- Select the device reporting the conflict and click Review Conflict in the details pane on the right.
- In the Device Sync page, compare the two configurations by reviewing the highlighted differences.
- Resolve the conflict by selecting one of these radio buttons and clicking Continue:
- Reject the out of band changes and replace with the last known device config. This will overwrite the configuration stored on the device with the configuration stored on CDO.
- Accept out-of-band changes. This will overwrite the configuration and any pending changes stored on CDO with the device's running configuration.
Note: If the running configuration on the device is different from the saved configuration, the device's configuration status will show Conflict Detected after your firewall reboots.