Skip to main content

 

 

Cisco Defense Orchestrator

Automatically Accept Out-of-Band Changes from your Device

You can configure Defense Orchestrator to automatically accept any change made directly to a managed device by enabling auto-accept changes. Changes made directly to a device without using Defense Orchestrator are referred to as out-of-band changes.

The auto-accept changes feature is an enhancement to conflict detection. If you have auto-accept changes enabled on your device, Defense Orchestrator polls it every 10 minutes to determine if there have been any out-of-band changes made to the device's configuration. If there have been configuration changes, Defense Orchestrator automatically updates its local version of the device's configuration without prompting you. 

Defense Orchestrator will not automatically accept a configuration change if there are configuration changes made on Defense Orchestrator that have not yet been written to the device. Follow the prompts on the screen to determine your next action. 

To use auto-accept changes, you first enable the tenant to display the auto-accept option in the Conflict Detection menu on the Devices & Services page; then, you enable auto-accept changes for individual devices. 

If you want Defense Orchestrator to detect out-of-band changes but give you the option to accept or reject them manually, enable Conflict Detection instead. 

Configure Auto-Accept Changes

  1. Log-in to Defense Orchestrator using an account with Admin or Super Admin privileges.
  2. Access the Settings page by selecting it from the user menu and clicking Settings:

user_menu.png 

  1. In the Tenant Settings area, click the toggle to "Enable the option to auto-accept device changes." This enables the Auto-Accept Changes menu option to appear in the Conflict Detection menu on the Devices & Services page.
  2. Open the Devices & Services page and select the device for which you want to automatically accept out-of-band changes.
  3. In the Conflict Detection menu, select Auto-Accept Changes in the drop-down menu.

auto-accept-menu.png

Disabling Auto-Accept Changes for All Devices on the Tenant

  1. Log-in to Defense Orchestrator using an account with Admin or Super Admin privileges.
  2. Access the Settings page by selecting it from the user menu and clicking Settings. 
  3. In the Tenant Settings area, disable the "Enable the option to auto-accept device changes" by sliding the toggle to the left so it shows a grey X. This disables Auto-Accept Changes option in the Conflict Detection menu and disables the feature for every device on your tenant. 

Note: Disabling "Auto-Accept" will require you to review each device conflict before you can accept it into CDO. This includes devices previously configured to auto-accept changes.

  • Was this article helpful?