Skip to main content



Cisco Defense Orchestrator

Resolve Configuration Conflicts

Resolve "Not Synced" Status

To resolve a device "Not Synced" status, follow this procedure:

  1. Open the Devices & Service page. Note the name and IP address of the device that is Not Synced.
  2. Navigate to the Change Log page by selecting Monitoring > Change Log.
  3. Search for the device that is Not Synced.
  4. Review any recent changes created on Defense Orchestrator for that device:
  • If your intention was to push the configuration change from Defense Orchestrator to the device, open the Devices & Services page, select the device and click, Write Changes
  • If you decide you do not want to push the configuration change from Defense Orchestrator to the device, or you want to "undo" the configuration changes you started making on Defense Orchestrator, click Read Policy. That will overwrite the configuration stored in Defense Orchestrator with the running configuration stored on the device.  

Resolve "Conflict Detected" Status

Defense Orchestrator allows you to enable or disable conflict detection on each live device. If conflict detection is enabled and the device's configuration changed since it was last read into Defense Orchestrator, the device's configuration status will show Conflict Detected

To resolve a device with "Conflict Detected" status, follow this procedure:

  1. Select Devices & Services from the navigation bar.
  2. Select the device reporting the conflict and click Review Conflict in the details pane on the right. 
  3. In the Device Sync page, compare the two configurations by reviewing the highlighted differences. 
  • The panel labeled "Last Known Device Configuration" is the device configuration stored on Defense Orchestrator.
  • The panel labeled "Found on Device" is the configuration stored in the running configuration on the ASA.  
  1. Resolve the conflict by selecting one of these radio buttons and clicking Continue:
  • Reject the out of band changes and replace with the last known device config. This will overwrite the configuration stored on the device with the configuration stored on Defense Orchestrator. 
  • Accept out-of-band changes. This will overwrite the configuration and any pending changes stored on Defense Orchestrator with the device's running configuration.

Rejected and accepted out-of-band changes are recorded in the change log along with what was accepted or rejected. See Change Log Entries after Reading from an ASA for more information. 


Related Topics