Skip to main content

 

 

Cisco Defense Orchestrator

Impact of Out-of-Band Changes on Rulesets

When you add new rules or make changes to the existing rules using the Firepower Device Manager (FDM)and you have enabled conflict detection in CDO for your FTDCDO detects the out-of-band change and the device's configuration status shows Conflict DetectedYou can resolve this conflict by accepting or rejecting the changes

If you accept the device changes, CDO overwrites the last know configuration with the new changes made on the device. The following changes take place:

  • Rulesets that are impacted by the changes lose their relationship with devices. 
  • Rules associated with these rulesets are converted to local rules. 

If you reject the device changes, CDO rejects the new changes and replaces configuration on the device with the last synced configuration in Defense Orchestrator.  

 

Related Topics:

  • Was this article helpful?