Skip to main content



Cisco Defense Orchestrator

Large ASA Running Configuration Files

CDO's Behavior

You may see behavior such as the ASA failing to onboard, CDO not displaying all of the configuration defined in the ASA's running configuration file, or CDO failing to write to the change log. 

Possible Cause

The running configuration file of your ASA may be "too large" for CDO.

When you an onboard an ASA to CDO, CDO stores a copy of the ASA's running configuration file in its database. Generally, if that running configuration file is too large (4.5 MB or larger), or it contains too many lines (approximately 22,000 lines), or there are too many access-list entries for a single access group, CDO will not be able to predictably manage that device.

To confirm the size of your running configuration file, see Confirming ASA Running Configuration Size.


Workaround or Solution

Contact your Cisco account team for help safely reducing the size of your configuration file without disrupting your security policies.

  • Was this article helpful?