Why Does Cisco Defense Orchestrator "Read" ASA Configurations?
In order to manage an ASA, CDO must have it's own stored copy of the ASA's running configuration file. The first time CDO reads and saves a copy of the device's configuration file is when the device is onboarded. Subsequently, when CDO reads a configuration from an ASA, you are opting to either Check for Changes, Accept without Review, or Read Configuration. See Reading, Discarding, Checking for, and Deploying Configuration Changes for more information.
CDO also needs to read an ASA configuration in these circumstances:
- Deploying configuration changes to the ASA has failed and the device state is not listed or Not Synced.
- Onboarding a device has failed and the device state is No Config.
- You have made changes to the device configuration outside of CDO and the changes have not been polled or detected. THe device state would be either Synced or Conflict Detected.
In these cases, CDO needs a copy of the last known configuration stored on the device.
When prompted to Read Configuration changes on an ASA:
- On the navigation bar, click Devices & Services.
- Select the device that CDO has recently failed to onboard or the device that CDO has failed to deploy a change to.
- Click Read Configuration in the Synced pane at the right. This option overwrites the configuration currently saved to CDO.