Skip to main content

 

 

Cisco Defense Orchestrator

Deploy Configuration Changes from CDO to FTD

Why Does CDO Deploy Changes to an FTD?

As you manage and make changes to a device's configuration with CDO, CDO saves the changes you make to its own copy of the configuration file. Those changes are considered staged on CDO until they are deployed to the device. Staged configuration changes have no effect on the network traffic running through the device. Only after CDO deploys the changes to the device do they have an affect on the traffic running through the device. When CDO deploys changes to the device's configuration, it only overwrites those elements of the configuration that were changed. It does not not overwrite the entire configuration file stored on the device. 

Like CDO, FTD has the concept of pending changes and deployed changes. Pending changes on FTD are the equivalent of staged changes on CDO. A pending change can be edited or deleted without having any affect on traffic running through the FTD. Once the pending changes are deployed, however, they are enforced by the FTD and affect traffic running through the device. 

Because of FTDs two step process for editing configuration files, CDO deploys changes to an FTD slightly differently than it does to other devices it manages. CDO first deploys the changes to FTD and the changes are in the pending state. Then, CDO deploys the changes on the devices and they become live. Now that the changes have been deployed, they are enforced and affect traffic running through the FTD. This applies to both standalone and high availability (HA) devices.

Deployments can be initiated for a single device or on more than one device simultaneously. You can schedule individual deployments or recurring deployments for a single device.

Two things will prevent CDO from deploying changes to an FTD:

  • If there are staged changes on the FTD. See Conflict Detected for more information on how to resolve this state. 
  • CDO does not deploy changes if there are changes in the process of being deployed to the FTD.   

Scheduling Automatic Deployments

You can also configure your tenant to schedule deployments to a single device or all devices with pending changes by scheduling automatic deployments

 

Related Articles