Skip to main content



Cisco Defense Orchestrator

Read Configuration Changes from an ASA to Defense Orchestrator

Why Does Defense Orchestrator "Read" an ASA Policy?

In order to manage an ASA, Defense Orchestrator must have it's own stored copy of the ASA's running configuration file. When Defense Orchestrator "reads" a policy from an ASA, it takes a copy of the ASA's running configuration file and saves the copy in its own file system. The Defense Orchestrator user makes changes to the Defense Orchestrator's copy of the configuration file until it is time to save the change back to the ASA.

The first time Defense Orchestrator reads and saves a copy of an ASA configuration file is when the ASA is onboarded to Defense Orchestrator. Every other time Defense Orchestrator reads a copy of the ASA running configuration file, it completely overwrites the copy of the configuration file it maintains in its own file system. It does not selectively overwrite differences in the two versions. If you have any configuration changes that have not been saved to the ASAs running configuration file, those changes will be lost when the "read" action occurs. 


So that the configuration information on the ASA and the configuration information Defense Orchestrator are the same, you may want Defense Orchestrator to "read" the running configuration file information from the ASA and store it on Defense Orchestrator.

Reading the ASA policy to Defense Orchestrator overwrites the copy of the configuration file stored on Defense Orchestrator's local file system including any changes that have not been "deployed" to the ASA.

To read changes from the ASA to Defense Orchestrator follow this procedure:

  1. On the navigation bar, click Devices & Services.
  2. Select the device whose configuration it is you want to read. 
  3. Click Read Policy in the Sync pane at the right.
  4. Compare the two configurations presented to you. The configuration labeled "Staged for Sync" is the configuration stored on Defense Orchestrator. The configuration labeled "Found on Device" is the configuration saved on the ASA.
  5. Click Continue to read the policy on the ASA to Defense Orchestrator or click Cancel.