Skip to main content

 

 

Cisco Defense Orchestrator

Detecting Out-of-Band Changes

About Out-of-Band Changes

Out-of-band changes refer to changes made directly on the device without using CDO. These change may be made using the device's command line interface over an SSH connection or by using an "on-box manager" like the Adaptive Security Device Manage (ASDM) for the ASA. An out-of-band change causes a conflict between the device's configuration stored on CDO and the configuration stored on the device itself.

Detecting Out-of-Band Changes on an ASA or Cisco IOS Device

If Conflict Detection is enabled for an ASA or a Cisco IOS device, CDO polls the device every 10 minutes searching for any new changes made directly to the device's configuration outside of CDO. 

If CDO finds that there are changes to the ASA's configuration that are not stored on CDO, CDO changes the configuration state of that device to the "Conflict Detected" state.

See Resolve Configuration Conflicts for more information about how to resolve configuration conflicts.