When conflict detection is enabled, Cisco Defense Orchestrator (Defense Orchestrator) polls the device it manages every 10 minutes to determine if a change has been made to the device's configuration outside of Defense Orchestrator. If Defense Orchestrator detects that a change was made, it marks the configuration status for the device Conflict Detected. Changes made to a device outside of Defense Orchestrator are called "out-of-band" changes.
Note: When the FirePOWER policy is managed by Defense Orchestrator, users cannot make out-of-band changes. Any changes made are overridden by Defense Orchestrator.
Enable Conflict Detection
Enabling conflict detection alerts you to instances where changes have been made to a device outside of Defense Orchestrator.
- Open the Devices & Services page.
- Select the device or devices for which you want to enable conflict detection.
- In the Conflict Detection box at the right of the device table, select Enabled from the list.