Skip to main content

 

 

Cisco Defense Orchestrator

Resolve Configuration Conflicts

Resolve "Not Synced" Status

To resolve a device "Not Synced" status, follow this procedure:

  1. Open the Devices & Service page. Note the name and IP address of the device that is Not Synced.
  2. Navigate to the Change Log page by selecting Monitoring > Change Log.
  3. Search for the device that is Not Synced.
  4. Review any recent changes created on CDO for that device:
  • If your intention was to push the configuration change from CDO to the device, open the Devices & Services page, select the device and click, Deploy Changes
  • If you decide you do not want to push the configuration change from CDO to the device, or you want to "undo" the configuration changes you started making on CDO, click Read Policy. That will overwrite the configuration stored in CDO with the running configuration stored on the device.  

Resolve "Conflict Detected" Status

CDO allows you to enable or disable conflict detection on each live device. If conflict detection is enabled and there was an out-of-band change to the device's configuration since it was last read into CDO, the device's configuration status will show Conflict Detected

To resolve a device with "Conflict Detected" status, follow this procedure:

  1. Select Devices & Services from the navigation bar.
  2. Select the device reporting the conflict and click Review Conflict in the details pane on the right. 
  3. In the Device Sync page, compare the two configurations by reviewing the highlighted differences. 
  • The panel labeled "Last Known Device Configuration" is the device configuration stored on CDO.
  • The panel labeled "Found on Device" is the configuration stored in the running configuration on the ASA.  
  1. Resolve the conflict by selecting one of these radio buttons and clicking Continue:
  • Reject the out of band changes and replace with the last known device config. This will overwrite the configuration stored on the device with the configuration stored on CDO. 
  • Accept out-of-band changes. This will overwrite the configuration and any pending changes stored on CDO with the device's running configuration.
    • Note: As CDO does not support deploying changes to the Cisco IOS devices outside of the command line interface, your only choice for a Cisco IOS device will be to select Accept the out-of-band changes when resolving the conflict. 

Rejected and accepted out-of-band changes are recorded in the change log along with what was accepted or rejected. 

Related Topics