Read Configuration Changes from FDM-Managed Device to CDO

Why Does Cisco Defense Orchestrator Read FDM-managed device Configurations?

In order to manage an FDM-managed device, CDO must have its own stored copy of the FDM-managed device's configuration. When CDO reads a configuration from an FDM-managed device, it takes a copy of the FDM-managed device's deployed configuration and saves it to its own database. The first time CDO reads and saves a copy of the device's configuration file is when the device is onboarded. See Reading, Discarding, Checking for, and Deploying Configuration Changes for more information.

Pending and Deployed Changes

Configuration changes made to the FDM-managed device directly through the Firepower Device Manager (FDM) or its CLI are referred to as staged changes on the FDM-managed device until they are deployed. A staged, or pending, change can be edited or deleted without having any affect on traffic running through the FDM-managed device. Once the pending changes are deployed, however, they are enforced by the FDM-managed device and affect traffic running through the device.

Conflict Detected

If you enable Conflict Detection on the device, CDO checks for configuration changes every 10 minutes. If the copy of the configuration stored on the device has changed, CDO notifies you by displaying the "Conflict Detected" configuration status. If you do not have Conflict Detection enabled, or a change has been made to the device's configuration within the 10 minute interval between automatic polling, clicking Check for Changes prompts CDO to immediately compare the copy of the configuration on the device with the copy of the configuration stored on CDO. You can choose to Review Conflict to examine the differences between the device configuration and the configuration saved to CDO, then select Discard Changes to remove the staged changes and revert to the saved configuration or confirm the changes. You can also choose to Accept without Review; this option takes the configuration and overwrites what is currently saved to CDO.