Deploy Configuration Changes from Security Cloud Control to ASA

Why Does Security Cloud Control Deploy Changes to an ASA?

When you manage and make changes to a device configuration with Security Cloud Control, Security Cloud Control saves those changes to its own copy of the configuration file. Those changes are considered staged on Security Cloud Control until they are deployed to the device. Staged configuration changes have no effect on the network traffic running through the device. Only after Security Cloud Control deploys the changes to the device do they have an effect on the traffic running through the device. When Security Cloud Control deploys changes to the device's configuration, it only overwrites those elements of the configuration that were changed. These actions do not overwrite the entire configuration file on your device.

The ASA has a running configuration file (sometimes called the running config) and a startup configuration file (sometimes called the startup config). The configuration stored in the running config file is enforced on traffic passing through the ASA. After making changes to the running config and confirming that the device behaves as desired, you can deploy those changes to the startup config. If the ASA is ever rebooted, it uses the startup config as its configuration starting point. Changes made to the running config, if not saved to the startup config, are lost when the ASA is rebooted.

When you deploy changes from Security Cloud Control to an ASA, you are writing those changes into the running configuration file. After you are satisfied with the behavior those changes produce, you can deploy those changes to the startup configuration file.

You can initiate deployments for a single device or for multiple devices at the same time. You can schedule individual deployments or recurring deployments for a single device.

Some Changes are Deployed Directly to the ASA

If you use the command line interface interface on Security Cloud Control to make a change to an ASA, those changes are not staged on Security Cloud Control. They are deployed directly to the running configuration of the ASA. When you make changes that way, your device remains "synced" with Security Cloud Control.