Deploy Configuration Changes from CDO to ASA

Why Does CDO Deploy Changes to an ASA?

As you manage and make changes to a device's configuration with Cisco Defense Orchestrator (CDO), CDO saves the changes you make to its own copy of the configuration file. Those changes are considered "staged" on CDO until they are "deployed" to the device. Staged configuration changes have no effect on the network traffic running through the device. Only after CDO "deploys" the changes to the device do they have an effect on the traffic running through the device. When CDO deploys changes to the device's configuration, it only overwrites those elements of the configuration that were changed. It does not overwrite the entire configuration file stored on the device.

The ASA has a "running" configuration file, sometimes called the "running config" and a "startup" configuration file that is sometimes called the "startup config." The configuration stored in the running config file is enforced on traffic passing through the ASA. After you make changes to the running config and you are happy with the behavior those changes produce, you can deploy them to the startup config. If the ASA is ever rebooted, it uses the startup config as its configuration starting point. Any changes you make to the running config that are not saved to the startup config are lost after an ASA is rebooted.

When you deploy changes from CDO to an ASA, you are writing those changes into the running configuration file. After you are satisfied with the behavior those changes produce, you can deploy those changes to the startup configuration file.

Deployments can be initiated for a single device or on more than one device simultaneously. You can schedule individual deployments or recurring deployments for a single device.

Some Changes are Deployed Directly to the ASA

If you use the CLI interface CLI Macro interface on CDO to make a change to an ASA, those changes are not "staged" on CDO. They are deployed directly to the running configuration of the ASA. When you make changes that way, your device remains "synced" with CDO.