Deploy Configuration Changes from CDO to Secure Firewall Cloud Native

Why Does CDO Deploy Changes to an Secure Firewall Cloud Native?

As you manage and make changes to a device's configuration with Cisco Defense Orchestrator (CDO), CDO saves the changes you make to its own copy of the configuration file. Those changes are considered "staged" on CDO until they are "deployed" to the device. Staged configuration changes have no effect on the network traffic running through the device. Only after CDO "deploys" the changes to the device do they have an effect on the traffic running through the device. When CDO deploys changes to the device's configuration, it only overwrites those elements of the configuration that were changed. It does not overwrite the entire configuration file stored on the device.

The Secure Firewall Cloud Native has a "running" configuration file, sometimes called the "running config" and a "startup" configuration file that is sometimes called the "startup config." The configuration stored in the running config file is enforced on traffic passing through the Secure Firewall Cloud Native. After you make changes to the running config and you are happy with the behavior those changes produce, you can deploy them to the startup config. If the Secure Firewall Cloud Native is ever rebooted, it uses the startup config as its configuration starting point. Any changes you make to the running config that are not saved to the startup config are lost after an Secure Firewall Cloud Native is rebooted.

When you deploy changes from CDO to an Secure Firewall Cloud Native, you are writing those changes into the running configuration file. After you are satisfied with the behavior those changes produce, you can deploy those changes to the startup configuration file.

Deployments can be initiated for a single device or on more than one device simultaneously. You can schedule individual deployments or recurring deployments for a single device.

Some Changes are Deployed Directly to the Secure Firewall Cloud Native

If you use the CLI interface interface on CDO to make a change to an Secure Firewall Cloud Native, those changes are not "staged" on CDO. They are deployed directly to the running configuration of the Secure Firewall Cloud Native. When you make changes that way, your device remains "synced" with CDO.