Impact of Out-of-Band Changes on Rulesets

When you add new rules or make changes to the existing rules using the FDM-managed device, and you have enabled conflict detection in Cisco Defense Orchestrator for your FDM-managed device, CDO detects the out-of-band change and the device's configuration status shows Conflict Detected. You can resolve this conflict by accepting or rejecting the changes.

If you accept the device changes, CDO overwrites the last know configuration with the new changes made on the device. The following changes take place:

• Rulesets that are impacted by the changes lose their relationship with devices.

• Rules associated with these rulesets are converted to local rules.

If you reject the device changes, CDO rejects the new changes and replaces configuration on the device with the last synced configuration in CDO.