Read Configuration Changes from aan Secure Firewall Cloud Native to CDO

Why Does Cisco Defense Orchestrator "Read" Secure Firewall Cloud Native Configurations?

In order to manage an Secure Firewall Cloud Native, CDO must have it's own stored copy of the Secure Firewall Cloud Native's running configuration file. The first time CDO reads and saves a copy of the device's configuration file is when the device is onboarded. Subsequently, when CDO reads a configuration from an Secure Firewall Cloud Native, you are opting to either Check for Changes, Accept without Review, or Read Configuration. See Reading, Discarding, Checking for, and Deploying Configuration Changes for more information.

CDO also needs to read an Secure Firewall Cloud Native configuration in these circumstances:

  • Deploying configuration changes to the Secure Firewall Cloud Native has failed and the device state is not listed or Not Synced.

  • Onboarding a device has failed and the device state is No Config.

  • You have made changes to the device configuration outside of CDO and the changes have not been polled or detected. THe device state would be either Synced or Conflict Detected.

In these cases, CDO needs a copy of the last known configuration stored on the device.