Edit Deployment Settings

The Deployment Settings section of the Device page displays the information described in the table below.

Deployment Settings
Field	Description
Auto Rollback Deployment if Connectivity Fails	Enabled or Disabled. You can enable auto rollback if the management connection fails as a result of the deployment; specifically if you use data for management center access, and then you misconfigure the data interface.
Connectivity Monitor Interval (in Minutes)	Shows the amount of time to wait before rolling back the configuration.

You can set deployment settings from the Device Management page. Deployment settings include enabling auto rollback of the deployment if the management connection fails as a result of the deployment; specifically if you use data for management center access, and then you misconfigure the data interface. You can alternatively manually roll back the configuration using the configure policy rollback command (see Manually Roll Back the Configuration if the Management Center Loses Connectivity).

See the following guidelines:

Only the previous deployment is available locally on the threat defense; you cannot roll back to any earlier deployments.
Rollback is supported for high availability but not supported for clustering deployments.
Rollback is not supported immediately after high availability creation.
The rollback only affects configurations that you can set in the management center. For example, the rollback does not affect any local configuration related to the dedicated Management interface, which you can only configure at the threat defense CLI. Note that if you changed data interface settings after the last management center deployment using the configure network management-data-interface command, and then you use the rollback command, those settings will not be preserved; they will roll back to the last-deployed management center settings.
UCAPL/CC mode cannot be rolled back.
Out-of-band SCEP certificate data that was updated during the previous deployment cannot be rolled back.
During the rollback, connections will drop because the current configuration will be cleared.

Procedure

Step 1	Choose Devices > Device Management.
Step 2	Next to the device where you want to assign policies, click Edit ().
Step 3	Click Device.
Step 4	In the Deployment Settings section, click Edit (). Deployment Settings
Step 5	Check Auto Rollback Deployment if Connectivity Fails to enable auto rollback.
Step 6	Set the Connectivity Monitor Interval (in Minutes) to set the amount of time to wait before rolling back the configuration. The default is 20 minutes.
Step 7	If a rollback occurs, see the following for next steps. If the auto rollback was successful, you see a success message instructing you to do a full deployment. You can also go to the Deploy > Advanced Deploy screen and click the Preview () icon to view the parts of the configuration that were rolled back (see Deploy Configuration Changes). Click Show Rollback Changes to view the changes, and Hide Rollback Changes to hide the changes. Rollback Changes In the Deployment History Preview, you can view the rollback changes. See View Deployment History.
Step 8	Check that the management connection was reestablished. In management center, check the management connection status on the Devices > Device Management > Device > Management > FMC Access Details > Connection Status page. At the threat defense CLI, enter the sftunnel-status-brief command to view the management connection status. If it takes more than 10 minutes to reestablish the connection, you should troubleshoot the connection. See Troubleshoot Management Connectivity on a Data Interface.