I currently manage an ASA firewall which was already configured before the integration to CSM. When I try to deploy some changes made with CSM client software, CSM proposes a configuration that removes some useful access-list. Why do CSM wants to remove these access-list even if they are useful for my infrastructure ? Is it possible to modify the proposed configuration before the deployement ?
There is a option in Tools-->Security manager administration-->Deployment.Here under ACL Parameters there is an option "remove unreferenced access-list on device" check box. Uncheck this ,after that you will retain the configuration.
By default any unreferenced ACL's is device will be removed by CSM.
Thank you for your answer. It helps me to solve my problem with the access-list but now I encounter the same problem with an used AAA-server line which is deleted by CSM. Why does CSM try to delete it and is there a way to avoid it ?
AAA server /server group is objcet in CSM.When this object is unreferenced in AAApolicy any rule it will remove based on the settings.
Go to Tools--->Security manager administration-->Deployment,under ACL parameters there is option object group paramters, uncheck the option,remove unrefereced objcet group in device.
This should solve the issue.
In case the problem is not solved,upload the screen shot of preview configuration.