cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1952
Views
0
Helpful
5
Replies

Cisco Security Manager

ian.olivier1
Level 1
Level 1

Hi there

I have a question regarding Cisco Security manager. We manage around 70 firewalls and bought CSM to manage them with policies etc.

Is there a way to make changes in SSH or ASDM if the Cisco security manager is unreachable?

I need a backup way for configs before I can deploy it.

Any advise will be appreciated

Kind Regards

Ian Olivier

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

You can always revert local management.

If you do, you need to be sure to use CSM's feature to "Detect out of band changes".

http://www.cisco.com/c/en/us/td/docs/security/security_management/cisco_security_manager/security_manager/411/user/guide/CSMUserGuide/dpman.html#24210

You must reconcile and incorporate those out of band changes into CSM once it is available / reachable so that it will incorporate any such changes into its baseline for that device - otherwise it will overwrite them during the next deployment.

View solution in original post

5 Replies 5

Marvin Rhoads
Hall of Fame
Hall of Fame

You can always revert local management.

If you do, you need to be sure to use CSM's feature to "Detect out of band changes".

http://www.cisco.com/c/en/us/td/docs/security/security_management/cisco_security_manager/security_manager/411/user/guide/CSMUserGuide/dpman.html#24210

You must reconcile and incorporate those out of band changes into CSM once it is available / reachable so that it will incorporate any such changes into its baseline for that device - otherwise it will overwrite them during the next deployment.

Hi Marvin

I was wondering if I could ask one more thing regarding this.

Can we resync the config without Rediscover the firewalls? It detect OOB changes but says the device does not support it.

We use 5515X series in most cases.

Thank you in advance

Ian Olivier

The few times I've done it, I've always just rediscovered the firewall.

You might be able to prepare and deploy a change that "re-does" whatever (hopefully small) OOB change was done and thus incorporate it into CSM's baseline configuration archive for that firewall.

Thanks Marvin

I think changes via ASDM is the last last resort...

I really appreciate your feedback.

Ian Olivier

ian.olivier1
Level 1
Level 1

Thank you very much, there is not a lot of people who can answer questions about CSM.

Good day to you

Ian Olivier

Review Cisco Networking for a $25 gift card