05-09-2016 07:05 AM - edited 02-21-2020 05:48 AM
Hi there
I have a question regarding Cisco Security manager. We manage around 70 firewalls and bought CSM to manage them with policies etc.
Is there a way to make changes in SSH or ASDM if the Cisco security manager is unreachable?
I need a backup way for configs before I can deploy it.
Any advise will be appreciated
Kind Regards
Ian Olivier
Solved! Go to Solution.
05-09-2016 01:30 PM
You can always revert local management.
If you do, you need to be sure to use CSM's feature to "Detect out of band changes".
http://www.cisco.com/c/en/us/td/docs/security/security_management/cisco_security_manager/security_manager/411/user/guide/CSMUserGuide/dpman.html#24210
You must reconcile and incorporate those out of band changes into CSM once it is available / reachable so that it will incorporate any such changes into its baseline for that device - otherwise it will overwrite them during the next deployment.
05-09-2016 01:30 PM
You can always revert local management.
If you do, you need to be sure to use CSM's feature to "Detect out of band changes".
http://www.cisco.com/c/en/us/td/docs/security/security_management/cisco_security_manager/security_manager/411/user/guide/CSMUserGuide/dpman.html#24210
You must reconcile and incorporate those out of band changes into CSM once it is available / reachable so that it will incorporate any such changes into its baseline for that device - otherwise it will overwrite them during the next deployment.
05-10-2016 06:09 AM
Hi Marvin
I was wondering if I could ask one more thing regarding this.
Can we resync the config without Rediscover the firewalls? It detect OOB changes but says the device does not support it.
We use 5515X series in most cases.
Thank you in advance
Ian Olivier
05-10-2016 03:38 PM
The few times I've done it, I've always just rediscovered the firewall.
You might be able to prepare and deploy a change that "re-does" whatever (hopefully small) OOB change was done and thus incorporate it into CSM's baseline configuration archive for that firewall.
05-11-2016 03:42 AM
Thanks Marvin
I think changes via ASDM is the last last resort...
I really appreciate your feedback.
Ian Olivier
05-09-2016 11:00 PM
Thank you very much, there is not a lot of people who can answer questions about CSM.
Good day to you
Ian Olivier
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide