cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1048
Views
15
Helpful
6
Replies

Default FlexConfig Policy?

sasha
Level 1
Level 1

Hello. I'm creating my FIRST FlexConfig policy. But when I try to assign it to a device, I'm getting the following message:

 

"Following devices already have assignments listed below. These devices will be reassigned to the current policy
device: impftd - policy: (device setting)

Do you want to continue with above changes?"

 

Will I loose some settings if I answer "yes"? Is there any way to see the mentioned "(device setting)" policy, and/or FlexConfigs already set on the device?

 

We're using FMC 7.0.1 and a HA pair of 2110s with FTD 7.0.1. We recently upgraded from 6.4, but we didn't use FlexConfig before.

 

Thanks and best regards.

1 Accepted Solution

Accepted Solutions

So folks, thank you both for help. The first policy went fine. Here's the outcome:

- Before I assigned the first flexconfig policy to our FTD HA pair, Preview Config button was grayed out.

- But after I assigned the policy and before I saved the changes, the button became active!?! As the only available device, it didn't offer our FTD HA pair but just our primary FTD device!?! And it displayed the old (before-save) flexconfig.

- After I saved the changes, the button offered our FTD HA as the only available device, and displayed the new flexconfig. All of the old commands were still there, and a couple of new commands produced by the new policy were added.

- I compared show run all before and after, and the only difference were the commands added by the new policy.

Thanks again and best regards.

View solution in original post

6 Replies 6

Hi,

You navigate to the listed flexconfig policy, you can see what flex objects
are assigned and what is configured.

Keep in mind that if you remove a flex policy from an FTD, it won't revoke
the changes. This is how flex works. You will need another flex policy to
remove the changes. So don't be concerned about revoking existing config
but its good to know what that policy does before any changes.

***** please remember to rate useful posts

Hello Mohammed, there ISN'T ANY policies in the list! The policy I'm creating is the FIRST one. But the FMC warns me that the device is assigned to "policy: (device setting)". My question is how to see THAT policy. And is there any other way to see FlexConfig commands which are in effect. As you said, it's good to know that before any changes. Thanks and best regards.

I do not believe that this is possible.  If the policy is not present in the FMC GUI then the only place you can check is the running configuration on the FTD it self, but there you would need to know what you are looking for.  Flexconfig is only a tool that you can use to send ASA CLI configuration to the FTD device, so you would only see the configurations them selves on the FTD and not the actual policy.

--
Please remember to select a correct answer and rate helpful posts

So, it would be sufficient to compare "show run all" before and after new FlexConfig policy, assuming there are no other changes in the same deployment?

 

Yes that would be the only way to know what was included in the previous policy

--
Please remember to select a correct answer and rate helpful posts

So folks, thank you both for help. The first policy went fine. Here's the outcome:

- Before I assigned the first flexconfig policy to our FTD HA pair, Preview Config button was grayed out.

- But after I assigned the policy and before I saved the changes, the button became active!?! As the only available device, it didn't offer our FTD HA pair but just our primary FTD device!?! And it displayed the old (before-save) flexconfig.

- After I saved the changes, the button offered our FTD HA as the only available device, and displayed the new flexconfig. All of the old commands were still there, and a couple of new commands produced by the new policy were added.

- I compared show run all before and after, and the only difference were the commands added by the new policy.

Thanks again and best regards.

Review Cisco Networking for a $25 gift card