Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
777
Views
1
Helpful
4
Replies

Disabling Automatic Deployments in FMC/FTD

Go to solution
CJ Bird
Level 1
Level 1

‎12-11-2023 06:12 AM

I have a question to an issue that none of us can effectively figure out.  We created and staged a few different firewall rules and tunnels this weekend, with the intent on deploying sometime later this week.  At 2:08am, FMC automatically deployed this rule and it took our entire LAN down, as not all configuration changes have been completed.  Nowhere in the FMC GUI does clearly show where you can stop all deployment changes.  We want to have complete manual control over all updates, and do not want FMC deploying any changes automatically.  What is the manual override and a permanent config setting that will not allow this to happen ever again?  If you select 'deploy', these is a menu that allows you to apply scheduled deployments, but nowhere is there a place here you can cancel existing automatic deployments. Thanks in advance. 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Rob Ingram

‎12-11-2023 09:12 AM

In addition to the task scheduler mentioned by @Rob Ingram , you should also check the System > Updates > Rule updates section for a possible recurring updates with automatic deployment.

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/admin/720/management-center-admin-72/system-updates.html#ID-2259-00000422

View solution in original post

4 Replies 4

Go to solution
MHM Cisco World
VIP
VIP

‎12-11-2023 06:18 AM

check under the tab of deployment advanced
MHM

0 Helpful

Go to solution
Rob Ingram
VIP
VIP

‎12-11-2023 06:22 AM

@CJ Bird you've probably got a scheduled task configured to deploy policies, you should disable these tasks to ensure policies are only deployed manually. https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/admin/720/management-center-admin-72/tools-scheduling.html?bookSearch=true#task_CA11FE907BD94BF385C63C433DE29E15

 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Rob Ingram

‎12-11-2023 09:12 AM

In addition to the task scheduler mentioned by @Rob Ingram , you should also check the System > Updates > Rule updates section for a possible recurring updates with automatic deployment.

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/admin/720/management-center-admin-72/system-updates.html#ID-2259-00000422

Go to solution
CJ Bird
Level 1
Level 1
In response to Marvin Rhoads

‎12-11-2023 10:06 AM

So it turns out, it seems like the policy rules may be tied to the SRU updates, which we do prefer to remain updated during weekly automated intervals  According to TAC, the only way to disable the automated policy updates is to disable the automated SRU updates, as the two are tied together.  This doesn't immediately make sense, and I question that claim, as it appears you can independently deploy policy changes from normal recurring automated SRU updates.    

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card