FMC Depoyment

DivvNetSec · ‎04-20-2020

Hi,

Can anyone please help me understand how often FTD gets deployed ? I am asking this question because in our environment I see deployment pending on few devices. Also I am seeing "applied policy is out of date" will this effect on FTD's ?

Thanks,

Divyesh

Marvin Rhoads · ‎04-20-2020

Deployments are either manual (policy changes) or via scheduled tasks (Snort Rule Updates, Vulnerability Database).

You may have FMC configured to download SRU periodically but not deploy - that will result in the "deployment pending" situation.

ccarrionm · ‎02-03-2021

Hi Marvin,
Is it possible to see pending Changes ?
For example a rule that was add .

regards

Marvin Rhoads · ‎02-03-2021

@ccarrionm Yes you can see pending deployment changes as of FMC version 6.6. (6.6.1 is the currently recommended release.)

Earlier releases did not have this capability.

https://www.cisco.com/c/en/us/td/docs/security/firepower/660/relnotes/firepower-release-notes-660/features.html#id_109461

New options for deploying configuration changes

The Deploy button on the FMC menu bar is now a menu, with options that add the following functionality:

Status: For each device, the system displays whether changes need to be deployed; whether there are warnings or errors you should resolve before you deploy; and whether your last deploy is in process, failed, or completed successfully.
Preview: See all applicable policy and object changes you have made since you last deployed to the device.
Selective deploy: Choose from the policies and configurations you want to deploy to a managed device.
Deploy time estimate: Display an estimate of how long it will take to deploy to a particular device. You can display estimates for a full deploy, as well as for specific policies and configurations.
History: View details of previous deploys.

New/modified screens:

Deploy > Deployment
Deploy > Deployment History

Supported platforms: FMC