Re: Help with CSM 3.2.2 - Changes created after Device Discovery

chris_d_bond · ‎01-21-2011

Hi

Hope someone can help, I have just installed CSM 3.2.2 and added many multiple firewalls to the database, I have not created any overall policies yet. Once these additions were made I could see over 500 changes that CSM wanted to make in the Activity List after viewing the changes. A great deal of these were changing the local firewall objects . It looks like that as identical names were used forsome of the local firewall configs, CSM needed to amend these with a unique name for each firewall so adding on -1, -2 e.t.c It also struggles with some of the AAA settings and IKE. I don't want to submit these changes due to the huge risk that involves but also not sure whether to dicard the changes ? Any advice out there ?

Thanks in advance

C

Stefano De Crescenzo · ‎02-12-2011

Hi Chris,

what you are observing is usually normal. CSM tries to reuse the names on the FW to give a name to the objects in the DB. If you import two FWs with some things named in the same way (e.g. OBJECT-NAME) but with different content, CSM will import the first object as OBJECT-NAME and the second as OBJECT-NAME_X where X is a sequential number. CSM then, for consistency, will try to push the new name to the device as well.

Another thing you might notice is that CSM is try to change the access-list by grouping services in a different way.

I would say these are normal operation however I would suggest that before the first deployment you look at the preview of what will be pushed and carefully verify that everything is in place, although slightly modified.

Stefano