Configure Synchronization from Devices to Security Manager

Available Languages

Download Options

  • PDF     (625.6 KB)
    View with Adobe Reader on a variety of devices
Updated:July 24, 2024
Document ID:222203

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes different ways of configuration synchronization from ASA to CSM.

    Prerequisites

    Requirements

    Cisco recommends that you have knowledge of these topics:

    • Cisco Security Manager
    • Adaptive security device

    Components Used

    The information in this document is based on these software and hardware versions:

    • Cisco Security Manager 4.25
    • Adaptive security appliance

    The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

    Background Information

    The Cisco security manager delivers centralized management and monitoring services for Cisco ASA device.

    Demonstration Methodology 


    This document describes two distinct methods or options for synchronizing the configuration from ASA to CSM.

    • Single device discovery
    • Bulk device rediscovery


    Single Device Discovery

    Single discovery can only be performed if the device is added to the inventory. It can be performed only when the device has
            

    • Security context configurations for ASA, PIX, and FWSM devices running in multiple context mode.
    • Virtual sensor configurations for IPS devices.
    • Service module information for Catalyst devices.

    Steps to Perform Single Device Discovery:

    You can perform the device discovery when you have performed any changes on device CLI or if the device was removed and added back.

    To check if any pending changes are yet to be synchronized , obeserve the example mentioned.

    Right click on the respective device from the device pane and select the option Detect out of band changes.

    Detect out of band option

    If there are no changes , then the page displays as no out of bound changes found for this device.

    To verify no out of bound change

    If there were any changes done , then the lines are highlighted as per the legend.
    Legend to show the changes made

    Steps to Perform Single Device Discovery:

    Step 1:

    Right click on respective device name from device pane and choose the option Discover policies on Device(s).

    Discover policy option


    Step 2:

    For single device recovery method you can only see the Create Discovery Task  dialogue box. Incase if you are getting a bulk discovery dialogue box , kindly close and open it again.

    You have 3 options to perform the discovery.

    • Live Device – It fetchs the configuration from live device , which is in network.
    • Configuration File – You can choose the configuration file and proceed with the discovery.
    • Factory Default Configuration – It resets the device to the  default configurations. This method can be used for devices that only run single-context mode or for with individual security contexts.


    Create discovery task page

    Make sure you are aware of the network topology and the changes that can happen in your network before you proceed with the discovery.


    warning page before discovery starts

    Once the discover is completed , you can see the pop screen with the status as Discovery completed.
    Discovery complete

    And from out of band changes also it cannot have any changes.
    To verify no out of bound change

    Bulk Device Discovery

    To discover policies for multiple devices, you can conduct bulk rediscovery. It is important to note that bulk rediscovery is limited to live devices , those currently operational and accessible within your network.

    You cannot perform the bulk discovery on security context, virtual sensors. Service modules can be discovered it selected separately.

    Steps to Perform Bulk Device Discovery:

    Step 1:

    Navigate to Policy > Discover Policies on device

    Alternate option for discover polices on device

    Step 2:

    If you are performing Bulk rediscovery , only the bulk rediscovery dialogue box can appear.
    From available devices in the left pane , choose the list of devices for which you want to discover policies and move it to the right side.


    Steps as how to add multiple device for bulk discovery

    Step 3:

    Verify if all the selected devices are listed and click on Finish to proceed further with the bulk rediscovery.
    Make sure you are aware of the network topology and the changes that can happen in your network before you proceed with the discovery.

    warning page before discovery starts

    Once the discovery is completed you can see the example like

    Warning post bulk discovery

    Both the devices are discovered successfully.
    Bulk discovery complete

    Revision History

    Revision Publish Date Comments
    1.0
    26-Jul-2024
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • Aishwarya Ramachandran
      Technical Consulting Engineer

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco