Cisco Security Manager revision control

ICresswell
ICresswell used Ask the Experts™
on
We are in the process of migrating our network from checkpoint to cisco and I was wondering if there is anything similar on CSM to Checkpoints Revision control where the config can be reversed up if there is a problem with any change?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Ernie BeekSenior infrastructure engineer
Top Expert 2012

Commented:
Well, with cisco any changes made to the configuration are effective immediately. The ASA stores them in the running config. If anything breaks because of the changes, reload the firewall and it will reboot using the startup config.
When saving configuration changes, what you do is copying the running config to the startup config.
Ernie BeekSenior infrastructure engineer
Top Expert 2012

Commented:
One nice feature is, when configuring the ASA remotly, the use of the command reload in xx.
This will cause the firewall to reboot in xx minutes. If you make any changes that lock you out, just wait for xx minutes. Then the ASA will reboot and load it's startup config so you can connect again.

Author

Commented:
Thanks erniebeek, although my experience has been that when a policy is pushed down to the router or firewall the config is written and saved to the device.
As a test I made a small change to the config from the CSM and did a reload in 10 on the router but once reloaded the change was still there.
I am pushing the changes down via "submit and deploy", is there a different way to push the changes down that does not cause it to write the config?
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Senior infrastructure engineer
Top Expert 2012
Commented:
Hm, need glasses. Completely overlooked 'CSM' :-~

So, did you have a look at the configuration archive?
http://www.cisco.com/en/US/docs/security/security_management/cisco_security_manager/security_manager/4.1/user/guide/dpman.html#wp966311

Author

Commented:
excellent, thanks very much!
Ernie BeekSenior infrastructure engineer
Top Expert 2012

Commented:
Gald I could help, thx for the points :)

Author

Commented:
my only concern with the configuration archive is if you submit a config that accidentally denies access you can't get on to recover the configuration whereas with reload in x at least you always knew you could gain access if you made a mistake.
Ernie BeekSenior infrastructure engineer
Top Expert 2012

Commented:
Correct, haven't found a way in CSM to do that yet :-~

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial