ICresswell
asked on
Cisco Security Manager revision control
We are in the process of migrating our network from checkpoint to cisco and I was wondering if there is anything similar on CSM to Checkpoints Revision control where the config can be reversed up if there is a problem with any change?
One nice feature is, when configuring the ASA remotly, the use of the command reload in xx.
This will cause the firewall to reboot in xx minutes. If you make any changes that lock you out, just wait for xx minutes. Then the ASA will reboot and load it's startup config so you can connect again.
This will cause the firewall to reboot in xx minutes. If you make any changes that lock you out, just wait for xx minutes. Then the ASA will reboot and load it's startup config so you can connect again.
ASKER
Thanks erniebeek, although my experience has been that when a policy is pushed down to the router or firewall the config is written and saved to the device.
As a test I made a small change to the config from the CSM and did a reload in 10 on the router but once reloaded the change was still there.
I am pushing the changes down via "submit and deploy", is there a different way to push the changes down that does not cause it to write the config?
As a test I made a small change to the config from the CSM and did a reload in 10 on the router but once reloaded the change was still there.
I am pushing the changes down via "submit and deploy", is there a different way to push the changes down that does not cause it to write the config?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
excellent, thanks very much!
Gald I could help, thx for the points :)
ASKER
my only concern with the configuration archive is if you submit a config that accidentally denies access you can't get on to recover the configuration whereas with reload in x at least you always knew you could gain access if you made a mistake.
Correct, haven't found a way in CSM to do that yet :-~
When saving configuration changes, what you do is copying the running config to the startup config.