Automatically Accept Out-of-Band Changes from your Device
You can configure Security Cloud Control Firewall Management to automatically accept any change made directly to a managed device by enabling auto-accept changes. Changes made directly to a device without using Security Cloud Control Firewall Management are referred to as out-of-band changes. An out-of-band change creates a conflict between the device's configuration stored on Security Cloud Control Firewall Management and the configuration stored on the device itself.
The auto-accept changes feature is an enhancement to conflict detection. If you have auto-accept changes enabled on your device, Security Cloud Control Firewall Management checks for changes every 10 minutes to determine if there have been any out-of-band changes made to the device's configuration. If there have been configuration changes, Security Cloud Control Firewall Management automatically updates its local version of the device's configuration without prompting you.
Security Cloud Control Firewall Management will not automatically accept a configuration change if there are configuration changes made on Security Cloud Control Firewall Management that have not yet been deployed to the device. Follow the prompts on the screen to determine your next action.
To use auto-accept changes, you first enable the tenant to display the auto-accept option in the Conflict Detection menu on the Security Devices page; then, you enable auto-accept changes for individual devices. For on-premises management center, you can do this from the Services page by navigating and selecting the FMC.
If you want Security Cloud Control Firewall Management to detect out-of-band changes but give you the option to accept or reject them manually, enable Conflict Detection instead.