Manage Device Configuration

In order to manage a device, Security Cloud Control Firewall Management must have its own copy of the device's configuration stored in its local database. When Security Cloud Control Firewall Management "reads" a configuration from a device it manages, it takes a copy of the device's configuration and saves it. The first time Security Cloud Control Firewall Management reads and saves a copy of a device's configuration is when the device is onboarded. These choices describe reading a configuration for different purposes:

• Discard Changes: This action is available when a device's configuration status is "Not Synced." In the Not Synced state, there are changes to the device's configuration pending on Security Cloud Control Firewall Management . This option allows you to undo all pending changes. The pending changes are deleted and Security Cloud Control Firewall Management overwrites its copy of the configuration with copy of the configuration stored on the device.

• Check for Changes: This action is available if the device's configuration status is Synced. Clicking Checking for Changes directs Security Cloud Control Firewall Management to compare its copy of the device's configuration with the copy of the configuration stored on the device. If there is a difference, Security Cloud Control Firewall Management immediately overwrites its copy of the device's configuration with the copy stored on the device.

• Review Conflict and Accept Without Review: If you have enabled Conflict Detection on a device, Security Cloud Control Firewall Management checks for configuration changes made on the device every 10 minutes. If the copy of the configuration stored on the device has changed, Security Cloud Control Firewall Management notifies you by displaying the "Conflict Detected" configuration status.

  • Review Conflict: Click Review Conflict allows you to review changes made directly on a device and accept or reject them.

  • Accept Without Review: This action overwrites Security Cloud Control Firewall Management 's copy of a device's configuration with the latest copy of the configuration stored on the device. Security Cloud Control Firewall Management does not prompt you to confirm the differences in the two copies of the configuration before taking the overwriting action.

Read All: This is a bulk operation. You can select more than one device, in any state, and click Read All to overwrite all the devices' configurations stored on Security Cloud Control Firewall Management with the configurations stored on the devices.

• Deploy Changes: As you make changes to a device's configuration, Security Cloud Control Firewall Management saves the changes you make to its own copy of the configuration. Those changes are "pending" on Security Cloud Control Firewall Management until they are deployed to the device. When there are changes to a device's configuration that have not been deployed to the device, the device is in the Not Synced configuration state.

  Pending configuration changes have no effect on the network traffic running through the device. Only after Security Cloud Control Firewall Management deploys the changes to the device do they have an effect. When Security Cloud Control Firewall Management deploys changes to the device's configuration, it only overwrites those elements of the configuration that were changed. It does not overwrite the entire configuration file stored on the device. Deployments can be initiated for a single device or on more than one device simultaneously.

• Discard All is an option that is only available after you click Preview and Deploy.... After clicking Preview and Deploy, Security Cloud Control Firewall Management shows you a preview of the pending changes in Security Cloud Control Firewall Management . Clicking Discard All deletes all pending changes from Security Cloud Control Firewall Management and does not deploy anything to the selected device(s). Unlike "Discard Changes" above, deleting the pending changes is the end of the operation.