Manage Device Configuration

To manage a device, Security Cloud Control stores its own copy of the device configuration in a local database. When Security Cloud Control reads a configuration from a managed device, it copies the configuration and saves it. Security Cloud Control reads and saves a copy of a device's configuration when the device is onboarded. These choices describe reading a configuration for different purposes:

• Discard Changes: This action is available when a device's configuration status is "Not Synced." In the Not Synced state, there are changes to the device's configuration pending on Security Cloud Control. This option allows you to undo all pending changes. The pending changes are deleted and Security Cloud Control overwrites its copy of the configuration with copy of the configuration stored on the device.

• Check for Changes: This action is available if the device's configuration status is Synced. Clicking Check for Changes directs Security Cloud Control to compare its copy of the device's configuration with the copy stored on the device. If there is a difference, Security Cloud Control immediately overwrites its copy of the device's configuration with the copy stored on the device.

• Review Conflict and Accept Without Review: If you have enabled Conflict Detection on a device, Security Cloud Control checks for configuration changes made on the device every 10 minutes. If the copy of the configuration stored on the device has changed, Security Cloud Control notifies you by displaying the "Conflict Detected" configuration status.

  • Review Conflict: To review changes made directly on a device and accept or reject them, click Review Conflict.

  • Accept Without Review: This action overwrites Security Cloud Control's copy of a device's configuration with the latest copy of the configuration stored on the device. Security Cloud Control does not prompt you to confirm the differences in the two copies of the configuration before taking the overwriting action.

Read All: This is a bulk operation. You can select more than one device, in any state, and click Read All to overwrite all the devices' configurations stored on Security Cloud Control with the configurations stored on the devices.

• Deploy Changes: As you make changes to a device configuration, Security Cloud Control saves the changes you make to its own copy of the configuration. These changes are "pending" on Security Cloud Control until they are deployed to the device. When there are changes to a device's configuration that have not been deployed to the device, the device is in the Not Synced configuration state.

  Pending configuration changes do not affect network traffic. They take effect only after Security Cloud Control deploys them to the device.

  When Security Cloud Control deploys changes to the device configuration, it only overwrites those elements of the configuration that were changed. It does not overwrite the entire configuration file stored on the device. You can initiate deployments for a single device or more than one device simultaneously.

• Discard All is an option that is only available after you click Preview and Deploy.... After clicking Preview and Deploy..., Security Cloud Control shows you a preview of the pending changes in Security Cloud Control. Clicking Discard All deletes all pending changes from Security Cloud Control and does not deploy anything to the selected device(s). Unlike "Discard Changes," deleting the pending changes is the end of the operation.