MC for Firewalls will NOT import devices?

Unanswered Question
jsivulka Thu, 02/21/2008 - 07:37
User Badges:
  • Bronze, 100 points or more

If one imports from a live device, the interface settings should be overridden for that device and not inherited from Global, and should generate just fine.

If they are creating a device from scratch, then one would override the interfaces for the device themselves and provide the real IP addresses for inside/outside as well as define other interfaces as needed.

No, there is no function in Firewall MC to look at the config of a device prior to importing it.

One can do "https:///exec/show config" in a browser to get the config off of a device outside of Firewall MC. The device must be configured to permit HTTP for the host you're browsing from, just like it must be permitted for the server where Firewall MC is installed.

If one wants to see what the current config Firewall MC would put on the device, choose Configuration > View Config > Generate Config. This also has some diffing options to see differences between the config Firewall MC would use and the config on the device, or the last config deployed.


This Discussion