We have two ASA AIP SSM-20s set up where one is in standby mode. The IPSes are running 6.1(1) E2.
Is there an easy way to mirror event action filters I create across both machines so I don't have to manually create each filter twice? Actually, I'd like to mirror all changes if possible, but primarily the event action filters.
Thanks for any suggestions!
Initially a simple copy paste should be enough (Except maybe you would want to use separate management IPs for each).
For event action filters, keep updating them and re-ordering them on the primary ASA IPS. Whenever you make changes on the primary AIP-SSM, do the following on the secondary AIP-SSM:
(config)# service event-action-rules rules0
(config-eve)# default filters
Then copy paste all the filters (including the ordering commands) from the primary box. Then apply the changes. This should do the trick, even tough I am yet to test this myself.