CSM 3.1.1: restricting policies which can be deployed

Unanswered Question
Apr 2nd, 2009


I'm trying to restrict the policies that can be deployed by CSM to only Security and NAT, is there a way of doing this from within CSM or is command authorisation via an ACS the only option?

I'm basically trying to stop out of band changes being overwritten when everything is pushed.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
smalkeric Wed, 04/08/2009 - 15:02

I think you can restrict the polices by understanding the concept of locking in CSM. Security Manager has a locking mechanism that is useful in organizations where several people have the authority to make configuration changes. It prevents a potential situation in which two or more people are making changes to the same device, policy, policy assignment, or object at the same time. When a lock is applied, a message is displayed across the top of the work area to other users who access that device or policy.


This Discussion