Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CSM and IOS Firewall

In CSM 3.2.1

I can use the flexconfig feature to create a shared policy for site-specific ACLs, which is pretty sweet. The problem is, since these site-specific ACLs are defined in the flexconfig and not in the firewall access rules, when I go to push policy the CSM thinks they're not supposed to be defined on the routers and generates commands to unassign them from their interfaces. Here's my question: Is there a way we can manage an IOS router in CSM but not have it manage the firewall access rules? Then I could put all the interface ACLs in a shared flexconfig policy and manage them that way. Or perhaps there's a way to stop the CSM from generating configuration changes based on what's currently configured on a router and just apply changes that were manually configured through the CSM client? I know it's a long shot, but I figured I'd ask.