Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Is there a failsafe function when deploying rulebase with asdm to a pix?

I was wondering if there is any form of failsafe when deplying a rulebase to a pix with the asdm. Based on the logs it seems that it simply writes the complete generated config to the pix running config. and ends with a write mem.

For me who hava about 1700 lines of config this is a bit worrying . What if the asdm looses conection to the pix halfway in the process?

3 REPLIES

Re: Is there a failsafe function when deploying rulebase with as

It is always recommended to take a backup of the PIX configuration before making any significant change, this can be done via tftp.

When you make changes via ASDM, they are not commited untill you select the "Save" icon, until this point the changes are in RAM ( running-config ), and a reload will revert back to the version in NVRAM ( startup-config )

Community Member

Re: Is there a failsafe function when deploying rulebase with as

Yes i keep backups, but my question is how the ASDM deploys the rulebase. Does it overwrite the running config ( i dont se any log entrys indicating that it tryes to write allredy existing entryes) or does it delete the rules and rewrite the complete rulebase, in this case we should se a small amount of drops from the firewall while it writes the new rulebase, but i don't se this either. The smartest ( in my opinion ) would be if it only writes the diff between existing config and new ( like the PDM does. But from the logfile i can see that it writes everything every time.

So what would happen if i loose connection between the firewall and the ASDM computer while it deployes ?

Community Member

Re: Is there a failsafe function when deploying rulebase with as

Correction. > I have missinformed you when i say ASDM, i was wrong, i meen the cisco work firewall management center. I was mixing the products. Sorry.

134
Views
0
Helpful
3
Replies
CreatePlease to create content