Is there a failsafe function when deploying rulebase with asdm to a pix?

sverre.stokken · ‎04-27-2007

I was wondering if there is any form of failsafe when deplying a rulebase to a pix with the asdm. Based on the logs it seems that it simply writes the complete generated config to the pix running config. and ends with a write mem.

For me who hava about 1700 lines of config this is a bit worrying . What if the asdm looses conection to the pix halfway in the process?

mark.j.hodge · ‎04-27-2007

It is always recommended to take a backup of the PIX configuration before making any significant change, this can be done via tftp.

When you make changes via ASDM, they are not commited untill you select the "Save" icon, until this point the changes are in RAM ( running-config ), and a reload will revert back to the version in NVRAM ( startup-config )

sverre.stokken · ‎04-29-2007

Yes i keep backups, but my question is how the ASDM deploys the rulebase. Does it overwrite the running config ( i dont se any log entrys indicating that it tryes to write allredy existing entryes) or does it delete the rules and rewrite the complete rulebase, in this case we should se a small amount of drops from the firewall while it writes the new rulebase, but i don't se this either. The smartest ( in my opinion ) would be if it only writes the diff between existing config and new ( like the PDM does. But from the logfile i can see that it writes everything every time.

So what would happen if i loose connection between the firewall and the ASDM computer while it deployes ?

sverre.stokken · ‎04-29-2007

Correction. > I have missinformed you when i say ASDM, i was wrong, i meen the cisco work firewall management center. I was mixing the products. Sorry.