Pushing Security Policy Updates to an IDP Device (NSM Procedure)
You must run a device configuration update job (also called pushing an update) in the following cases:
- After you have revised the security policy assigned to an IDP device. The configuration changes you make in NSM do not affect the IDP device until you have successfully pushed the configuration to the IDP device.
- If you have deleted the device from NSM and subsequently re-add it. In these cases, the IDP device does not retain the previous security policy assignment.
- If you use the NSM Device Manager to change IDP device settings.
To push configuration updates to multiple IDP devices:
- From the NSM main menu, select Devices > Configuration > Update Device Config to display the Update Devices dialog box.
- Select the devices to receive the pushed configuration updates.
- Set update job options as described in Table 1.
- Click OK.
Table 1: Devices Update Job Options
Tab | Description |
|---|---|
General | Run Summarize Delta Config–Displays a summary of the delta config. The delta config is the difference between the IDP running configuration and the NSM configuration object. |
Netconf | Lock configuration during update–Not applicable. |
Update to candidate config first before commit to running config–Not applicable. | |
Use confirmed commit–Not applicable. | |
Rollback candidate config to running config in error–Not applicable. | |
Discard uncommitted changes when exclusive lock is available–Not applicable. | |
ScreenOS and IDP | Show unconnected devices–Displays devices that are not connected to NSM in the Update Devices dialog box |
Update when device connects–Attempts to update a previously unconnected device with pending changes stored in NSM. | |
Firewall Device Options–Not applicable. | |
Standalone IDP device options–includes the following option:
| |
ISG Device Options–Not applicable. |
To push an update to a specific, single device:
- In Device Manager, right-click the device to receive the pushed configuration update select Update Device to display the Update Device dialog box.
- Set update job options. Table 2 describes these update job options.
- Click OK.
Table 2: Device Update Job Options
Option | Description |
|---|---|
Update When Device Connects | Attempts to update a previously unconnected device with pending changes stored in NSM. |
Restart IDP Profiler After Device Update | Restarts the Profiler after the update. |
Update IDP Rulebase Only | Updates only the IDP rulebase, Exempt rulebase, and Backdoor rulebase. Select this option if you are updating only the rulebases or attack objects. |
Don’t Show This Dialog | Does not display this dialog box in the future. |
