• Downloads
• Pushing Security Policy Updates to an IDP Device (NSM Procedure)    

• Related Topics
• NSM and Intrusion Detection and Prevention Device Management Overview
• Troubleshooting Configuration Push Errors (NSM Procedure)

Pushing Security Policy Updates to an IDP Device (NSM Procedure)

You must run a device configuration update job (also called pushing an update) in the following cases:

• After you have revised the security policy assigned to an IDP device. The configuration changes you make in NSM do not affect the IDP device until you have successfully pushed the configuration to the IDP device.
• If you have deleted the device from NSM and reinstall it. In these cases, the IDP device does not retain the previous security policy assignment.
• If you use the NSM Device Manager to change IDP device settings.

To push configuration updates to multiple IDP devices:

1. Select Devices > Configuration > Update Device Config to display the Update Devices Options dialog box.
2. Select the devices that you want to push configuration updates to and to set update job options on. Table 1 describes devices update job options.
3. Click OK.

   Table 1: Devices Update Job Options

   Tab	Description
   General	Run Summarize Delta Config–—Summarizes and runs the delta change in the configuration.
   Netconf	Lock configuration during update—Locks configuration while updating device configuration.
   	Update to candidate config first before commit to running config—Updates the configuration before committing.
   	Use confirmed commit—Enables commit confirmed.
   	Rollback candidate config to running config in error—Rollbacks when there is error generated during the configuration.
   	Discard uncommitted changes when exclusive lock is available—Discards any uncommitted changes during exclusive lock.
   ScreenOS and IDP	Show unconnected devices—Lists all devices that are not connected.
   	Update when device connects—Updates configuration when the devices are connected.
   	Firewall Device Options—Not applicable.
   	Standalone IDP device options—Includes the following option: Restart IDP Profiler after Device Update—Restarts the Profiler.
   	ISG Device Options—Not applicable.

To push an update to a specific, single device:

1. In Device Manager, right-click the device that you want to push the update to and select Update Device to display the Update Device Options dialog box.
2. Set update job options using Table 2.
3. Click OK.

   Table 2: Device Update Job Options

   Option	Description
   Update When Device Connects	Updates the device whenever there exist a connection between the devices.
   Restart IDP Profiler After Device Update	Restarts the profiler when the device gets updated.
   Update IDP Rulebase Only	Updates IDP rulebase only.
   Don’t Show This Dialog	Does not allow this dialog box to appear again.

For more information, see the IDP Concepts & Examples Guide.