Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Out-of-Band Changes Overview


Out-of-band configuration changes are the changes you make to a device configuration through any method other than deploying the configuration change from Security Director.

Out-of-band changes include configuration changes made by:

  • Using the device CLI

  • Using the device Web-based management interface (J-Web interface)

When you make out-of-band changes, Security Director detects the configuration changes on the device. It sets the device configuration state to Out of Sync because the device configuration does not match with the build mode configuration for the device. You cannot deploy configuration on devices that are in the Out of Sync state. To return the device configuration state to In Sync, click Resynchronize with Network. This task resynchronizes the device’s configuration stored in Security Director to match the device configuration.

After the configuration status of the device is In Sync, you can see an icon next to policy for which out of band policy changes have been made in the device. You can automatically synchronize or manually import the out-of-band firewall policy changes from the device. Automatic synchronization is applicable for only device-specific policies and manual synchronization is applicable for both device-specific and group policies.


Out-of-band firewall policy changes are applicable for both standard and unified firewall policies.

Out-of-band changes are not supported if more than one policy is assigned to a device or if rules are configured in All Devices Policy Pre/Post policies.


  • Device and Security Director always synchronized—You can use our new Auto Sync Policy Changes setting in Administration > Policy Sync Settings page to automatically synchronize the out-of-band device-specific firewall policy changes made on the device with Security Director. You can also manually synchronize the out-of-band changes.

  • Better control over configuration changes—You can now view a list of all out-of-band changes made on a managed device. You can accept or reject the changes to synchronize the device with Security Director.