Error Prevention, Recovery, and Audit Management Using NSM
Persistent management control is essential when managing large networks. You need to be sure that configuration and policies you send to your managed devices are correct before you install them on your devices.
Using NSM’s error prevention and recovery features, you can ensure that you are consistently sending stable configurations to your devices, and that your device remains connected to NSM. Additionally, you can track each change made by an NSM administrator to help you identify when, how, and what changes were made to your managed devices.
The following topics are the error prevention, recovery, and audit management features in NSM:
Device Configuration Validation
NSM automatically alerts you to configuration errors while you work in the UI. Each field that has incorrect or incomplete data displays a icon— move your mouse cursor over the icon to get details on the missing data. For more details on validation, see Understanding Validation Icons and Validation Data in the NSM User Interface.
The policy validation tool checks your security policies and alerts you to possible problems before you install that policy on your managed devices.
Atomic Configuration and Updating
On devices running ScreenOS 5.x, if the configuration deployment fails for any reason, the device automatically uses the last installed stable configuration. Additionally, if the configuration deployment succeeds, but the device loses connectivity to the management system, the device restores the last installed configuration. This minimizes downtime and ensures that NSM always maintains a stable connection to the managed device.
Devices running ScreenOS 5.1 and later also support atomic updating, which enables the device to receive the entire modeled configuration (all commands) before executing those commands (instead of executing commands as they are received from the management system). Because the device no longer needs to maintain a constant connection to the management system during updating, you can configure changes to the management connection from the NSM UI.
Device Image Updates
You can update the software that runs on your devices by installing a new ScreenOS image on all your security devices. The image updates are as follows:
NSM updates—Use NSM to upload the new image file to multiple security devices with a single click.
RMA updates—Replace failed devices, by setting the device to the RMA state, which enables NSM to retain the device configuration without a serial number or connection statistics. When you install the replacement device, activate the device with the serial number of the replacement unit.
Use the Audit Log Viewer to track administrative actions so you will always know exactly when and what changes were made using the management system. The Audit Log Viewer displays log entries in the order generated, and it includes:
Date and time the administrative action occurred
NSM administrator who performed the action
Domain (global or a subdomain) in which the action occurred
Object type and name
The detail view of the Audit Log Viewer displays changes from the previous version.