Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Pushing Security Policy Updates to an IDP Device (NSM Procedure)

    You must run a device configuration update job (also called pushing an update) in the following cases:

    • After you have revised the security policy assigned to an IDP device. The configuration changes you make in NSM do not affect the IDP device until you have successfully pushed the configuration to the IDP device.
    • If you have deleted the device from NSM and reinstall it. In these cases, the IDP device does not retain the previous security policy assignment.
    • If you use the NSM Device Manager to change IDP device settings.

    To push configuration updates to multiple IDP devices:

    1. Select Devices > Configuration > Update Device Config to display the Update Devices Options dialog box.
    2. Select the devices that you want to push configuration updates to and to set update job options on. Table 1 describes devices update job options.
    3. Click OK.

      Table 1: Devices Update Job Options

      Tab

      Description

      General

      Run Summarize Delta Config–—Summarizes and runs the delta change in the configuration.

      Netconf

      Lock configuration during update—Locks configuration while updating device configuration.

      Update to candidate config first before commit to running config—Updates the configuration before committing.

      Use confirmed commit—Enables commit confirmed.

      Rollback candidate config to running config in error—Rollbacks when there is error generated during the configuration.

      Discard uncommitted changes when exclusive lock is available—Discards any uncommitted changes during exclusive lock.

      ScreenOS and IDP

      Show unconnected devices—Lists all devices that are not connected.

      Update when device connects—Updates configuration when the devices are connected.

      Firewall Device Options—Not applicable.

      Standalone IDP device options—Includes the following option:

      • Restart IDP Profiler after Device Update—Restarts the Profiler.

      ISG Device Options—Not applicable.

    To push an update to a specific, single device:

    1. In Device Manager, right-click the device that you want to push the update to and select Update Device to display the Update Device Options dialog box.
    2. Set update job options using Table 2.
    3. Click OK.

      Table 2: Device Update Job Options

      Option

      Description

      Update When Device Connects

      Updates the device whenever there exist a connection between the devices.

      Restart IDP Profiler After Device Update

      Restarts the profiler when the device gets updated.

      Update IDP Rulebase Only

      Updates IDP rulebase only.

      Don’t Show This Dialog

      Does not allow this dialog box to appear again.

    For more information, see the IDP Concepts & Examples Guide.

    Published: 2013-01-03