Read Configuration Changes from an ASA to Security Cloud Control

Why Does Security Cloud Control "Read" ASA Configurations?

In order to manage an ASA, Security Cloud Control must have it's own stored copy of the ASA's running configuration file. The first time Security Cloud Control reads and saves a copy of the device's configuration file is when the device is onboarded. Subsequently, when Security Cloud Control reads a configuration from an ASA, you are opting to either Check for Changes, Accept without Review, or Read Configuration. See Reading, Discarding, Checking for, and Deploying Configuration Changes for more information.

Security Cloud Control also needs to read an ASA configuration in these circumstances:

  • Deploying configuration changes to the ASA has failed and the device state is not listed or Not Synced.

  • Onboarding a device has failed and the device state is No Config.

  • You have made changes to the device configuration outside of Security Cloud Control and the changes have not been polled or detected. THe device state would be either Synced or Conflict Detected.

In these cases, Security Cloud Control needs a copy of the last known configuration stored on the device.