Import Conflict Resolution
When you attempt to import a configuration, the system determines whether a configuration of the same name and type already exists on the appliance. When an import includes a duplicate configuration, the system offers resolution options suitable to your deployment from among the following:
-
Keep existing
The system does not import that configuration.
-
Replace existing
The system overwrites the current configuration with the configuration selected for import.
-
Keep newest
The system imports the selected configuration only if its timestamp is more recent than the timestamp on the current configuration on the appliance.
NoteIf you import a configuration that contains Microsoft Active Directory users and groups we strongly recommend you download all users and groups after the import to avoid issues in decryption policies, access control policies, and possibly other policies. (, then click
(Download Now). -
Import as new
The system imports the selected duplicate configuration, appending a system-generated number to the name to make it unique. (You can change this name before completing the import process.) The original configuration on the appliance remains unchanged.
The resolution options the system offers depends on whether your deployment uses domains, and whether the imported configuration is a duplicate of a configuration defined in the current domain, or a configuration defined in an ancestor or descendant of the current domain. The following table lists when the system does or does not present a resolution option.
|
Resolution Option |
Secure Firewall Management Center |
Managed Device | |
|---|---|---|---|
|
Duplicate in current domain |
Duplicate in ancestor or descendant domain | ||
|
Keep existing |
Yes |
Yes |
Yes |
|
Replace existing |
Yes |
No |
Yes |
|
Keep newest |
Yes |
No |
Yes |
|
Import as new |
Yes |
Yes |
Yes |
When you import an access control policy with a file policy that uses clean or custom detection file lists and a file list presents a duplicate name conflict, the system offers conflict resolution options as described in the table above, but the action the system performs on the policies and file lists varies as described in the table below:
|
Resolution Option |
System Action | |
|---|---|---|
|
Access control policy and its associated file policy are imported as new and the file lists are merged |
Existing access control policy and its associated file policy and file lists remain unchanged | |
|
Keep existing |
No |
Yes |
|
Replace existing |
Yes |
No |
|
Import as new |
Yes |
No |
|
Keep newest and access control policy being imported is the newest |
Yes |
No |
|
Keep newest and existing access control policy is the newest |
No |
Yes |
If you modify an imported configuration on an appliance, and later re-import that configuration to the same appliance, you must choose which version of the configuration to keep.