Out-of-Band Changes on Devices
Out-of-band changes refer to changes made directly on the device without using CDO. These changes may be made using the device's command-line interface over an SSH connection or by using a local manager like the Adaptive Security Device Manager (ASDM) for the Secure Firewall Cloud Native or the FDM for the FDM-managed device. An out-of-band change causes a conflict between the device's configuration stored on CDO and the configuration stored on the device itself.
Detecting Out-of-Band Changes on Devices
If Conflict Detection is enabled for an ASA, or an FDM-managed device, or a Cisco IOS device, CDO checks the device every 10 minutes searching for any new changes made directly to the device's configuration outside of CDO.
If CDO finds that there are changes to the device's configuration that are not stored on CDO, it changes the Configuration Status of that device to the "Conflict Detected" state.
When Defense Orchestrator detects a conflict, one of two conditions is likely:
-
There have been configuration changes made to the device directly that have not been saved to CDO's database.
-
In the case of an FDM-managed device, there may be "pending" configuration changes on the FDM-managed device that have not been deployed.