Changing The Admin Context; Changing The Security Context Url - Cisco FirePOWER ASA 5500 series Configuration Manual

Chapter 6 Adding and Managing Security Contexts

Changing the Admin Context

The system configuration does not include any network interfaces or network settings for itself; rather,
when the system needs to access network resources (such as downloading the contexts from the server),
it uses one of the contexts that is designated as the admin context.
The admin context is just like any other context, except that when a user logs in to the admin context,
then that user has system administrator rights and can access the system and all other contexts. The
admin context is not restricted in any way, and can be used as a regular context. However, because
logging into the admin context grants you administrator privileges over all contexts, you might need to
restrict access to the admin context to appropriate users.
You can set any context to be the admin context, as long as the configuration file is stored in the internal
Flash memory. To set the admin context, enter the following command in the system execution space:
hostname(config)# admin-context context_name
Any remote management sessions, such as Telnet, SSH, or HTTPS, that are connected to the admin
context are terminated. You must reconnect to the new admin context.
A few system commands, including ntp server, identify an interface name that belongs to the admin
Note
context. If you change the admin context, and that interface name does not exist in the new admin
context, be sure to update any system commands that refer to the interface.

Changing the Security Context URL

You cannot change the security context URL without reloading the configuration from the new URL.
The security appliance merges the new configuration with the current running configuration. Reentering
the same URL also merges the saved configuration with the running configuration. A merge adds any
new commands from the new configuration to the running configuration. If the configurations are the
same, no changes occur. If commands conflict or if commands affect the running of the context, then the
effect of the merge depends on the command. You might get errors, or you might have unexpected
results. If the running configuration is blank (for example, if the server was unavailable and the
configuration was never downloaded), then the new configuration is used. If you do not want to merge
the configurations, you can clear the running configuration, which disrupts any communications through
the context, and then reload the configuration from the new URL.
To change the URL for a context, perform the following steps:
If you do not want to merge the configuration, change to the context and clear its configuration by
Step 1
entering the following commands. If you want to perform a merge, skip to Step 2.
hostname# changeto context name
hostname/name# configure terminal
hostname/name(config)# clear configure all
If required, change to the system execution space by entering the following command:
Step 2
hostname/name(config)# changeto system
OL-10088-01
hostname(config)# clear context
Cisco Security Appliance Command Line Configuration Guide
Managing Security Contexts
6-13