Cisco Firepower 1100 Getting Started Manual page 156

Hide thumbs Also See for Firepower 1100:

Started manual (177 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

Table of Contents

Roll Back the Configuration if CDO Loses Connectivity

Check CDO log files

Roll Back the Configuration if CDO Loses Connectivity

If you use a data interface on the threat defense for manager access, and you deploy a configuration change

from CDO that affects the network connectivity, you can roll back the configuration on the threat defense to

the last-deployed configuration so you can restore management connectivity. You can then adjust the

configuration settings in CDO so that the network connectivity is maintained, and re-deploy. You can use the

rollback feature even if you do not lose connectivity; it is not limited to this troubleshooting situation.

See the following guidelines:

• Only the previous deployment is available locally on the threat defense; you cannot roll back to any

• The rollback only affects configurations that you can set in CDO. For example, the rollback does not

• Out-of-band SCEP certificate data that was updated during the previous deployment cannot be rolled

• During the rollback, connections will drop because the current configuration will be cleared.

Procedure

Step 1

At the threat defense CLI, roll back to the previous configuration.

configure policy rollback

After the rollback, the threat defense notifies CDO that the rollback was completed successfully. In CDO, the

deployment screen will show a banner stating that the configuration was rolled back.

Cisco Firepower 1100 Getting Started Guide

154

show ddns update interface fmc_access_ifc_name

> show ddns update interface outside

Dynamic DNS Update on outside:

Update Method Name Update Destination

RBD_DDNS not available

Last Update attempted on 04:11:58.083 UTC Thu Jun 11 2020

Status : Success

FQDN : domain.example.org

IP addresses : 209.165.200.225

See https://cisco.com/go/fmc-reg-error.

earlier deployments.

affect any local configuration related to the dedicated Management interface, which you can only configure

at the threat defense CLI. Note that if you changed data interface settings after the last CDO deployment

using the configure network management-data-interface command, and then you use the rollback

command, those settings will not be preserved; they will roll back to the last-deployed CDO settings.

back.

Threat Defense Deployment with CDO

Table of Contents

Chapters

Table of Contents

This manual is also suitable for:

Firepower 2100

Cisco Firepower 1100 Getting Started Manual page 156

Chapters

Related Manuals for Cisco Firepower 1100

Related Products for Cisco Firepower 1100

This manual is also suitable for:

Table of Contents