The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The Device Summary page shows the list of devices that are defined in AUS. From this page, you can configure auto update schedules, initiate an immediate update, and block updates. The following topics help you understand and use the Device Summary page:
Select Auto Update Server > Devices to display the Device Summary page. This page shows all managed devices and contains information about the devices, such as the device ID, device type, whether the device is up-to-date and when it last contacted AUS. From the Device Summary page, you can add or delete a device, initiate an immediate auto update, configure and change update schedules, and launch the PIX Device Manager (PDM) or Adaptive Security Device Manager (ASDM) applications.
Click a column name to sort the table by that column. You can also filter the information displayed in the table or search for a device.
Table 2-1 describes the fields on the Device Summary page.
|
|
---|---|
The name that the device uses when identifying itself to AUS, which might differ from the hostname. You determine what is used as the device ID when you bootstrap the device or when you change the AUS policy in Security Manager (see Bootstrapping Security Appliances). You can click on a device ID to open a window with a table that shows details and associated files for that particular device. Details include device name, IP address, serial number, sysObjectID, software version, PDM/ASDM version, and the available RAM and flash memory on the device, as well as repeating some information from this table. |
|
Always shows PIX. You can determine if a device is a PIX firewall or ASA device by looking at the model type in the Type field. |
|
Whether the device is running the newest files:
|
|
The method by which a device is scheduled to receive updated files:
|
|
Click this button to add a device to the table manually. You do not need to add devices that you are managing with Security Manager. For more information, see Adding a Device Directly to AUS. |
|
Click this button to request that a device immediately contact AUS and retrieve new files (an immediate auto update). For more information, see Requesting an Immediate Auto Update. |
|
Click this button to start the PDM or ASDM application, depending on the device. If you are managing a device with Security Manager, you should not use the application to change the device configuration. For more information, see Launching Device Managers. |
|
Click this button configure an update schedule for a device. For more information, see Configuring Update Schedules. |
|
Click this button to cancel an existing update schedule for a device and replace it with the default Any Time schedule, which uses the polling period defined on the device. For more information, see Canceling an Update Schedule. |
|
Click this button to disable auto updates for selected devices. This sets the update schedule to Never. For more information, see Disabling or Blocking Auto Updates. |
|
Click this button to delete the device. Deleting the device does not delete it from Security Manager. For more information, see Deleting Devices. |
When you use Security Manager to deploy configurations to a device through AUS, the device is automatically added to the AUS inventory after the device successfully contacts AUS and retrieves the configuration. This is the normal method for adding devices.
However, you can manually add devices to AUS. This is useful for two purposes:
Any devices that you manually add to AUS are not added to the Security Manager inventory.
Tip You cannot edit any properties after adding a device. If you need to change a property, for example, to update credentials, you must delete the device and add it again.
Step 1 Select Auto Update Server > Devices. The Device Summary page appears (see Viewing the Device Summary Page).
Step 2 Click Add. The Add Device page appears.
Step 3 Enter the following information to identify the device:
You configure the type of ID when you configure AUS settings on the device (as explained in Bootstrapping Security Appliances), or in the Platform > Device Admin > Server Access > AUS policy for the device in Security Manager. Typically, the ID is the hostname of the device.
Step 4 If you want to be able to perform an immediate auto update (using the Update Now button as explained in Requesting an Immediate Auto Update), you must configure the Request Auto Update Credentials field. Select one of the following:
Note The TACACS+ and enable passwords are provided to AUS for any device added from Security Manager if you configure those settings in Security Manager. Security Manager uses the HTTP credentials as the TACACS+ credentials.
Step 5 Click OK to add the device.
When you configure a device to use AUS, you configure a polling period that the device uses to contact AUS. This polling period, configured on the device, is referred to in AUS as an Any Time schedule; that is, the device can contact AUS at any time, based on the device’s configuration.
The default polling period is 720 minutes. For information on changing the polling schedule defined on the device using the Security Manager client, see Changing the Polling Interval for the Device to Contact AUS.
You can create a schedule in AUS that overrides the schedule defined on the device. If you create a schedule using the following procedure, you can cancel it as described in Canceling an Update Schedule.
Step 1 Select Auto Update Server > Devices. The Device Summary page appears (see Viewing the Device Summary Page).
Step 2 Select the devices for which to configure an update schedule.
Step 3 Click Update Schedule. The Configure Update window appears.
Step 4 Select the type of schedule you want from the Allow Updates list and fill in the required fields. The scheduling options are:
Step 5 Click OK. You are returned to the Device Summary Page and the new schedule is shown in the Update Schedule column.
If you allow the device to contact AUS according to the schedule defined on the device rather than one defined in AUS (called an Any Time schedule), you can use the Security Manager client to modify the polling schedule.
Step 1 Do one of the following in the Security Manager client:
Step 2 Select the Poll Type, which can be based on frequency or on a specific schedule, and define schedule, polling times, and retry counts.
Your changes do not take effect until you deploy the configuration and the device retrieves the update from AUS. This means that the first deployment after you change this policy will be based on the previous version of the policy.
If you configured an update schedule in AUS for a device, you can cancel it. This changes the update schedule to Any Time, which means the device uses the polling period defined in its configuration to contact the AUS for updates.
You might want to do something different than canceling a schedule:
Step 1 Select Auto Update Server > Devices. The Device Summary page appears (see Viewing the Device Summary Page).
Step 2 Select the device for which to cancel an update schedule.
Step 3 Click Update Any Time. You are asked to confirm that you want to remove the update schedule from AUS.
If you no longer want to manage a device in AUS, you can delete it from AUS. If you are still managing the device in Security Manager, it will be added back into AUS if you deploy a configuration to it without changing the device to not use AUS.
You must delete devices separately in AUS and Security Manager. Deleting a device from one application does not delete it from the other application.
Step 1 Select Auto Update Server > Devices. The Device Summary page appears (see Viewing the Device Summary Page).
Step 2 Select the devices to delete.
Step 3 Click Delete. You are asked to confirm that you want to delete the device.
Sometimes you want to have a device immediately contact AUS to ensure that the device has the newest files running on it instead of waiting for the device to contact AUS according to schedule. For example, you might want to request that a device contact AUS if the security of your network has been compromised, you updated its configuration in Security Manager and deployed it to AUS, but the device is not scheduled to retrieve a configuration for an acceptable amount of time.
To perform an immediate auto update, the you must ensure that the following requirements are met:
Step 1 Select Auto Update Server > Devices. The Device Summary page appears (see Viewing the Device Summary Page).
Step 2 Select the devices to update immediately.
Tip Requesting that a large number of devices immediately contact AUS can result in performance problems. If you want to update a lot of devices, do it in smaller groups.
Step 3 Click Update Now. You are asked to confirm your request.
AUS first tries using the TACACS+ credentials (the HTTP username and password) to contact the device. If that is not successful, the enable password is used.
You can use the Event Report to determine whether the update is successful (select Reports > Events). For more information, see Viewing the Event Report.
You can disable, or block, auto updates for a device. Disabling updates does not change the device configuration and you can re-enable updates by either creating an update schedule (see Configuring Update Schedules) or by allowing the device to retrieve updates at any time (by selecting the device on the Device Summary page and clicking Update Any Time).
Step 1 Select Auto Update Server > Devices. The Device Summary page appears (see Viewing the Device Summary Page).
Step 2 Select the device for which you want to disable auto updates.
Step 3 Click Block Updates. You are asked to confirm that you want to block updates, which changes the update schedule to Never.
You can start ASDM or PDM from AUS to view or modify a particular setting on a device if you have installed ASDM or PDM for that device. The device must have already contacted AUS before you can start the device manager for it. If you are using Security Manager to configure the device, you should not use ASDM or PDM to change its configuration.
Note If you change the HTTPS port number on the device to any port number other than the default value of 443, you cannot start the device manager. Leave the default value of 443 if you want to start the device manager from AUS itself.
Step 1 Select Auto Update Server > Devices. The Device Summary page appears (see Viewing the Device Summary Page).
Step 2 Select the device for which you want to launch the device manager.
Step 3 Click Launch Device Manager.
You are prompted to log into the application and the device manager is opened in a separate window. Use the application’s online help to learn how to use it.