Using Management Center for Firewalls 1.2
Deploying Configuration Files
Download this chapter
Deploying Configuration FilesDeploying Configuration Files
Download the complete book
Using Management Center for Firewalls 1.2 - PDF VersionUsing Management Center for Firewalls 1.2 - PDF Version (PDF - 6 MB)
give_us_feedback

Table of Contents

Deploying Configuration Files
 Managing Deployment with Workflow Disabled
 Using the Deployment Tab
 Managing Deployment With Workflow Enabled
 Using the Workflow Tab
 Configuring Rollback

Deploying Configuration Files

Firewall MC offers three methods for managing changes and deploying configurations.

  • Workflow disabled (default)—The workflow feature is turned off, eliminating the requirement for you to define activities and jobs. Firewall MC defines activities automatically, and jobs are not required for deploying configurations. For more information, see Managing Deployment with Workflow Disabled.
  • Workflow enabled—The workflow feature is turned on. You must define activities and jobs, but formal approval is not required for you to perform the next step. For more information, see Managing Deployment With Workflow Enabled.
  • Workflow with formal approval enabled—The workflow feature is turned on. You must submit an activity or job for approval before you can perform the next step. You can turn this feature on for activities, jobs, or both. For more information, see Using Job Management.

When workflow is enabled, the GUI displays the Workflow tab so you can manage activities and jobs. When workflow is disabled, the GUI displays the Deployment tab. You can use the Deployment tab to view deployment status information and to deploy saved configurations to devices.

You control which of these methods to use for tracking changes. You can enable workflow with or without the formal approval process at any time; however, before you can disable workflow, you must approve or discard any open activities and deploy, cancel, or verify that all jobs are being deployed.

Topics to be discussed are:

Managing Deployment with Workflow Disabled

When workflow is disabled (default), you do not need to define activities for tracking changes in Firewall MC. After you make configuration changes, you can deploy those changes by clicking the Save and Deploy icon in the activity bar that is visible from the Devices and Configuration tabs. After you click Save and Deploy, new configurations are generated for any changed devices. You can then deploy the new configurations, or you can save them and deploy them later. For more information on deploying saved configurations, see Using the Deployment Tab.

The Deployment tab is visible only when workflow is disabled. When you enable workflow, the Deployment tab is replaced by the Workflow tab, and you manage deployments by using jobs. For information on using jobs for deployment, see Using Job Management.

Note   When you log in to Firewall MC, you might see a Generate Summary page displayed instead of the Home Page. This occurs if you closed the browser while a configuration was being generated the last time you were logged in.

Important Notes When Workflow Is Disabled

  • You can enable workflow at any time, but to disable workflow, you must approve or discard any open activities and deploy, cancel, or verify that all jobs are being deployed first.
  • You do not need to define an activity when workflow is disabled; an activity is assigned to you automatically. To view report information, click the View Details icon in the activity bar, or select Reports > Activity.
  • Locks are assigned to users, not activities.
  • A user acquires locks as needed.
  • After you save and deploy or save a device configuration for deployment later, the lock on that device is released.
  • When workflow is disabled, you cannot select the deployment method during deployment. You must specify the deployment type before deploying. To specify the deployment type, select Configuration > MC Settings > Deployment, then click the Deployment Type radio button that corresponds with the method to use for deployment.

Using the Activity Bar

When workflow is disabled, you use the activity bar in the Devices and Configuration tabs to generate configurations for changed devices, undo changes, and view changes that were made since the last save. Table 15-1 shows the activity bar icons when workflow is disabled.

Table 15-1   Activity Bar Icons Used When Workflow Is Disabled

Icon  Button Name  Description 


Save and Deploy

Generates configurations for devices and allows you to deploy configurations now or later.


Undo

Discards all changes to configurations and device inventories since last save.


View Details

Opens a popup window to display changes made to configurations and device inventories since last save.

Generating Configurations for Modified Devices

Before you can deploy configuration changes to a device, you must generate the configuration. You are not required to deploy a configuration when you generate it. You have the option of saving the configuration for deployment later. You generate new configurations for modified devices using the Save and Deploy icon, which is located in the activity bar that is visible from the Devices and Configuration tabs.

Step 1   From the activity bar, click Save and Deploy.

The Generate Summary page appears and the Generate Status table shows the devices that are being deployed and their status. When a configuration generation is in process, you can refresh the page for updated status or stop the configuration generation.

After configuration is complete, you can view the configurations.

Step 2   To view the configurations, click View Config in the Details column.

Step 3   Close the window after you view its contents.

Step 4   Do one of the following:

  • To save the configurations and deploy now, click Deploy Now.
  • To save the configurations and deploy later, click Deploy Later.
  • To return to the location from which you clicked the Save and Deploy icon and make additional changes, click Resume Edit.
  • Repeat Step 1 through Step 4 after you make the necessary changes.



Understanding the Generate Summary Page

Figure 15-1 shows the Generate Summary page and Status table.


Figure 15-1   Generate Summary Page and Status Table


Figure 15-1 Reference  Name  Description 
1

Generate Summary information

Provides real-time generation status information and displays generation status icons.1
2

Name

Lists the name of the devices for which configuration is being generated.
3

Status2

Shows the status of the configuration generation.

  • Completed—Configuration was generated successfully
  • Initializing—Configuration is being initialized.
  • Generating—Configuration is being generated.
  • Failed—Configuration generation was unsuccessful.
  • Waiting—Configuration generation is waiting for user interaction.
4

Details

Provides error and warning information after generation is complete.

  • If the configuration generation was successful, you can click View Config.
  • If the configuration generation was unsuccessful, you can click View Errors.
5

Generate action buttons3

Performs the following actions:

  • Refresh—Refreshes table. Table refreshes automatically every 60 seconds.
  • Deploy Now—Saves and deploys the generated configurations.
  • Deploy Later—Saves the generated configurations and allows you to deploy later.
  • Resume Edit—Resumes editing without saving the generated configurations.
  • Stop—Stops generating a configuration.
See the Understanding Generate Summary Icons table for icon descriptions.

See Understanding Deployment States for more information.

Generate buttons are grayed-out depending upon the state of the configuration generation.

Understanding Generate Summary Icons

Icon Description


Configuration generation is in process.


Configuration generation has finished. Status shows errors.


Configuration generation has finished. Status shows completed. If you are using the Save and Deploy icon in the Activity bar to deploy your configurations, you must do one of the following to continue:

  • Save and deploy the configurations immediately (if status shows completed)
  • Save and deploy the configurations later.
  • Edit the configurations that failed to generate correctly.

Understanding Deployment States

  • Deploying—Configuration files are being deployed to the selected devices. You can cancel deployment from the Deploying state.
  • Deploy Error(s)—A deployment problem with one or more devices occurred. Select the device with deployment errors, then click Status for more information about the errors.
  • Deployed—The configuration file was deployed. You can roll back the configuration from the Deployed state. For more information, see Configuring Rollback.

Viewing Configuration Changes

Step 1   From the activity bar at the top right of the Devices or Configuration tab, click the View Details icon.

A popup window opens to display configuration changes made since the file was last saved.

Step 2   Close the window after you have viewed its contents.




Using the Deployment Tab

From the Deployment tab, you can review the status of configuration deployments, and you can deploy saved configurations for devices. The Deployment tab contains the following options:

Viewing Deployment Status Information

Step 1   Select Deployment > Status Summary.

The Deployment Status Summary page appears.

Step 2   Do one of the following:

  • To refresh the status information, click Refresh.
  • To view detailed deployment status information, select the radio button for the deployment, then click Status.

From the Deployment Status popup window, you can select View Config to see a device's configuration, or, if the configuration is deployed directly to a device, you can select View Transcript to see the deployment transcript for a device.

  • To stop a deployment, select the radio button for that deployment, then click Stop.



Understanding the Deployment Status Summary Page

Figure 15-2 shows the Status Summary page, which you access from the Deployment tab.


Figure 15-2   Status Summary Page


Figure 15-2 Reference  Name  Description 
1

User

Lists the name of the user performing the deployment.
2

Devices

Displays the number of devices being deployed.
3

State1

Shows the state of the deployment in which you are working. Options are:

  • Deploying—Deployment is in progress.
  • Deployed—Deployment was successful.
  • Deploy Error(s)—Deployment resulted in errors.
4

Start time

Shows the date and timestamp of deployment.
5

Deployment action buttons2

Performs the following actions:

  • Refresh—Refreshes table.
  • Status—Opens a popup window showing detailed status for the selected deployment.
  • Stop—Stops the deployment operation associated with a selected table row.
See Understanding Deployment States.

Deployment buttons are grayed-out depending upon the state of the action that is being performed.

Deploying Saved Configurations

Step 1   Select Deployment > Deploy Saved Changes.

The Deploy Saved Changes page appears.

Step 2   Select the devices for which to deploy the most recent saved configurations.

Step 3   Click Deploy.

The Deployment Status popup window appears (Figure 15-3).

Step 4   Verify that the status for each device is shown as completed and the deployment method is correct as noted.

Tip If deployment for a device is unsuccessful, see the Details column of the Deployment Status table for deployment error information.

Step 5   To view the configuration for a device in the table, click the View Config link located in the Detail Information column.

A popup window opens in which you can view the configuration.

Step 6   Verify the configuration contents, then close the window.

You return to the Deployment Status window.

Step 7   Click Close.

The Status Summary page displays the status of the deployment.




Understanding the Deployment Status Popup Window

Figure 15-3 shows the Deployment Status Popup window.


Figure 15-3   Deployment Status Popup Window


Figure 15-3 Reference  Name  Description 
1

Name

Lists the name of the device for which the configuration is being deployed.
2

Status

Shows the deployment status. Options are:

  • Completed—Configuration was deployed successfully
  • Deploying—Configuration is being deployed.
  • Failed—Configuration deployment was unsuccessful.
  • Waiting—Configuration deployment is waiting for user interaction.
3

Deploy Method

Shows the deployment method. Options are:

  • Direct to device.
  • To file.
  • To an AUS.
4

Details

Displays details about the configuration deployment.
5

Action buttons

Performs the following actions:

  • Refresh—Refreshes the page.
  • Close—Closes the browser.
6

View Transcript link

Displays information about the communications to the device.

Note Available when you are deploying directly to a device.
7

View Config link

Opens a popup window to display the configuration file in read-only mode.

Managing Deployment With Workflow Enabled

Many organizations benefit from separating responsibility for defining, implementing, and deploying corporate firewall policies. For example, a security administrator might be responsible for defining a device configuration file, another administrator for approving the configuration file, and a network operator for deploying the resulting configuration to a device. This separation of responsibility helps maintain the integrity of deployed device configurations.

Firewall MC supports this separation of responsibility using activities and jobs, which define tasks that are accomplished by one or more people in succession.

Note   You can set up Firewall MC to require formal approval for both activities and jobs. This approval process is disabled by default, but you can enable it by selecting Admin > Workflow Setup.

Topics to be discussed include:

Using the Workflow Tab

From the Workflow tab, you can view the Activity Management table and Job Management table. The Activity Management table allows you to create activities that help you identify and control policy changes. When you create a new activity, you are preparing a proposal to create or change firewall device configurations. For more information, see Using Activity Management.

After an activity is approved, the corresponding configuration elements can be downloaded to several devices in the form of a job. A job identifies devices to which configuration files will be deployed. When workflow is enabled, you must select a job to deploy configurations. To access the jobs feature, select Workflow > Job Management.

Using Job Management

A job represents a set of configuration files to be deployed to devices, configuration files, or an AUS. After a job is defined, you can submit it for approval.

A job identifies a set of devices, new configuration files for downloading, and defines a method for deployment. After a job is defined, it is submitted for approval. Upon approval, it is ready for deployment.

During the process of identifying and approving a job for deployment, you are required to select activities that are associated with the job. When you select an activity in the wizard for deployment, then select a device, you might see other activities associated with the job that you did not select. This behavior is expected. The reason is that any approved activity that includes changes for the device is used to generate the commands.

Topics to be discussed include:

Understanding Job Actions and States

Firewall MC keeps a history of actions made with each job, from creating a job to deploying a job. You also have the option of canceling a job, which cancels a job that is being deployed. The Job Management table shows the most recent action state in the Last Action column. Also included are the job name, job state, username, and devices affected by the job.

Figure 15-4 shows the Job Management table. The formal approval process is enabled. As a result, additional buttons (Submit and Reject) are displayed that would otherwise not be visible. Job buttons are grayed-out depending upon the state of the job that you select.


Figure 15-4   Job Management Table


Figure 15-4 Reference  Name  Description 
1

Job Description column

User-defined job name.
2

Devices column

Devices identified by the job.
3

State column

State of the job in which you are working.
4

Opened by column

Username of person associated with most recent state.
5

Last Action column

Date and timestamp of most recent state.
6

Job action buttons1,2
  • Refresh—Manually refreshes table, for example, if a job has gone from STATUS_WORKING to STATUS_COMPLETED. Table refreshes automatically every 60 seconds.
  • Status—Opens a popup window showing detailed status of a selected job.
  • Add—Adds a new job to Job Management table.
  • Open—When job is in Edit, Submitted, or Rejected state, opens job.
  • Submit—Visible when formal approval process is enabled. Notifies person with approval authority that job is ready for review. Changes job state to Submitted.
  • Approve—When formal approval process is disabled, used by person who created job to approve job. When formal approval process is enabled, used by person with approval authority to approve job. Changes job state to Approved.
  • Reject—Visible when formal approval process is enabled. Used by person with approval authority to reject job. Changes job state to Rejected.
  • Deploy—Deploys job. Changes job state to Deploying while in process, then Deployed when process is completed.
6
(continued)

Job action buttons3,4
  • Rollback—Starts the rollback wizard, which allows you to write the previous configuration files for devices deployed in this job. This allows you to quickly restore the previous configuration for a device in the event of an errant deployment. Changes job state to Rolling Back while in process, then Rolled Back when process is completed.
  • Cancel—Cancels the deployment or rollback operation.
Job buttons are grayed-out depending upon the state of the job that you select.

Job buttons vary depending upon whether your formal approval process is enabled or disabled.

Job buttons are grayed-out depending upon the state of the job that you select.

Job buttons vary depending upon whether your formal approval process is enabled or disabled.

A job can have the following states:

  • Edit—The job can be edited. The job can be opened or closed any number of times while it is in the Edit state. The job can be opened and submitted from the Edit state.
  • Submitted—The job is submitted for review from the Edit state. The job can no longer be edited; no further configuration changes can be made within the job. The job can be opened, approved, and rejected from the Submitted state.
  • Approved—The job was approved by a person with approval authority from the Submitted_Open state. The activities defined within the job are now committed policy configurations. The job can be opened and deployed from the Approved state.
  • Rejected—The job was rejected by a person with approval authority from the Submitted_Open state. The job remains in the rejected state until it is reopened for editing purposes, or until it is automatically purged by the system. The job can be opened from the Rejected state.
  • Deployed—The job was deployed from the Approved state. The job can be rolled back from the Deployed state.
  • Deploying—The job is deploying configuration files to selected devices within the job. Deployment can be canceled from the Deploying state.
  • Deploy Error(s)—There was a problem with one or more devices in the job. Select the job, then click Status for more information about the errors.
  • Rolling Back—The job is rolling back selected devices within the job. Rollback can be canceled from the Rolling Back state.
  • Rolled Back—The devices identified within the job has been rolled back to the previously deployed configuration files.
  • Rollback Error(s)—There was a problem rolling back one or more devices in the job. Select the job, then click Status for more information about the errors.

Adding a Job

After an activity is approved and committed, you must create a job to deploy the updated configurations to devices.

Note   The job comprises the results of all committed activities. A partial set of committed activities cannot be deployed.
Step 1   Select Workflow > Job Management.

The Job Management page appears.

Step 2   Click Add.

The Job Name page appears.

Step 3   Enter a user-defined job name.

Step 4   Enter an optional comment in the Description field.

Step 5   Click Next.

The Select Activities page appears.

Step 6   Select the activities to assign to the job.

Step 7   Click Next.

The Select Devices page appears.

Step 8   Select or deselect any additional devices to add or remove from this job.

Step 9   Click Next.

The Review Devices page appears, which lists the activities that will be deployed to each device.

Note    All approved activities that have not already been deployed to a device must be deployed when a device is included in a job.

Step 10   From the Review Devices page:

a. If you haven't already done so, select a device from the Name column, then click View Config to view configuration file information. Close the window after viewing the file.

b. With the same device selected, click Deploy Type. A popup window opens from which you make your selection.

c. Select the deployment type, then click OK. See Setting a Deployment Type.

d. Repeat the steps for each device to be set for deployment.

Step 11   Click Next.

The Job State Change page appears.

Step 12   From the Job State Change page, do one of the following:

  • If you have the needed permissions and the approval process is disabled:

a. Select the Deploy on Finish check box.

b. Click Next.

c. The job summary page appears. Go to Step 13.

  • If you have the approval process enabled:

a. Select the Submit on Finish check box.

b. Enter the email addresses of persons with approval authority in the Approver(s) email field.

c. Enter any optional comments.

d. Click Next.

e. The job summary page appears.

Step 13   Verify the information is correct, then click Finish.

You are returned to the Job Management table.

  • If you selected the Submit on Finish check box in the Job State Change page, the job is automatically submitted to the reviewer for approval. The job state is shown as Submitted in the State column. Updated information is noted in the Last Action column.
  • If you did not select the Submit on Finish check box in the Job State Change page and you are required to submit a job for approval, do so now. See Submitting a Job for Review (Approval Process Enabled).
  • If you selected the Deploy on Finish check box in the Job State Change page, the job state is shown as Deploying in the State column. Upon completion of the deployment, the State column displays Deployed.



Note   If the state shows Deploy Error(s), there was a problem with one or more devices in the job. Select the job, then click Status for more information about the errors.
Tip If you are deploying directly to a device, you can select a device, then click View Transcript to view information about the communications to the device.

For more information, see Deploying a Job.

Job Management Field-Level Elements and Descriptions

Element  Description 

Job Description column

User-defined description that identifies job.

Devices column

Devices to which job is deployed.

State column

Options are:

  • Edit
  • Generate
  • Generate_Open
  • Rejected
  • Submitted
  • Deployed
  • Deploying
  • Deploy Error(s)
  • Rolled Back
  • Rolling Back
  • Rollback Error(s)

Note See Understanding Job Actions and States.

Opened by column

Shows username for most recent state.

Last action column

Shows timestamp for most recent state.

Name

User-defined name associated with job.

Description

Optional field to add descriptive job information.

Activity column

User-defined list of approved activities that have not been fully deployed.

Approved column

Timestamp noting approval status.

All tab

Displays all devices and groups in hierarchy.

Selection tab

Highlights currently selected devices in All tab.

Name column

Lists devices associated with activity.

Activities column

Activity names assigned to job.

Deploy type column

Defines method by which configuration files will be deployed.
Reviewing Devices Wizard Page

View Config button

Displays configuration file information for each device identified in job. Includes caveats (if any) at beginning of file and inline, and caveat summaries at end of file.

Deploy Type button

Opens popup window to display methods for deployment. Options are:

  • File
  • Direct to device
  • Auto Update Server

Note If you are deploying to a file, you can click Browse to navigate to the file location.

Remove button

Removes a device from the table.

Note If you have only one device set for deployment, you cannot remove it.
Changing Job State Wizard Page

Submit on finish check box

Used to automate submit action when clicking Finish from wizard summary page. Changes job to next state.

Note The check box is visible when you are preparing to submit a job.

Deploy on finish check box

Used to automate deploy action when clicking Finish from wizard summary page. Use this check box if you have the needed permission to deploy a job. Changes job to next state.

Note The check box is visible when you are preparing to approve a job.

Approver(s) email

Field to enter email address of person with approval authority. Multiple addresses are allowed using comma or space delimiters.

Note The approver's email field is used when the formal approval process is enabled.

Comment

Optional field to add related comments when job submitted.

Submitting a Job for Review (Approval Process Enabled)

After a job is defined, you can submit it for review and approval. If the job is approved, it is forwarded for deployment. If the job is rejected, it can be modified, then resubmitted for approval.

If the job is rejected, the approved activities and configuration files associated with the job remain unchanged.

Note   The review and approval feature is disabled by default, but you can enable the feature if your organization requires a formal approval process. See Requiring a Formal Approval Phase.
Step 1   Select Workflow > Job Management.

The Job Management page appears.

Step 2   Select the job to submit for approval.

Step 3   Click Submit.




Approving or Rejecting a Job (Approval Process Enabled)

Only a person with approval authority can approve a job if the formal approval process is enabled. After an job is approved, however, it cannot be changed. If content changes are required, you must create a new job to replace it.

A job can be rejected for several reasons. Perhaps configuration information might need changes. If a job is rejected, you can revise it, then resubmit for approval.

Although the job was rejected, the approved activities and configuration files associated with the job remain unchanged.

Note   The review and approval feature is disabled by default, but you can enable the feature if your organization requires a formal approval process. See Requiring a Formal Approval Phase.
Step 1   Select Workflow > Job Management.

The Job Management page appears.

Step 2   Select the job to approve or reject.

Step 3   Do one of the following:

  • Click Approve to approve the job.
  • Click Reject to reject the job.

You are prompted to enter an optional activity transit comment.

Step 4   Enter the optional information, then click OK.

You are returned to the Job Management table with Approved or Rejected displayed in the State column. Updated information is noted in the Last Action column.




Deploying a Job

After a job is approved, the final stage is to deploy the job.

Note   If the deployment fails, you can roll back to the previously deployed configuration files. See Configuring Rollback.
Before You Begin
  • Make sure the job is in the Approved state.
Step 1   Select Workflow > Job Management.

The Job Management page appears.

Step 2   Select the job to deploy.

Step 3   Click Deploy.

You are prompted for a job deploy comment.

Step 4   Enter the optional information in the field provided, then click OK.

A status popup window opens. The window refreshes automatically every 60 seconds. You can click Refresh to update status information manually.

Step 5   Close the window after you view the contents,

You are returned to the Job Management table. The job state for the job being deployed is shown as Deploying in the State column. Upon completion of the deployment, click Refresh in the Job Management table to update the state from Deploying to Deployed.




Note   If the state shows Deploy Error(s), there was a problem with one or more devices in the job. Select the job, then click Status for more information about the errors.
Tip If you are deploying directly to a device, you can select a device, then click View Transcript to view information about the communications to the device.

Opening an Existing Job

Step 1   Select Workflow > Job Management.

The Job Management page appears.

Step 2   Select the job to edit, then click Open.

The Job Name page appears.

You are now ready to edit job settings.




Configuring Rollback

Note   Before you can access the rollback feature, you must enable workflow. To do this, select Admin > Workflow Setup.

After you deploy a configuration, you might need to disregard the deployment and revert to the previous configuration file. Perhaps the deployment was not successful, or you simply want to revert to the previous configuration settings for certain devices. To do this, you can roll back to a previous configuration.

The rollback feature allows you to write the last good configuration files for some or all devices within a job. The configuration files are stored in the directory you specify in the rollback wizard. To access this feature, select Workflow > Job Management.

You do not need to submit a rollback request for approval (if the job approval feature is enabled); however, you must have the needed permissions to initiate the rollback.

Using Rollback

Step 1   Select Workflow > Job Management.

The Job Management page appears.

Step 2   Select the job for which you want to roll back deployment. The job state should display Deployed or Deploy Error(s) in the State column.

Step 3   Click Rollback.

The Rollback Comment page appears.

Step 4   Enter the rollback comment in the field provided. The text string can be up to 235 characters.

Step 5   Click Next.

The Select Devices page appears.

Step 6   Select the devices to roll back to the previously deployed configuration file from the list of devices scheduled for job deployment.

Note    If you selected a device that does not have a previous configuration file, an error message is displayed. You must deselect the device to continue with the rollback.

Step 7   Click Next.

The Rollback Directory page appears.

Step 8   Verify the rollback directory path. This is the directory to which the configuration files are written. You can click Browse to open a popup window for directory path information. The default directory path is C:\Program Files\CSCOpx\MDC\PIXMC\rollback.

Note    If you set a different directory location, we recommend that you not use the directory in which the previously deployed files reside to avoid the risk of overwriting good files.

If you set a different directory location, make sure it is a secured directory.

Step 9   Click Next.

The job summary page appears.

Step 10   Verify the information is correct, then click Finish.

The rollback process begins. You are returned to the Job Management table. The job selected for rollback displays the message Rolling Back in the State column.

Step 11   Click Finish.

The refresh rate occurs automatically every 60 seconds; however, you can click Refresh to update the display manually. When the rollback is complete, the message Rolled Back is displayed in the State column and the rollback configuration is placed in the specified directory path.

Step 12   To update the configuration on a firewall device with the rollback configuration:

Caution   Applying the rollback configuration to the firewall device causes the device and Firewall MC to lose synchronization. In other words, the information in Firewall MC still represents the state of the firewall device prior to the rollback. You should use the rollback procedure as a way to quickly correct a configuration that is not secure or blocks required traffic. However, you must remember to make the required corrections to the firewall device's configuration in Firewall MC and then deploy the corrected configuration using Firewall MC to restore synchronization.

a. Copy the rollback configuration file to a TFTP server.

Note    This procedure assumes the TFTP server is located on the inside.

b. Enter the configure terminal command to enter configuration mode on the PIX Firewall.

c. Enter the clear configure all command to clear the previous configuration.

d. Enter the ip address inside ip_address [netmask] command to configure the IP address on the inside interface.

e. Enter the route inside ip_address netmask gateway_ip [metric] command to configure a static route to the TFTP server.

f. Enter the configure net [[location]:[filename]] command to retrieve the configuration from the TFTP server. [location] is the IP address or name of the TFTP server, and [filename] is the path and name of the rollback configuration file on the TFTP server.

g. Verify the configuration.

h. Enter the write memory command to save the configuration.