Using Management Center for Firewalls 1.3
Deploying Configuration Files
Download this chapter
Deploying Configuration FilesDeploying Configuration Files
Download the complete book
Using Management Center for Firewalls 1.3 - PDF VersionUsing Management Center for Firewalls 1.3 - PDF Version (PDF - 7 MB)
give_us_feedback

Table Of Contents

Deploying Configuration Files

Managing Deployment with Workflow Disabled

Important Notes When Workflow Is Disabled

Using the Activity Bar

Generating Configurations for Modified Devices

Understanding the Generate Summary Page

Understanding Generate Summary Icons

Understanding Deployment States

Viewing Configuration Changes

Using the Deployment Tab

Viewing Deployment Status

Understanding the Deployment Status Summary Page

Deploying Saved Configurations

Understanding the Deployment Status Popup Window

Managing Deployment With Workflow Enabled

Using the Workflow Tab

Using Job Management

Understanding Job Actions and States

Adding a Job

Submitting a Job for Review (Approval Process Enabled)

Approving or Rejecting a Job (Approval Process Enabled)

Deploying a Job

Opening an Existing Job

Configuring Rollback


Deploying Configuration Files

Firewall MC offers three methods for managing changes and deploying configurations:

Workflow disabled (default)—The workflow feature is turned off, eliminating the requirement for you to define activities and jobs. Firewall MC defines activities automatically, and jobs are not required for deploying configurations. For more information, see Managing Deployment with Workflow Disabled.

Workflow enabled—The workflow feature is turned on. You must define activities and jobs, but formal approval is not required for you to perform the next step. For more information, see Managing Deployment With Workflow Enabled.

Workflow with formal approval enabled—The workflow feature is turned on. You must submit an activity or job for approval before you can perform the next step. You can turn this feature on for activities, jobs, or both. For more information, see Using Job Management.

When workflow is enabled, the GUI displays the Workflow tab so you can manage activities and jobs. When workflow is disabled, the GUI displays the Deployment tab. You can use the Deployment tab to view deployment status information and to deploy saved configurations to devices.

You control which of these methods to use for tracking changes. You can enable workflow with or without the formal approval process at any time; however, before you can disable workflow, you must approve or discard any open activities and deploy, cancel, or verify that all jobs are being deployed.

Topics to be discussed are:

Managing Deployment with Workflow Disabled

Managing Deployment With Workflow Enabled

Configuring Rollback

Managing Deployment with Workflow Disabled

When workflow is disabled (default), you do not need to define activities for tracking changes in Firewall MC. After you make configuration changes, you can deploy those changes by clicking the Save and Deploy icon in the activity bar, which is visible from the Devices and Configuration tabs. After you click the Save and Deploy icon, new configurations are generated for any changed devices. You can then deploy the new configurations, or you can save them and deploy them later. For more information on deploying saved configurations, see Using the Deployment Tab.

The Deployment tab is visible only when workflow is disabled. When you enable workflow, the Deployment tab is replaced by the Workflow tab, and you manage deployments by using jobs. For information on using jobs for deployment, see Using Job Management.

Note When you log in to Firewall MC, you might see a Generate Summary page displayed instead of the Home Page. This occurs if you closed the browser while a configuration was being generated the last time you were logged in.

Important Notes When Workflow Is Disabled

You can enable workflow at any time; to disable workflow, you must approve or discard any open activities and deploy, cancel, or verify that all jobs are being deployed first.

You do not need to define an activity when workflow is disabled; an activity is assigned to you automatically. To view reports, click the View Details icon in the activity bar, or select Reports > Activity.

Locks are assigned to users, not activities.

A user acquires locks as needed.

After you save and deploy or save a device configuration for deployment later, the lock on that device is released.

When workflow is disabled, you cannot select the deployment type during deployment. You must specify the type of deployment before deploying. To specify the type of deployment, select Configuration > MC Settings > Deployment, then click the Deployment Type radio button that corresponds with the type to use for deployment.

Using the Activity Bar

When workflow is disabled, you use the activity bar in the Devices and Configuration tabs to generate configurations for changed devices, undo changes, and view changes that were made since the last save.

Table 15-1 shows the activity bar icons when workflow is disabled.

Table 15-1 Activity Bar Icons Used When Workflow Is Disabled

Icon
Button Name
Description

Save and Deploy

Generates configurations for devices and allows you to deploy configurations now or later.

Undo

Discards all changes to configurations and device inventories since last save.

View Details

Opens a popup window that displays changes made to configurations and device inventories since last save.


Generating Configurations for Modified Devices

Before you can deploy configuration changes to a device, you must generate the configuration. You are not required to deploy a configuration when you generate it. You have the option of saving it for deployment later. You generate new configurations for modified devices using the Save and Deploy icon, which is located in the activity bar that you see under the Devices and Configuration tabs.

Step 1 From the activity bar, click Save and Deploy.

The Generate Summary page appears and the Generate Status table shows the devices that are being deployed and their status. When a configuration generation is in process, you can refresh the page for updated status or stop the generation.

After configuration is complete, you can view the configurations.

Step 2 To view the configurations, click View Config in the Details column.

Step 3 Close the window after you view its contents.

Step 4 Do one of the following:

To save the configurations and deploy now, click Deploy Now.

To save the configurations and deploy later, click Deploy Later.

To return to the location from which you clicked the Save and Deploy icon and make additional changes, click Resume Edit.

Repeat Step 1 through Step 4 after you make the necessary changes.

Understanding the Generate Summary Page

Figure 15-1 shows the Generate Summary page and Status table.

Figure 15-1 Generate Summary Page and Status Table

 
Element
Description
1

Generate Summary information

Provides real-time generation status information and displays generation status icons.1

2

Name

Lists the name of the devices for which configuration is being generated.

3

Status2

Shows the status of the configuration generation.

Completed—Configuration was generated successfully.

Initializing—Configuration is being initialized.

Generating—Configuration is being generated.

Failed—Configuration generation was unsuccessful.

Waiting—Configuration generation is waiting for user interaction.

4

Details

Provides error and warning information after generation is complete.

If the configuration generation was successful, you can click View Config.

If the configuration generation was unsuccessful, you can click View Errors.

5

Generate action buttons3

Performs the following actions:

Refresh—Refreshes table. Table refreshes automatically every 60 seconds.

Deploy Now—Saves and deploys the generated configurations.

Deploy Later—Saves the generated configurations and allows you to deploy later.

Resume Edit—Resumes editing without saving the generated configurations.

Stop—Stops generating a configuration.

1 See the Understanding Generate Summary Icons table for icon descriptions.

2 See Understanding Deployment States, for more information.

3 Generate buttons are grayed-out depending upon the state of the configuration generation.


Understanding Generate Summary Icons

Table 15-2 shows Generate Summary icons and their descriptions.

Table 15-2 Generate Summary Icons

Icon
Description

Configuration generation is in process.

Configuration generation is complete and status shows errors.

Configuration generation is complete and status shows completed. If you are using the Save and Deploy icon in the Activity bar to deploy your configurations, you must do one of the following to continue:

Save and deploy the configurations immediately (if status shows completed).

Save and deploy the configurations later.

Edit the configurations that failed to generate correctly.


Understanding Deployment States

Deploying—Configuration files are being deployed to the selected devices. You can cancel deployment from the Deploying state.

Deploy Error(s)—A deployment problem with one or more devices occurred. Select the device with deployment errors, then click Status for more information about the errors.

Deployed—The configuration file was deployed. You can roll back the configuration from the Deployed state. For more information, see Configuring Rollback.

Viewing Configuration Changes

Step 1 From the activity bar at the top right of the Devices or Configuration tab, click the View Details icon.

A popup window displays configuration changes made since the file was last saved.

Step 2 Close the window after you view its contents.

Using the Deployment Tab

From the Deployment tab, you can review the status of configuration deployments, and you can deploy saved configurations for devices. The Deployment tab contains:

Status Summary—Enables you to view status information for configuration deployments. For more information, see Viewing Deployment Status.

Deploy Saved Changes—Enables you to deploy saved device configurations. For more information, see Understanding the Deployment Status Summary Page.

Viewing Deployment Status

Step 1 Select Deployment > Status Summary.

The Deployment Status Summary page appears.

Step 2 Do one of the following:

To refresh the status information, click Refresh.

To view detailed deployment status information, select the radio button for the deployment, then click Status.

From the Deployment Status popup window, you can select View Config to see a device's configuration, or, if the configuration is deployed directly to a device, you can select View Transcript to see the deployment transcript for a device.

To stop a deployment, select the radio button for that deployment, then click Stop.

Understanding the Deployment Status Summary Page

Figure 15-2 shows the Status Summary page, which you access from the Deployment tab.

Figure 15-2 Status Summary Page

 
Element
Description
1

User

Lists the name of the user performing the deployment.

2

Devices

Displays the number of devices being deployed.

3

State1

Shows the state of the deployment in which you are working. Options are:

Deploying—Deployment is in progress.

Deployed—Deployment was successful.

Deploy Error(s)—Deployment resulted in errors.

4

Start time

Shows the date and timestamp of deployment.

5

Deployment action buttons2

Performs the following actions:

Refresh—Refreshes table.

Status—Opens a popup window that displays detailed status for the selected deployment.

Stop—Stops the deployment operation associated with a selected row in the table.

1 See Understanding Deployment States.

2 Deployment buttons are grayed-out depending upon the state of the action that is being performed.


Deploying Saved Configurations

Step 1 Select Deployment > Deploy Saved Changes.

The Deploy Saved Changes page appears.

Step 2 Select the devices for which to deploy the most recent saved configurations.

Step 3 Click Deploy.

The Deployment Status popup window appears ( Figure 15-3).

Step 4 Verify that the status for each device is shown as completed and the deployment method is correct.

Tip If deployment for a device is unsuccessful, see the Details column of the Deployment Status table for deployment error information.

Step 5 To view the configuration for a device in the table, click the View Config link located in the Detail Information column.

A popup window displays the configuration.

Step 6 Verify the configuration contents, then close the window.

You return to the Deployment Status window.

Step 7 Click Close.

The Status Summary page displays the status of the deployment.

Understanding the Deployment Status Popup Window

Figure 15-3 shows the Deployment Status Popup window.

Figure 15-3 Deployment Status Popup Window

 
Element
Description
1

Name

Lists the name of the device for which the configuration is being deployed.

2

Status

Shows the deployment:

Completed—Configuration was deployed successfully

Deploying—Configuration is being deployed.

Failed—Configuration deployment was unsuccessful.

Waiting—Configuration deployment is waiting for user interaction.

3

Deploy Method

Shows the deployment method.

Direct to device.

To file.

To an AUS.

4

Details

Displays details about the configuration deployment.

5

Action buttons

Performs the following actions:

Refresh—Refreshes the page.

Close—Closes the browser.

6

View Transcript link

Displays information about the communications to the device.

Note Available when you are deploying directly to a device.

7

View Config link

Opens a popup window that displays the configuration file in read-only mode.


Managing Deployment With Workflow Enabled

Many organizations benefit from separating responsibility for defining, implementing, and deploying corporate firewall policies. For example, a security administrator might be responsible for defining a device configuration file, another administrator for approving the configuration file, and a network operator for deploying the resulting configuration to a device. This separation of responsibility helps maintain the integrity of deployed device configurations.

Firewall MC supports this separation of responsibility using activities and jobs, which define tasks that are accomplished by one or more people in succession.

Note You can set up Firewall MC to require formal approval for both activities and jobs. Approval is disabled by default, but you can select Admin > Workflow Setup to enable it.

Using the Workflow Tab

From the Workflow tab, you can view the Activity Management table and Job Management table. The Activity Management table allows you to create activities that help you identify and control policy changes. When you create a new activity, you are preparing a proposal to create or change firewall device configurations. For more information, see Using Activity Management.

After an activity is approved, the corresponding configuration elements can be downloaded to several devices in the form of a job. A job identifies devices to which configuration files will be deployed. When workflow is enabled, you must select a job to deploy configurations. To access the jobs feature, select Workflow  > Job Management.

Using Job Management

A job represents a set of configuration files to be deployed to devices, configuration files, or an AUS. After you define a job, you can submit it for approval.

A job identifies a set of devices and new configuration files for downloading and defines a method for deployment. After you define a job, you submit it for approval. After approval, it is ready for deployment.

When you identify and approve a job for deployment, you must select activities that are associated with the job. When you select an activity for deployment in the wizard, then select a device, you might see other activities associated with the job that you did not select. This behavior is expected. Any approved activity that includes changes for the device is used to generate the commands.

Understanding Job Actions and States

Firewall MC keeps a history of actions made with each job, from creating a job to deploying a job. You also have the option of canceling a job, which cancels a job that is being deployed. The Job Management table shows the most recent action state in the Last Action column. Also included are the job name, job state, username, and devices affected by the job.

Figure 15-4 shows the Job Management table. Approval is enabled. As a result, additional buttons (Submit and Reject) are displayed that would otherwise not be visible. Job buttons are grayed-out depending upon the state of the job that you select.

Figure 15-4 Job Management Table

 
Element
Description
1

Job column

User-defined job name.

2

Devices column

Devices identified by the job.

3

State column

State of the job in which you are working.

4

Opened by column

Username of person associated with most recent state.

5

Last Action column

Date and timestamp of most recent state.

6

Action buttons

See Table 15-3 for descriptions of action buttons.


Table 15-3 lists Job Management action buttons and their descriptions.

Table 15-3 Job Management Action Buttons 

Button1 ,2
Description

Refresh

Manually refreshes table, for example, if a job moved from STATUS_WORKING to STATUS_COMPLETED. Table refreshes automatically every 60 seconds.

Status

Opens a popup window showing detailed status of a selected job.

Add

Adds a new job to Job Management table.

Open

When job is in Edit, Submitted, or Rejected state, opens job.

Submit

Visible when approval is enabled. Notifies person with approval authority that job is ready for review. Changes job state to Submitted.

Approve

When approval is disabled, button is used by the person who created the job to approve the job. When approval is enabled, button is used by the person with approval authority to approve the job. Changes job state to Approved.

Reject

Visible when approval is enabled. The button is used by the person with approval authority to reject the job. Changes job state to Rejected.

Deploy

Deploys job. Changes job state to Deploying while in process, then Deployed when process is completed.

Rollback

Starts the rollback wizard, which allows you to write the previous configuration files for devices deployed in this job. This allows you to quickly restore the previous configuration for a device in case of an errant deployment. Changes job state to Rolling Back while in process, then Rolled Back when process is completed.

Cancel

Cancels deployment or rollback.

1 Job buttons are grayed-out depending upon the state of the job that you select.

2 Job buttons vary depending upon whether your formal approval process is enabled or disabled.


A job can have the following states:

Edit—The job can be edited. The job can be opened or closed any number of times while it is in the Edit state. The job can be opened and submitted from the Edit state.

Submitted—The job is submitted for review from the Edit state. The job can no longer be edited; no further configuration changes can be made within the job. The job can be opened, approved, and rejected from the Submitted state.

Approved—The job was approved by a person with approval authority from the Submitted_Open state. The activities defined within the job are now committed policy configurations. The job can be opened and deployed from the Approved state.

Rejected—The job was rejected by a person with approval authority from the Submitted_Open state. The job remains in the rejected state until it is reopened for editing purposes or until it is automatically purged by the system. The job can be opened from the Rejected state.

Deployed—The job was deployed from the Approved state. The job can be rolled back from the Deployed state.

Deploying—The job is deploying configuration files to selected devices within the job. Deployment can be canceled from the Deploying state.

Deploy Error(s)—A problem occurred with one or more devices in the job. Select the job, then click Status for more information about the errors.

Rolling Back—The job is rolling back selected devices within the job. Rollback can be canceled from the Rolling Back state.

Rolled Back—The devices identified within the job were rolled back to the previously deployed configuration files.

Rollback Error(s)—A problem occurred when rolling back one or more devices in the job. Select the job, then click Status for more information.

Adding a Job

After an activity is approved and committed, you must create a job to deploy the updated configurations to devices.

Note The job comprises the results of all committed activities. You cannot deploy a partial set of committed activities.

Step 1 Select Workflow  > Job Management.

The Job Management page appears.

Step 2 Click Add.

The Job Name page appears.

Step 3 Enter a user-defined job name.

Step 4 Enter an optional comment in the Description field.

Step 5 Click Next.

The Select Activities page appears.

Step 6 Select the activities to assign to the job.

Step 7 Click Next.

The Select Devices page appears.

Step 8 Select or deselect any additional devices to add or remove from this job.

Step 9 Click Next.

The Review Devices page lists the activities that will be deployed to each device.

Note All approved activities that have not already been deployed to a device must be deployed when a device is included in a job.

Step 10 From the Review Devices page:

a. If you haven't already done so, select a device from the Name column, then click View Config to view configuration file information. Close the window after viewing the file.

b. With the same device selected, click Deploy Type. A popup window opens from which you make your selection.

c. Select the deployment type, then click OK. See Setting a Deployment Type, page 3-23.

d. Repeat the steps for each device to be set for deployment.

Step 11 Click Next.

The Job State Change page appears.

Step 12 From the Job State Change page, do one of the following:

If you have the needed permissions and approval is disabled:

a. Select the Deploy on Finish check box.

b. Click Next.

c. The job summary page appears. Go to Step 13.

If approval is enabled:

a. Select the Submit on Finish check box.

b. Enter the email addresses of persons with approval authority in the Approver(s) email field.

c. Enter any optional comments.

d. Click Next.

e. The job summary page appears.

Step 13 Verify the information is correct, then click Finish.

You return to the Job Management table.

If you selected the Submit on Finish check box in the Job State Change page, the job is automatically submitted to the reviewer for approval. The job state is shown as Submitted in the State column. Updated information is shown in the Last Action column.

If you did not select the Submit on Finish check box in the Job State Change page and you are required to submit a job for approval, do so now. See Submitting a Job for Review (Approval Process Enabled).

If you selected the Deploy on Finish check box in the Job State Change page, the job state is shown as Deploying in the State column. Upon completion of the deployment, the State column displays Deployed. For more information, see Deploying a Job.

Note If the state shows Deploy Error(s), there was a problem with one or more devices in the job. Select the job, then click Status for more information about the errors.

Tip If you are deploying directly to a device, you can select a device, then click View Transcript to view information about the communications to the device.

Table 15-4 describes the elements on the Job Management page.

Table 15-4 Job Management 

Element
Description

Job Description column

User-defined description that identifies job.

Devices column

Devices to which job is deployed.

State column

Edit

Generate

Generate_Open

Rejected

Submitted

Deployed

Deploying

Deploy Error(s)

Rolled Back

Rolling Back

Rollback Error(s)

Note See Understanding Job Actions and States.

Opened By column

Shows username for most recent state.

Last Action column

Shows timestamp for most recent state.

Name

User-defined name associated with job.

Description

Optional field to add descriptive job information.

Activity column

User-defined list of approved activities that have not been fully deployed.

Approved column

Timestamp noting approval status.

All tab

Displays all devices and groups in hierarchy.

Selection tab

Highlights currently selected devices in All tab.

Name column

Lists devices associated with activity.

Activities column

Activity names assigned to job.

Deploy Type column

Defines method by which configuration files will be deployed.

Reviewing Devices Wizard Page

View Config button

Displays configuration file information for each device identified in job. Includes caveats (if any) at beginning of file and inline, and caveat summaries at end of file.

Deploy Type button

Opens a popup window that displays methods for deployment.

Note If you are deploying to a file, click Browse to navigate to the file.

Remove button

Removes a device from the table.

Note If you have only one device set for deployment, you cannot remove it.

Changing Job State Wizard Page

Submit on finish check box

Used to automate submit action when clicking Finish from wizard summary page. Changes job to next state.

Note The check box is visible when you are preparing to submit a job.

Deploy on finish check box

Used to automate deploy action when clicking Finish from wizard summary page. Select this check box if you have permission to deploy a job. Changes job to next state.

Note The check box is visible when you are preparing to approve a job.

Approver(s) email

Field to enter email address of person with approval authority. Multiple addresses are allowed using comma or space delimiters.

Note The approver's email field is used when approval is enabled.

Comment

Optional field to add related comments when a job is submitted.


Submitting a Job for Review (Approval Process Enabled)

After you define a job, you can submit it for review and approval. If the job is approved, it is forwarded for deployment. If the job is rejected, you can modify it, then resubmit it for approval.

If the job is rejected, the approved activities and configuration files associated with the job remain unchanged.

Note The review and approval feature is disabled by default, but you can enable the feature if your organization requires formal approval. See Requiring Formal Approval, page 3-9.

Step 1 Select Workflow  > Job Management.

The Job Management page appears.

Step 2 Select the job to submit for approval.

Step 3 Click Submit.

Approving or Rejecting a Job (Approval Process Enabled)

Only a person with approval authority can approve a job if approval is enabled. After an job is approved, however, it cannot be changed. If content changes are required, you must create a new job to replace it.

A job can be rejected for several reasons. Perhaps configuration information needs changes. If a job is rejected, you can revise it, then resubmit for approval.

Although the job was rejected, the approved activities and configuration files associated with the job remain unchanged.

Note The review and approval feature is disabled by default, but you can enable the feature if your organization requires a formal approval process. See Requiring Formal Approval, page 3-9.

Step 1 Select Workflow > Job Management.

The Job Management page appears.

Step 2 Select the job to approve or reject.

Step 3 Do one of the following:

Click Approve to approve the job.

Click Reject to reject the job.

You are prompted to enter an optional activity transit comment.

Step 4 Enter the optional information, then click OK.

You return to the Job Management table with Approved or Rejected displayed in the State column. Updated information is noted in the Last Action column.

Deploying a Job

After a job is approved, the final stage is to deploy.

Note If the deployment fails, you can roll back to the previously deployed configuration files. See Configuring Rollback.

Before You Begin

Make sure the job is in the Approved state.

Step 1 Select Workflow > Job Management.

The Job Management page appears.

Step 2 Select the job to deploy.

Step 3 Click Deploy.

You are prompted for a comment.

Step 4 Enter optional information in the field provided, then click OK.

A status popup window opens. The window is refreshed automatically every 60 seconds. You can click Refresh to update the status manually.

Step 5 Close the window after you view the contents,

You return to the Job Management table. The job state for the job being deployed is shown as Deploying in the State column. Upon completion of the deployment, click Refresh in the Job Management table to update the state from Deploying to Deployed.

Note If the state shows Deploy Error(s), a problem occurred with one or more devices in the job. Select the job, then click Status for more information about the errors.

Tip If you are deploying directly to a device, you can select a device, then click View Transcript to view information about the communications to the device.

Opening an Existing Job

Step 1 Select Workflow > Job Management.

The Job Management page appears.

Step 2 Select the job to edit, then click Open.

The Job Name page appears.

You are now ready to edit job settings.

Configuring Rollback

Note Before you can access the rollback feature, you must enable workflow. To do this, select Admin > Workflow Setup.

After you deploy a configuration, you might need to disregard the deployment and revert to the previous configuration file. Perhaps the deployment was not successful, or you simply want to revert to the previous configuration settings for certain devices. To do this, you can roll back to a previous configuration.

The rollback feature allows you to write the last good configuration files for some or all devices within a job. The configuration files are stored in the directory you specify in the rollback wizard. To access this feature, select Workflow > Job Management.

You do not need to submit a rollback request for approval (if the job approval feature is enabled); however, you must have the needed permissions to initiate the rollback.

Step 1 Select Workflow > Job Management.

The Job Management page appears.

Step 2 Select the job for which you want to roll back deployment. The job state should display Deployed or Deploy Error(s) in the State column.

Step 3 Click Rollback.

The Rollback Comment page appears.

Step 4 Enter the rollback comment in the field provided. The text string can be up to 235 characters.

Step 5 Click Next.

The Select Devices page appears.

Step 6 Select the devices to roll back to the previously deployed configuration file from the list of devices scheduled for job deployment.

Note If you selected a device that does not have a previous configuration file, an error message is displayed. You must deselect the device to continue the rollback.

Step 7 Click Next.

The Rollback Directory page appears.

Step 8 Verify the rollback directory path. This is the directory to which the configuration files are written.

You can click Browse to open a popup window for directory path information. The default directory paths are:

For Windows 2000: c:\Program Files\CSCOpx\MDC\PIXMC\rollback

For Solaris: /opt/CSCOpx/MDC/PIXMC/rollback

Note If you set a different directory location, we recommend that you not use the directory in which the previously deployed files reside to avoid the risk of overwriting good files.

If you set a different directory location, make sure it is a secured directory.

Step 9 Click Next.

The job summary page appears.

Step 10 Verify the information, then click Finish.

Rollback begins and you return to the Job Management table. The job selected for rollback displays the message Rolling Back in the State column.

Step 11 Click Finish.

The refresh rate occurs automatically every 60 seconds; however, you can click Refresh to update the display manually. When the rollback is complete, the message Rolled Back is displayed in the State column and the rollback configuration is placed in the specified directory path.

Step 12 To update the configuration on a firewall device with the rollback configuration:

Caution Applying the rollback configuration to the firewall device causes the device and Firewall MC to lose synchronization. In other words, the information in Firewall MC still represents the state of the firewall device before the rollback. You should use the rollback procedure as a way to quickly correct a configuration that is not secure or blocks required traffic. However, you must remember to make the required corrections to the firewall device's configuration in Firewall MC and then deploy the corrected configuration using Firewall MC to restore synchronization.

a. Copy the rollback configuration file to a TFTP server.

Note This procedure assumes the TFTP server is located on the inside.

b. Enter the configure terminal command to enter configuration mode on the PIX Firewall.

c. Enter the clear configure all command to clear the previous configuration.

d. Enter the ip address inside ip_address [netmask] command to configure the IP address on the inside interface.

e. Enter the route inside ip_address netmask gateway_ip [metric] command to configure a static route to the TFTP server.

f. Enter the configure net [[location]:[filename]] command to retrieve the configuration from the TFTP server. [location] is the IP address or name of the TFTP server, and [filename] is the path and name of the rollback configuration file on the TFTP server.

g. Verify the configuration.

h. Enter the write memory command to save the configuration.