What is an Adaptive Security Appliance (ASA)?
The Cisco ASA provides advanced stateful firewall and VPN concentrator
functionality in one device as well as integrated services with
add-on modules. The ASA includes many advanced features, such as
multiple security contexts (similar to virtualized firewalls),
clustering (combining multiple firewalls into a single firewall),
transparent (Layer 2) firewall or routed (Layer 3) firewall
operation, advanced inspection engines, IPsec VPN, SSL VPN, and
clientless SSL VPN support, and many more features. ASAs can be
installed on virtual machines or supported hardware.
What is an ASA Model?
An ASA model is a copy of the running configuration file of an ASA device
that you have onboarded to CDO. You can use an ASA model to analyze
the configuration of an ASA device without onboarding the device
itself.
When is a device Synced?
When the configuration on CDO and the configuration stored locally on the
device are the same.
When is a device Not Synced?
When the configuration stored in CDO was changed and it is now different
that the configuration stored locally on the device.
When is a device in a Conflict Detected state?
When the configuration on the device was changed outside of CDO
(out-of-band), and is now different than the configuration stored on
CDO.
What is an out-of-band change?
When a change is made to the device outside of CDO. The change is made
directly on the device using CLI command or by using the on-device
manager such as ASDM or FDM. An out-of-band change causes CDO to
report a "Conflict Detected" state for the device.
What does it mean to deploy a change to a device?
After you onboard a device to CDO, CDO maintains a copy of its
configuration. When you make a change on CDO, CDO makes a change to
its copy of the device's configuration. When you "deploy" that
change back to a device, CDO copies the changes you made to the
device's copy of its configuration. See these topics:
What ASA commands are currently supported?
All commands. Click the Command Line Interface
link under Device Actions to use the ASA CLI.
Are there any scale limitations for device management?
CDO's cloud architecture allows it to scale to thousands of devices.
Does CDO manage Cisco Integrated Services Routers and Aggregation
Services Routers?
CDO allows you to create a model device for ISRs and ASRs and import its
configuration. You can then create templates based on the imported
configurations and export the configuration as a standardized
configuration that can be deployed to new or existing ISR and ASR
devices for consistent security.
Can CDO manage SMA?
No, CDO does not currently manage SMA.