8-13
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter8 Managing Deployment
Understanding Deployment
Before you deploy configurations, you might want to detect whether there are out of band changes on a
device and analyze whether you want to recreate those changes in Security Manager policies, or allow
Security Manager to overwrite the changes. For more information, see Detecting and Analyzing Out of
Band Changes, page 8-46.
Related Topics
Deploying Directly to a Device, page 8-9
Deploying to a Device through an Intermediate Server, page 8-10
Deploying to a File, page 8-11
Handling Device OS Version Mismatches
Before deploying a changed configuration file directly to a device, Security Manager normally uploads
the current running configuration file from the device and checks the OS version running on the device
with the OS version stored in the Security Manager database (you can configure it so that the archived
configuration is used instead of the configuration from the device). Security Manager takes action
depending on whether the OS versions match or differ from each other.
In some cases, Security Manager deploys the configuration and issues a warning, but in other cases,
Security Manager cannot deploy the configuration. Security Manager deploys the configuration when:
The device has a newer minor version, for example, ASA 8.1(2) instead of the 8.1(1), indicated in
Security Manager.
The device has a down-level minor version, for example, ASA 8.1(1) instead of 8.1(2).
Security Manager does not deploy the configuration when the device is running a new major version of
the OS (for example, ASA 8.0 instead of the 7.2 indicated in Security Manager) or if the device is
running a down-level major version (7.2 instead of 8.0).
The following table lists the possible actions Security Manager takes depending on the whether the OS
versions match or differ from each other. The table uses the ASA device as an example; however, the
actions apply to all supported device types.
Table8-5 Deployment Action Based on OS Version Match or Mismatch
Scenario
OS Version in
Security Manager
Database
OS Version On
Device
OS Version Used In
Deployment Action
Versions match ASA 8.2(1) ASA 8.2(1) ASA 8.2(1) Deployment
proceeds with no
warnings.