8-61
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter8 Managing Deployment
Rolling Back Configurations
Related Topics
Rolling Back Configurations to Devices Using the Deployment Manager, page8-65
Using Rollback to Deploy Archived Configurations, page8-66
Understanding Rollback for Devices in Multiple Context Mode
If the configuration of the system execution space to which you are rolling back specifies connectivity
options to security contexts (for example, vlan config) and there is a mismatch between the configuration
selected for rollback and the current running configurations of the security contexts, Security Manager
might not be able to connect to the security contexts. In such cases. we recommend that you roll back
configurations for the security contexts before rolling back a configuration for the system execution
space.
If you roll back a configuration for the system execution space of a device in multiple context mode to
one that includes a different set of security contexts, after rollback the security contexts on the device
might not match the security contexts managed by Security Manager that appear in the Device selector.
Related Topics
Rolling Back Configurations to Devices Using the Deployment Manager, page8-65
Using Rollback to Deploy Archived Configurations, page8-66
Commands that Can Cause Conflicts after Rollback, page 8-64
Commands to Recover from Failover Misconfiguration after Rollback, page8-65
Understanding Rollback for Failover Devices
If you roll back a configuration for a security context that contains a failover policy, Security Manager
initially disables failover in the system execution space and both devices become active. After the
rollback is completed, the devices should return to their failover configuration.
If a switchover occurs during rollback or connectivity between the active and standby units is lost, copy
the bootstrap configuration to the standby unit after rollback completes. For more information, see
Bootstrap Configuration for LAN Failover Dialog Box, page49-26.
Related Topics
Rolling Back Configurations to Devices Using the Deployment Manager, page8-65
Using Rollback to Deploy Archived Configurations, page8-66
Commands that Can Cause Conflicts after Rollback, page 8-64
Commands to Recover from Failover Misconfiguration after Rollback, page8-65
Understanding Rollback for Catalyst 6500/7600 Devices
If you roll back a configuration to a Catalyst 6500/7600 device that specifies connectivity options to
service modules (for example, vlan config) and there is a mismatch between the configuration selected
for rollback and the current running configuration, Security Manager might not be able to connect to the
service modules. We recommend that you roll back configurations for the service modules before rolling
back a configuration to the Catalyst 6500/7600 chassis.
Thus, the proper order for performing rollback on Catalyst 6500/7600 devices is:
1. Security contexts.