8-64
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 8 Managing Deployment
Rolling Back Configurations
Commands that Can Cause Conflicts after Rollback
The following commands can potentially cause conflicts after rollback is performed:
http server enable port
http ip_address net_mask interface_name
Applicable only to security contexts (not the system execution space).
allocate-interface {physical_interface | subinterface} [map_name] [visible | invisible]
Applicable only to the system execution space under the context subcommand.
config-url diskX:/path/filename
Applicable only to the system execution space under the context subcommand.
join -failover-groupgroup_number
Applicable only for active/active failover and only to the system execution space under the context
subcommand. The failover group defaults to group 1 if not specified.
failover
Applicable only to the system execution space. Enabling failover causes configuration
synchronization to trigger between peers.
failover lan enable
Applicable only to the system execution space. If this command is omitted, this implies serial cable
failover on a PIX platform or warrants an incomplete failover configuration warning on ASA and
FWSM.
failover lan unit {primary | secondary}
Applicable only to the system execution space. If this command is not specified, both units are
secondary by default. If rollback takes place on the wrong unit, both can become primary, which
impacts which unit becomes active initially.
failover group group_number
Applicable only to the system execution space. This command enables active/active failover. If this
command is omitted, active/standby is enabled.
preempt delay
Applicable only to the system execution space and under the failover group subcommand to force
which failover group becomes active if both units are booted up at the same time, or the primary
does not boot up within the delay specified.
monitor-interface interface_name
Applicable only to security contexts and used to enable health monitoring of critical interfaces. If
this interface is ‘bounced’ or fails, a switchover could occur.
Related Topics
Rolling Back Configurations to Devices Using the Deployment Manager, page8-65
Using Rollback to Deploy Archived Configurations, page8-66
Commands to Recover from Failover Misconfiguration after Rollback, page8-65