About Deploying Configuration Changes

This section assumes you are using Security Cloud Control's GUI or editing the Device Configuration page, not using Security Cloud Control's CLI interface or CLI macro interface, to make changes to an ASA configuration file.

Updating an ASA configuration is a two-step process.

Procedure

Step 1	Make changes on Security Cloud Control using one of these methods: The Security Cloud Control GUI The device configuration on the Device Configuration page
Step 2	After you make your changes, return to the Security Devices page and then Preview and Deploy... the change to the device.

What to do next

When Security Cloud Control updates an ASA's running configuration with the one staged on Security Cloud Control, or when it changes the configuration on Security Cloud Control with the running configuration stored on the ASA, it attempts to change only the relevant lines of the configuration file if that aspect of the configuration can be managed by the Security Cloud Control GUI. If the desired configuration change cannot be made using the Security Cloud Control GUI, Security Cloud Control attempts to overwrite the entire configuration file to make the change.

Here are two examples:

You can create or change a network object using the Security Cloud Control GUI. If Security Cloud Control needs to deploy that change to an ASA's configuration, it would overwrite the relevant lines of the running configuration file on the ASA when the change occurs.
You cannot create a new local ASA user using the Security Cloud Control GUI but you can create one by editing the ASA's configuration on the Device Configuration page. If you add a user on the Device Configuration page, and you deploy that change to the ASA, Security Cloud Control will try to save that change to the ASA's running configuration file by overwriting the entire running configuration file.