Verify the Deployed Configuration
After you deploy a FlexConfig policy to a device, verify that the deployment was successful and that the resulting configuration is what you expected. Also, verify that the device is performing as expected.
Procedure
Step 1 | To verify that deployment was successful: |
Step 2 | Verify that the deployed configuration includes the expected commands. You can do this by making an SSH connection to the device's management IP address. Use the show running-config command to view the configuration. Alternatively, use the CLI tool within Cisco Defense Orchestrator. |
Step 3 | Verify that the device is performing as expected. Use the show commands related to the feature to see detailed information and statistics. For example, if you enabled additional protocol inspections, the show service-policy command provides this information. The exact commands to use are feature-dependent and should be mentioned in the ASA configuration guide and command reference you used to learn how to configure the feature. If commands that show statistics indicate that numbers are not changing (for example, hit counts, connection counts, and so forth), the configuration might be valid but not meaningful. If you know that traffic is going through the device that should show up in statistics, look for what is missing in your configuration. For example, NAT or access rules might be dropping or changing traffic before a feature can act on it. You can use the show commands from an SSH session or through the Cisco Defense Orchestrator CLI tool. However, if the show command that you need to use is not available directly within the FTD CLI, you will need make an SSH connection to the device to use the commands. From the CLI, enter the following command sequence to enter Privileged EXEC mode within the diagnostic CLI. From there, you should be able to enter these otherwise unsupported show commands.
|