How long am I expected to wait for NSM to deploy minor changes to firewall?
Larry
All-Knowing Sage ✭✭✭✭
I want to provide feedback to Mozilla about the Firefox 89 release (specifically that the chrome no longer matches the default colors of Windows).
To do that, I have to create a Crowdicity account. The confirmation link takes me to an Amazon site in the UK. I have GeoBlocking enabled for the UK, so I can't get there.
I logged into NSM, created the Address Object, updated the Address Group, and then issued the Commit.
I'm now at 5 minutes waiting for these instructions to update the device.
How much longer am I expected to wait?
Category: Network Security Manager
0
Answers
Updated to ask the following:
Where do I go to determine what caused this to fail?
Am I now forced to go back to "normal" and update the device directly (and usurp the Config mode)?
If you go back to Manager View in NSM then Config Management \ Commits you can drill down to failures. If NSM does not deploy the change it does not mean you have to go back to 'normal' management if you can wait for support to figure out what went wrong. If you have to implement ASAP I would suggest usurping NSM to get the change done. You can then force NSM to sync from the firewall.
That would be done in Manager View \ Firewalls \ Inventory. The firewall will show as 'unmanaged', open the [=] menu and select Synchronize Firewall.
FYI, one failure related to an IP address change on the X0 interface via NSM took support months to supposedly fix. I haven't tried that operation again yet though.
I don't normally look at the Comit process. I just kick it off and close the browser. I expect the process to continue to work in the background.
But I looked at the list of "sync" discrepancies between NSM and Local and it seems that this hasn't been working for a long time, which is probably why this commit failed.
I'm guessing (because there is no solid documentation on this) that I have to remove the firewall from NSM, make sure all of my changes are backed up, then add it back to NSM and force the sync.
Because the last thing in the world I want to do is sync up and find that the process didn't MERGE the differences, but that the cloud settings completely overwrote the local settings.
Now to spend an hour (or two) with Support to see if that's the case.
I don't think you have to remove the firewall from NSM. Make a backup in local management, then go to NSM and force the sync. I had to do this recently after making a local change to an NSM managed device. As described the device was listed in NSM as unmanaged, so I forced the sync and everything was back to normal. NSM sync'd from the device.
Agreed, documentation is not clear.
I do have complaints about what NSM considers as configuration differences. Sometimes a device will become unmanaged because the config difference is a discrepency between the last known uptime, boot time, etc. A variable and has nothing to do with the actual configuration!
Unfortunately my device is listed as "Managed" and the list of discrepancies is HUGE!
Opened Case 43705127 to see if someone knows the best means of getting this resolved.
Just by way of an update, the case is in "Waiting on Engineering" status.
Following several discussions with NSM project managers, the entire sync process is going to be reviewed, and hopefully be revamped in a future release. I pointed out that there's no telling exactly what discrepancies exist (the compare is awful) and there's no available report of actions taken which most sites would want as documentation (in case of fallback).
@EnaBev a little help here wouldn't hurt
Hi @TKWITS,
Thanks for reaching out.
This has been raised with our Engineering team. Any updates will appear on the support case.
Let me know if you have any other questions.