Filter
Top Products
5-25
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 5 Managing Policies
Discovering Policies
Frequently Asked Questions about Policy Discovery
These questions and answers describe how policy discovery processes your device configurations into
Security Manager policies.
Question: How does policy discovery work?
Answer: After you select the device whose policies, settings, and interfaces (inventory) you want to
discover, Security Manager obtains the running configuration (from live devices) or the supplied
configuration (when discovering from configuration files) and translates the CLI into Security Manager
policies and objects. The imported configuration is added to the Configuration Archive as the initial
configuration for the device. After discovery, you can review the discovered policies and objects and
decide whether to commit them to the database. If you dislike them, you can discard them instead. Please
note that commit and discard affect all discovered devices as a group and cannot be implemented on a
per-device basis.
Question: When should I discover policies?
State
Details
These fields have the same meaning, although different names are used
in the Discovery Details and Import Details tables. The fields describe
the status of the task for the device:
• Device Added—The device was successfully added to the
inventory.
• Device Add Failed—The device was not added to the inventory.
• Discovery Completed—Discovery succeeded and the discovered
policies are added to the Security Manager database.
• Discovery Failed—No polices were discovered because errors
occurred.
Discovered From
(Discovery Details only)
One of the following:
• Live Device—Security Manager contacted the device to obtain
configuration and policy information.
• File—Security Manager obtained the configuration and policy
information from a configuration file.
Messages list The messages generated during the task for the selected device. Select
a message to see detailed information in the fields to the right of the list.
The severity icons have these meanings:
• Error—A problem was detected.
• Warning—A minor problem occurred during discovery.
• Information—An informational message about the selected device.
Description Additional information about the message selected in the message list.
Action The steps you should take to resolve the described problem.
Table 5-4 Policy Discovery Status Page (Continued)
Element Description