Deploy configuration changes from Security Cloud Control to ASA

Why does Security Cloud Control deploy changes to an ASA?

When you manage and make changes to a device configuration with Security Cloud Control, Security Cloud Control saves those changes to its own copy of the configuration file. Those changes are considered staged on Security Cloud Control until they are deployed to the device. Staged configuration changes have no effect on the network traffic running through the device. Only after Security Cloud Control deploys the changes to the device do they have an effect on the traffic running through the device. When Security Cloud Control deploys changes to the device's configuration, it only overwrites those elements of the configuration that were changed. These actions do not overwrite the entire configuration file on your device.

The ASA has a running configuration file (sometimes called the running config) and a startup configuration file (sometimes called the startup config). The configuration stored in the running config file is enforced on traffic passing through the ASA. After you change the running config and confirm the device behaves as you want, deploy those changes to the startup config. When you reboot the ASA, it starts using the startup config as its configuration starting point. If you do not save your changes to the startup config, you lose them when you reboot the ASA.

Deploying changes from Security Cloud Control to an ASA writes those changes to the running configuration file. When you are satisfied with how those changes affect the device, deploy them to the startup configuration file.

You can start deployments for one device or several devices simultaneously. You can schedule single or recurring deployments for a device.

Some changes are deployed directly to the ASA

If you use the command line interface on Security Cloud Control to make a change to an ASA, those changes are not staged on Security Cloud Control. They are deployed directly to the running configuration of the ASA. When you make changes that way, your device remains synced with Security Cloud Control.