Cisco
Login
Search
Software Secure Firewall Threat Defense
Platform Secure Firewall Threat Defense Virtual
Activity Onboard

Onboard Devices to Cloud-Delivered Firewall Management Center Device Settings Edit Health Settings Out-of-Band Configuration Detection Acknowledge the Out-of-Band Configuration

Last updated: Jul 29, 2025

Acknowledge the Out-of-Band Configuration

When the Firewall Management Center detects an out-of-band configuration change on a device, you must acknowledge the changes and match the configuration within the Firewall Management Center that you want to keep. Until you acknowledge the changes, deployment will be blocked.

Procedure

1

Open the Out-of-Band configuration details dialog box.

Out-of-Band Configuration Details
Figure 1: Out-of-Band Configuration Details

 

Some commands, when set to a default setting, don't appear in the command output. However, the non-default command will show on either side as green (added) or red (removed). For example, if you add no shutdown to an interface in recovery-config mode, the shutdown command will show in red on the left Last-deployed configuration pane while no shutdown will not appear in the right Configuration on device pane. In this case, although the default setting for an interface is shutdown , the parser considers no shutdown to be the default and doesn't show it.

You can open the dialog box from multiple locations. For example, on the Devices > Device Management page, your device will have a warning. Click View Details.

Device Management Warning
Figure 2: Device Management Warning

Or, from the Devices > Device Management > Device > Health tile, you can click View Details.

Health Out-of-Band Status
Figure 3: Health Out-of-Band Status

 

If the out-of-band notification hasn't yet reached the Firewall Management Center, you can check for changes using the Out of Band Status > Check Latest Status link.

2

Click Download PDF Report so you can refer to the configuration changes you need to make after you close the dialog box.

Or you can bring up the dialog box at any time to review the changes.
3

Click Acknowledge, and then Yes.

Acknowledge
Figure 4: Acknowledge

If you want to prevent an accidental deployment until after you've made your configuration changes, you can instead make the changes and then come back and click Acknowledge.
4

Click Close on the Out-of-Band configuration details dialog box.

You can still revisit the dialog box to review the changes you need to make until you deploy. The status on the Device page changes to show you have acknowledged the out-of-band configuration:

Acknowledged Status
Figure 5: Acknowledgement Status
5

Make the configuration changes that you made at the CLI.

You'll need to match the configuration CLI to Firewall Management Center screens; there aren't links from the CLI changes directly to screens.

If you don't want to keep your changes, you can simply deploy and overwrite the device configuration. You should make all necessary changes to maintain the management connection as well as any other changes you want to keep. For example, if you changed the IP address at the CLI, you need to go to the Interfaces page, edit the interface, and set that IP address to match:

Match the IP Address Change
Figure 6: Match the IP Address Change

There is no checking mechanism that you made the same change; you could set the IP address differently if you want.
6

Deploy configuration changes.

After you deploy, you can view the configuration differential—whether you made the changes or not—on the System (system gear icon) > Monitoring > Audit page. Check for the subsystem called Device > Device Management > Out of band changes.
Previous topic Access Recovery-Config Mode in the Diagnostic CLI Next topic Edit Management Settings