Read configuration changes from an ASA to Security Cloud Control

Why does Security Cloud Control "Read" ASA configurations?

To manage an ASA, Security Cloud Control must have its own copy of the ASAs running configuration file. Security Cloud Control reads and saves a copy of the device configuration file for the first time during device onboarding. When Security Cloud Control reads a configuration from an ASA, you can choose to Check for Changes, Accept without Review, or Read Configuration. For more information, refer to Reading, Discarding, Checking for, and Deploying Configuration Changes.

Security Cloud Control also needs to read an ASA configuration in these circumstances:

• When deployment of configuration changes to the ASA fails and the device state is not listed or Not Synced.

• When device onboarding fails and the device state is No Config.

• When changes are made to the device configuration outside of Security Cloud Control and those changes have not yet been polled or detected. In this case, the device state is Synced or Conflict Detected.

In these cases, Security Cloud Control needs a copy of the last known configuration stored on the device.