Deploy pending changes to a device

When you make any configuration changes, or policy changes on the Manager, or a new/updated signature set is available from McAfee, you must apply these updates to the devices (such as Sensors and NTBA Appliances) in your deployment for the changes to take effect.

Note the following:

• Configuration changes such as port configuration, non-standard ports and interface traffic types are updated regardless of the changes made to the Sensor, interface/ subinterface.

• NTBA configuration updates refer to the changes done in the various tabs of the Devices node. • Policy changes are updated on the Sensor or NTBA Appliance in case of a newly applied policy, or

changes made to the current enforced policy.

• Signature updates contain new and/or modified signatures that can be applied to the latest attacks. You can deploy the configuration changes to all the devices in the admin domain from the Global tab. The navigation path for this is Devices | <Admin Domain Name> | Global | Deploy Pending Changes.

Alternatively, you can deploy the configuration changes at a device level by selecting Devices | <Admin Domain Name> | Devices | <Device name> | Deploy Pending Changes. In this case, the Deploy Pending Changes option is available in the menu only if the device is active.

Configuration of devices using the Manager

Task

1 Select Devices | <Admin Domain Name> | Global | Deploy Pending Changes. The Deploy Pending Changes page is displayed.

Figure 6-9 Deploy Pending Changes page 2 Click Deploy.

The Manager processes these updates in three stages — Queued, Deploying, Completed — and displays the current stage in the Status Column.

Figure 6-10 Configuration update

6

Status Description

Queued The Queued status indicates that the Manager is preparing to deploy updates to the devices. If more than one device is being updated, devices are updated one at a time until all downloads are complete. If you want to cancel the updates for certain devices, click the X. Consider the following:

• The deployment of the configuration changes or signature file updates can be cancelled for bulk updates only.

• Updates cannot be cancelled when deployed for individual devices.

• After you click Deploy, wait for five seconds before you start cancelling the updates for devices.

• Once cancelled, the checkbox is deselected, suggesting that the update was cancelled. There is no status change to indicate the cancellation of an update.

Deploying In this state, the configuration changes are applied to the devices. There is no option to abort the update process for devices in which the deployment of updates are already in progress. When the deployment is cancelled for any device, the item will still be

selected for future updates unless it is explicitly deselected.

Completed Shows that all the configuration changes have been updated for the devices.

3 Click Offline Update Files to view and export the deployment changes file to offline Sensors. The changes can then be deployed to the Sensors manually using the CLI command window.

4 Click Refresh to refresh the page and the status of the deployment.

5 Click Clear Status to clear the status column in the UI.

Clearing the status does not cancel the deployment. The update process will be running in the background.

See also

Possible actions from the device list nodes on page 71 Configuration of devices using the Manager on page 4

Deploy pending changes to a device

When you make any configuration changes, or policy changes on the Manager, or a new/updated signature set is available from McAfee, you must apply these updates to the devices (such as Sensors and NTBA Appliances) in your deployment for the changes to take effect.

Note the following:

• Configuration changes such as port configuration, non-standard ports and interface traffic types are updated regardless of the changes made to the Sensor, interface/ subinterface.

• NTBA configuration updates refer to the changes done in the various tabs of the Devices node. • Policy changes are updated on the Sensor or NTBA Appliance in case of a newly applied policy, or

changes made to the current enforced policy.

• Signature updates contain new and/or modified signatures that can be applied to the latest attacks. You can deploy the configuration changes to all the devices in the admin domain from the Global tab. The navigation path for this is Devices | <Admin Domain Name> | Global | Deploy Pending Changes.

Alternatively, you can deploy the configuration changes at a device level by selecting Devices | <Admin Domain Name> | Devices | <Device name> | Deploy Pending Changes. In this case, the Deploy Pending Changes option is available in the menu only if the device is active.

Configuration of devices using the Manager

Task

1 Select Devices | <Admin Domain Name> | Global | Deploy Pending Changes. The Deploy Pending Changes page is displayed.

Figure 6-11 Deploy Pending Changes page

The columns in the table are as follows:

Fields Description

Device Name Unique name of each device

Last Update Last day and time device configuration was updated.

Updating Mode Online or offline update mechanism selected for the device.

Pending Changes Summary of changes that have been made

Deploy A selected checkbox indicates that the device is to be updated for any configuration change other than those related to SSL key management. This check-box will include updates for configuration and signature set, botnet detectors, and Gateway Anti-Malware.

Status Displays the status of the Sensor during update

2 Click Deploy.

6

The Manager processes these updates in three stages — Queued, Deploying, Completed — and displays the current stage in the Status Column.

Figure 6-12 Configuration update Status Description

Queued The Queued status indicates that the Manager is preparing to deploy updates to the devices. If more than one device is being updated, devices are updated one at a time until all downloads are complete. If you want to cancel the updates for certain devices, click the X. Consider the following:

• The deployment of the configuration changes or signature file updates can be cancelled for bulk updates only.

• Updates cannot be cancelled when deployed for individual devices.

• After you click Deploy, wait for five seconds before you start cancelling the updates for devices.

• Once cancelled, the checkbox is deselected, suggesting that the update was cancelled. There is no status change to indicate the cancellation of an update.

Deploying In this state, the configuration changes are applied to the devices. There is no option to abort the update process for devices in which the deployment of updates are already in progress. When the deployment is cancelled for any device, the item will still be

selected for future updates unless it is explicitly deselected.

Completed Shows that all the configuration changes have been updated for the devices.

3 Click Offline Update Files to view and export the deployment changes file to offline Sensors. The changes can then be deployed to the Sensors manually using the CLI command window.

4 Click Refresh to refresh the page and the status of the deployment.

5 Click Clear Status to clear the status column in the UI.

Clearing the status does not cancel the deployment. The update process will be running in the background.