Scheduling

The following topics explain how to schedule tasks:

About Task Scheduling

You can schedule various tasks to run at designated times, either once or on a recurring basis.

Tasks are scheduled in UTC on the back end, which means when they occur locally depends on the date and your specific location. Also, because tasks are scheduled in UTC, they do not adjust for Daylight Saving Time, summer time, or any such seasonal adjustments that you may observe in your location. If you are affected, scheduled tasks occur one hour "later" in the summer than in the winter, according to local time.

Some tasks are automatically scheduled or performed by the initial setup process:

  • A one-time task to download and install the latest VDB.

  • A weekly scheduled task to download the latest available software updates and VDB.

You should review the weekly tasks and adjust if necessary. Optionally, schedule new recurring tasks to actually update the VDB and/or software, and deploy configurations.


Important


We strongly recommend you review scheduled tasks to be sure they occur when you intend. Some tasks (such as those involving automated software updates or that require pushing updates to managed devices) may place a significant load on networks with low bandwidths. You should schedule tasks like these to run during periods of low network use. Other tasks, such as deploying configurations, can cause traffic interruptions. You should schedule tasks like these during maintenance windows.


Requirements and Prerequisites for Task Scheduling

Model Support

Any.

Supported Domains

Any

User Roles

  • Admin

  • Maintenance User

Configuring a Recurring Task

You set the frequency for a recurring task using the same process for all types of tasks.

Note that the time displayed on most pages on the web interface is the local time, which is determined by using the time zone you specify in your local configuration. Further, the management center automatically adjusts its local time display for daylight saving time (DST), where appropriate. However, recurring tasks that span the transition dates from DST to standard time and back do not adjust for the transition. That is, if you create a task scheduled for 2:00 AM during standard time, it will run at 3:00 AM during DST. Similarly, if you create a task scheduled for 2:00 AM during DST, it will run at 1:00 AM during standard time.

Procedure


Step 1

Select System (system gear icon) > Tools > Scheduling.

Step 2

Click Add Task.

Step 3

From the Job Type drop-down list, select the type of task that you want to schedule.

Step 4

Click Recurring next to the Schedule task to run option.

Step 5

In the Start On field, specify the date when you want to start your recurring task.

Step 6

In the Repeat Every field, specify how often you want the task to recur.

You can either type a number or click Up (up icon) and Down (down icon) to specify the interval. For example, type 2 and click Days to run the task every two days.

Step 7

In the Run At field, specify the time when you want to start your recurring task.

Step 8

For a task to be run on a weekly or monthly basis, select the days when you want to run the task in the Repeat On field.

Step 9

Give the job a name.

Step 10

Click Save.


Scheduled Backups

You can schedule backups of Secure Firewall Threat Defense devices from the cloud-delivered Firewall Management Center. Note that not all devices support remote backups.

No more than 20 threat defense devices should be scheduled during one job. Backup jobs should be spaced at least 30 minutes apart.

For more information on backups, see Backup/Restore.

Schedule Remote Device Backups

You can use the scheduler oncloud-delivered Firewall Management Center to automate device backups. Note that not all devices support remote backups. For more information, see Backup/Restore.

Procedure

Step 1

Choose System (system gear icon) > Tools > Scheduling.

Step 2

From the Job Type list, select Backup.

Step 3

Specify whether you want to back up Once or Recurring.

Step 4

Enter a Job Name.

Step 5

For the Backup Type, click Device.

Step 6

Select one or more devices.

If your device is not listed, it does not support remote backup.

Step 7

(Optional) Enter a Comment.

Keep comments brief. They will appear in the Task Details section of the schedule calendar page.

Step 8

(Optional) Enter an email address, or a comma-separated list of email addresses, in the Email Status To: field.

Step 9

Click Save.


Automating Policy Deployment

After modifying configuration settings in the management center, you must deploy those changes to the affected devices.


Caution


When you deploy, resource demands may result in a small number of packets dropping without inspection. Additionally, deploying some configurations restarts the Snort process, which interrupts traffic inspection. Whether traffic drops during this interruption or passes without further inspection depends on how the target device handles traffic. See Snort Restart Traffic Behavior and Configurations that Restart the Snort Process When Deployed or Activated.

Procedure


Step 1

Select System (system gear icon) > Tools > Scheduling.

Step 2

Click Add Task.

Step 3

From Job Type, select Deploy Policies.

Step 4

Specify how you want to schedule the task, Once or Recurring:

  • For one-time tasks, use the drop-down lists to specify the start date and time.

  • For recurring tasks, see Configuring a Recurring Task for details.

Step 5

Type a name in the Job Name field.

Step 6

In the Device field, select a device where you want to deploy policies.

Step 7

Select or deselect the Skip deployment for up-to-date devices check box, as required.

By default, the Skip deployment for up-to-date devices option is enabled to improve performance during the policy deployment process.

Note

 
The system does not perform a scheduled policy deployment task if a policy deployment initiated from the management center web interface is in progress. Correspondingly, the system does not permit you to initiate a policy deployment from the web interface if a scheduled policy deployment task is in-progress.

Step 8

If you want to comment on the task, type a comment in the Comment field.

The comment field displays in the Tasks Details section of the schedule calendar page; keep comments brief.

Step 9

If you want to email task status messages, type an email address (or multiple email addresses separated by commas) in the Email Status To: field. You must have a valid email relay server configured to send status messages.

Step 10

Click Save.


Software Upgrade Automation

You can automatically download patches, and apply maintenance releases and patches.

To upgrade managed devices, schedule Download, Push, and Install tasks. Make sure you leave adequate time between the tasks; for example, installations scheduled to occur while a push is still running will fail.

This feature is not supported for major releases. When scheduling upgrades to device groups, the upgrade will run on all grouped devices simultaneously.


Note


As part of the initial configuration, the system schedules weekly downloads. We recommend you review this task and make changes if necessary, as described in Automating Software Downloads. This task only downloads the updates. It is your responsibility to install any updates this task downloads.


Automating Software Downloads

Use this procedure to schedule patch downloads.

Procedure

Step 1

Select System (system gear icon) > Tools > Scheduling.

Step 2

Click Add Task.

Step 3

From the Job Type list, select Download Latest Update.

Step 4

Specify how you want to schedule the task, Once or Recurring:

  • For one-time tasks, use the drop-down lists to specify the start date and time.

  • For recurring tasks, see Configuring a Recurring Task for details.

Step 5

Type a name in the Job Name field.

Step 6

Next to Update Items, check Software check box.

Step 7

If you want to comment on the task, type a comment in the Comment field.

The comment field appears in the Task Details section of the schedule calendar page; keep comments brief.

Step 8

If you want to email task status messages, type an email address (or multiple email addresses separated by commas) in the Email Status To: field. You must have a valid email relay server configured to send status messages.

Step 9

Click Save.


Automating Software Pushes

If you want to automate the installation of software updates on managed devices, you must push the updates to the devices before installing.

When you create the task to push software updates to managed devices, make sure you allow enough time between the push task and a scheduled install task for the updates to be copied to the device.

You must be in the global domain to perform this task.

Procedure

Step 1

Select System (system gear icon) > Tools > Scheduling.

Step 2

Click Add Task.

Step 3

From the Job Type list, select Push Latest Update.

Step 4

Specify how you want to schedule the task, Once or Recurring:

  • For one-time tasks, use the drop-down lists to specify the start date and time.

  • For recurring tasks, see Configuring a Recurring Task for details.

Step 5

Type a name in the Job Name field.

Step 6

From the Device drop-down list, select the device that you want to update.

Step 7

If you want to comment on the task, type a comment in the Comment field.

The comment field appears in the Task Details section of the schedule calendar page; keep comments brief.

Step 8

If you want to email task status messages, type an email address (or multiple email addresses separated by commas) in the Email Status To: field. You must have a valid email relay server configured to send status messages.

Step 9

Click Save.


Automating Software Installs

Make sure you allow enough time between the task that pushes the update to a managed device and the task that installs the update.

You must be in the global domain to perform this task.


Caution


Depending on the update being installed, the appliance may reboot after the software is installed.


Procedure

Step 1

Select System (system gear icon) > Tools > Scheduling.

Step 2

Click Add Task.

Step 3

From the Job Type list, select Install Latest Update.

Step 4

Specify how you want to schedule the task, Once or Recurring:

  • For one-time tasks, use the drop-down lists to specify the start date and time.

  • For recurring tasks, see Configuring a Recurring Task for details.

Step 5

Type a name in the Job Name field.

Step 6

From the Device drop-down list, select the appliance where you want to install the update.

Step 7

Next to Update Items, check the Software check box.

Step 8

If you want to comment on the task, type a comment in the Comment field.

The comment field appears in the Task Details section of the schedule calendar page; keep comments brief.

Step 9

If you want to email task status messages, type an email address (or multiple email addresses separated by commas) in the Email Status To: field. You must have a valid email relay server configured to send status messages.

Step 10

Click Save.


Vulnerability Database Update Automation

You can use the scheduling feature to update the Cisco vulnerability database (VDB), thereby ensuring that you are using the most up-to-date information to evaluate the hosts on your network. You must schedule the download, install, and subsequent deploy as separate tasks, allowing enough time between tasks.


Note


The initial setup on the management center automatically downloads and installs the latest VDB from Cisco as a one-time operation. It also schedules a weekly task to download the latest available software updates, which includes the latest VDB. We recommend you review this weekly task and adjust if necessary. Optionally, schedule a new weekly task to actually update the VDB and deploy configurations.


Automating VDB Update Downloads

Procedure

Step 1

Select System (system gear icon) > Tools > Scheduling.

Step 2

Click Add Task.

Step 3

From the Job Type list, select Download Latest Update.

Step 4

Specify how you want to schedule the task, Once or Recurring:

  • For one-time tasks, use the drop-down lists to specify the start date and time.

  • For recurring tasks, see Configuring a Recurring Task for details.

Step 5

Type a name in the Job Name field.

Step 6

Next to Update Items, check the Vulnerability Database check box.

Step 7

(Optional) Type a brief comment in the Comment field.

Step 8

If you want to email task status messages, type an email address (or multiple email addresses separated by commas) in the Email Status To: field. You must have a valid email relay server configured to send status messages.

Step 9

Click Save.


Automating VDB Update Installs

Allow enough time between the task that downloads the VDB update and the task that installs the update.

You must be in the global domain to perform this task.


Caution


In most cases, the first deploy after a VDB update restarts the Snort process, interrupting traffic inspection. The system warns you when this will happen (updated application detectors and operating system fingerprints require a restart; vulnerability information does not). Whether traffic drops or passes without further inspection during this interruption depends on how the targeted device handles traffic. For more information, see Snort Restart Traffic Behavior.


Procedure

Step 1

Select System (system gear icon) > Tools > Scheduling.

Step 2

Click Add Task.

Step 3

From the Job Type list, select Install Latest Update.

Step 4

Specify how you want to schedule the task, Once or Recurring:

  • For one-time tasks, use the drop-down lists to specify the start date and time.

  • For recurring tasks, see Configuring a Recurring Task for details.

Step 5

Type a name in the Job Name field.

Step 6

From the Device drop-down list, select the management center.

Step 7

Next to Update Items, check the Vulnerability Database check box.

Step 8

(Optional) Type a brief comment in the Comment field.

Step 9

If you want to email task status messages, type an email address (or multiple email addresses separated by commas) in the Email Status To: field. You must have a valid email relay server configured to send status messages.

Step 10

Click Save.


Automating URL Filtering Updates Using a Scheduled Task

In order to ensure that threat data for URL filtering is current, the system must obtain data updates from the Cisco Collective Security Intelligence (CSI) cloud.

By default, when you enable URL filtering, automatic updates are enabled. However, if you need to control when these updates occur, use the procedure described in this topic instead of the default update mechanism.

Although daily updates tend to be small, if it has been more than five days since your last update, new URL filtering data may take up to 20 minutes to download, depending on your bandwidth. Then, it may take up to 30 minutes to perform the update itself.

Before you begin

Procedure


Step 1

Select System (system gear icon) > Tools > Scheduling.

Step 2

Click Add Task.

Step 3

From the Job Type list, select Update URL Filtering Database.

Step 4

Specify how you want to schedule the update, Once or Recurring:

  • For one-time tasks, use the drop-down lists to specify the start date and time.

  • For recurring tasks, see Configuring a Recurring Task for details.

Step 5

Type a name in the Job Name field.

Step 6

If you want to comment on the task, type a comment in the Comment field.

The comment field appears in the Task Details section of the schedule calendar page; keep comments brief.

Step 7

If you want to email task status messages, type an email address (or multiple email addresses separated by commas) in the Email Status To: field. You must have a valid email relay server configured to send status messages.

Step 8

Click Save.


Scheduled Task Review

After adding scheduled tasks, you can view them and evaluate their status. The View Options section of the page allows you to view scheduled tasks using a calendar and a list of scheduled tasks.

The Calendar view option allows you to view which scheduled tasks occur on which day.

The Task List shows a list of tasks along with their status. The task list appears below the calendar when you open the calendar. In addition, you can view it by selecting a date or task from the calendar.

You can edit a scheduled task that you previously created. This feature is especially useful if you want to test a scheduled task once to make sure that the parameters are correct. Later, after the task completes successfully, you can change it to a recurring task.

There are two types of deletions you can perform from the Schedule View page. You can delete a specific one-time task that has not yet run or you can delete every instance of a recurring task. If you delete an instance of a recurring task, all instances of the task are deleted. If you delete a task that is scheduled to run once, only that task is deleted.

Task List Details

Table 1. Task List Columns

Column

Description

Name

Displays the name of the scheduled task and the comment associated with it.

Type

Displays the type of scheduled task.

Start Time

Displays the scheduled start date and time.

Frequency

Displays how often the task is run.

Last Run Time

Displays the actual start date and time.

For a recurring task, this applies to the most recent execution.

Last Run Status

Describes the current status for a scheduled task:

  • A Check markcheck mark icon indicates that the task ran successfully.

  • A question mark icon (Question Mark (question mark icon) ) indicates that the task is in an unknown state.

  • An exclamation mark icon ( ) indicates that the task failed.

For a recurring task, this applies to the most recent execution.

Next Run Time

Displays the next execution time for a recurring task.

Displays N/A for a one-time task.

Creator

Displays the name of the user that created the scheduled task.

Edit

Edits the scheduled task.

Delete

Deletes the scheduled task.

Viewing Scheduled Tasks on the Calendar

You can view a scheduled task on the calendar.

Procedure


Step 1

Select System (system gear icon) > Tools > Scheduling.

Step 2

You can perform the following tasks using the calendar view:

  • Click Double Left Arrow (double left arrow icon) to move back one year.

  • Click Single Left Arrow (single left arrow icon) to move back one month.

  • Click Single Right Arrow (single right arrow icon) to move forward one month.

  • Click Double Right Arrow (double right arrow icon) to move forward one year.

  • Click Today to return to the current month and year.

  • Click Add Task to schedule a new task.

  • Click a date to view all scheduled tasks for the specific date in a task list table below the calendar.

  • Click a specific task on a date to view the task in a task list table below the calendar.


Editing Scheduled Tasks

You can edit scheduled tasks.

Procedure


Step 1

Select System (system gear icon) > Tools > Scheduling.

Step 2

On the calendar, click either the task that you want to edit or the day on which the task appears.

Step 3

In the Task Details table, click Edit (edit icon) next to the task you want to edit.

Step 4

Edit the task.

Step 5

Click Save.


Deleting Scheduled Tasks

You can delete a scheduled task.

Procedure


Step 1

Select System (system gear icon) > Tools > Scheduling.

Step 2

In the calendar, click the task you want to delete. For a recurring task, click an instance of the task.

Step 3

In the Task Details table, click Delete (delete icon), then confirm your choice.