topic Configuration Change Control in Network Security

Configuration Change Control

Cory Anderson — Fri, 21 Feb 2020 17:02:53 GMT

I'm setting up some 2110 devices using FMC for an organization that has a specific change control policy that I don't know how to address with FirePower. The policy is to set the initial configuration as a baseline, and periodically audit the active configuration against the baseline configuration to detect unauthorized changes. Does anyone know if this is supported?

Re: Configuration Change Control

Mike.Cifelli — Wed, 17 Apr 2019 12:50:56 GMT

So you can definitely monitor/audit configuration changes using FMC. This can be accomplished in FMC under System->Monitoring->Audit. From here you can also generate reports. As for detecting against the baseline I am not 100% sure if you can accomplish this. Worst case you can schedule reports. However, my question to the customer would be why would individuals that should not be allowed to make config changes have full rights. You also can look into rbacl by giving different individuals different roles for managing your device. For example, Security Analyst (read-only). HTH!

Re: Configuration Change Control

kurttcot — Wed, 17 Apr 2019 16:37:59 GMT

You can export the config once the baseline is setup then do manual exports when you need to audit.

FPMC, Heath Monitor, Advanced Troubleshooting, Threat Defense CLI, Show Run.

Copy config output to a text file then later you can use a program like ExamDiff to compare the changes.

Its not automated but its quick enough to do in a few minutes.