cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

490
Views
0
Helpful
2
Replies
Highlighted
Beginner

Firepower Access Policy Comparison - not existing????

Hi Everyone

 

When policies has changed (multiple times) and you need to deploy a Policy.

How can you verify the Difference / how can you compare the

- Policy to deploy - with the - Policy deployed?

before you kick of the task?

 

Accordingly to the Firepower Management Center 6.2.3 here is no options to compare Access Policies:

"

To review policy changes for compliance with your organization's standards or to optimize system performance, you can examine the differences between two policies or between a saved policy and the running configuration.

  • DNS

  • File

  • Health

  • Identity

  • Intrusion

  • Network Analysis

  • SSL

"

Are we the onlyone on the whole world needing this? I mean, CSM Cisco Security Manager has been able to do this since the last 10 years.....

 

Any Help/Hacks would be apriciated.

best Regards

Jarle Steffensen

 

2 REPLIES 2
Cisco Employee

Re: Firepower Access Policy Comparison - not existing????

Hi,

 

The feature is on the roadmap so that you have it under access control policy.

That said, currently, we have ways of checking what are the changes made in sections:

 

1. File Policy has an independent option available to compare file policy between revisions and between different file policy itself.

2. Intrusion policy also supports the same.

3. SSL supports the same.

4. DNS policies also have the same option.

 

In addition to it if the requirement is to determine the changes done within the access control policy you can follow the instructions in the document:

 

https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212696-configuration-to-view-changes-in-an-acce.html

 

Hope this helps

 

Cisco Employee

Re: Firepower Access Policy Comparison - not existing????

The same feature is presently available for health policy as well as network analysis policy too.