Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
657
Views
0
Helpful
2
Replies

Cisco Firesight Policy

krunchyhchips
Level 1
Level 1

‎10-26-2016 11:46 AM - edited ‎03-12-2019 06:10 AM

Hi All

I have a question around Cisco Firesight.

What is the recommendation around setting up Cisco Firesight Policies for multiple FWs.

Say if i have 20 x2 Active/Standby FWs doing pretty much same functionaility.

Shall I setup one policy for all of them or 20 separate policies.

Rose.

Labels:
0 Helpful
2 Replies 2

Jetsy Mathew
Cisco Employee
Cisco Employee

‎10-27-2016 09:12 AM

Hello krunchyhchips,

If you need to apply the same policies you can add multiple target devices to the same rule itself.

If you need to apply different policies or rule, then you need to create separate rules and policies.

Rate and mark the helpful posts.

Regards

Jetsy 

0 Helpful

Oliver Kaiser
Level 7
Level 7

‎10-27-2016 11:27 AM

I think it really depends on your setup. Do you want to re-use policy rules for different firewalls? Do you need multi-tenancy?

Assuming you could re-use policy elements and want to be able to use your FMC for multiple tenants you could leverage domains and acp policy inheritance.

Create a child-domain under Global for your current tenant. Now create a base policy in global that can be re-used for multiple firewalls in your child-domain and set it as base policy for your individual firewall access-control-policies. Need to change a global policy rule - Just add it to the base policy. Need to add a firewall specific rule - just add it to your child policy.

Let me know if this answers your question

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card