Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1841
Views
0
Helpful
2
Replies

Configuration Change Control

Cory Anderson
Level 1
Level 1

‎04-16-2019 07:46 AM - edited ‎02-21-2020 09:02 AM

I'm setting up some 2110 devices using FMC for an organization that has a specific change control policy that I don't know how to address with FirePower. The policy is to set the initial configuration as a baseline, and periodically audit the active configuration against the baseline configuration to detect unauthorized changes. Does anyone know if this is supported?

Labels:
0 Helpful
2 Replies 2

Mike.Cifelli
VIP Alumni
VIP Alumni

‎04-17-2019 05:50 AM

So you can definitely monitor/audit configuration changes using FMC. This can be accomplished in FMC under System->Monitoring->Audit. From here you can also generate reports. As for detecting against the baseline I am not 100% sure if you can accomplish this. Worst case you can schedule reports. However, my question to the customer would be why would individuals that should not be allowed to make config changes have full rights. You also can look into rbacl by giving different individuals different roles for managing your device. For example, Security Analyst (read-only). HTH!
0 Helpful

kurttcot
Level 1
Level 1

‎04-17-2019 09:37 AM

You can export the config once the baseline is setup then do manual exports when you need to audit.

 

FPMC, Heath Monitor, Advanced Troubleshooting, Threat Defense CLI, Show Run.

 

Copy config output to a text file then later you can use a program like ExamDiff to compare the changes.

 

Its not automated but its quick enough to do in a few minutes.

0 Helpful
Review Cisco Networking for a $25 gift card
Top