Solved: Deploy changes from FMC v 6.2.3

catotten · ‎04-13-2018

Hello. Wondering if someone can tell me if there is any way to preview the changes that i am about to deploy from the FMC to my FTD's (HA Pair).

When I click on Deploy and click the + beside the Device that i want to deploy changes to I can see the system marked out-of-date policies. So in this case the index icon is beside "Access Control Policy: POLICYNAME" .... my question is how do i actually see what changes are going to be deployed when i click the deploy button?

Marvin Rhoads · ‎04-16-2018

You're welcome. Please mark the question as answered if it has been.

FYI You should be able to compare them post-deployment by analyzing the files that have been deployed in the file system. It's a kludge but possible.

View solution in original post

Marvin Rhoads · ‎04-14-2018

Unfortunately Cisco still does not allow us to compare Access Control Policies pre-deployment.

They do allow comparison of most other policy types, as noted in the 6.2.3. configuration guide:

To review policy changes for compliance with your organization's standards or to optimize system performance, you can examine the differences between two policies or between a saved policy and the running configuration.

You can compare the following policy types:

• DNS

• File

• Health

• Identity

• Intrusion

• Network Analysis

• SSL

The comparison view displays both policies in a side-by-side format. Differences between the two policies are highlighted.

catotten · ‎04-16-2018

Hi Marvin. I did read that also in the documentation but was wondering maybe if I missed something somewhere regarding a comparison of the access control policy pre-deployment.

It's really a bummer that this is not possible.

Thanks for replying :)

Marvin Rhoads · ‎04-16-2018

You're welcome. Please mark the question as answered if it has been.

FYI You should be able to compare them post-deployment by analyzing the files that have been deployed in the file system. It's a kludge but possible.