Firepower Access Policy Comparison - not existing????

jsteffensen · ‎09-04-2018

Hi Everyone

When policies has changed (multiple times) and you need to deploy a Policy.

How can you verify the Difference / how can you compare the

- Policy to deploy - with the - Policy deployed?

before you kick of the task?

Accordingly to the Firepower Management Center 6.2.3 here is no options to compare Access Policies:

"

To review policy changes for compliance with your organization's standards or to optimize system performance, you can examine the differences between two policies or between a saved policy and the running configuration.

DNS
File
Health
Identity
Intrusion
Network Analysis
SSL

"

Are we the onlyone on the whole world needing this? I mean, CSM Cisco Security Manager has been able to do this since the last 10 years.....

Any Help/Hacks would be apriciated.

best Regards

Jarle Steffensen

Raghunath Kulkarni · ‎09-05-2018

Hi,

The feature is on the roadmap so that you have it under access control policy.

That said, currently, we have ways of checking what are the changes made in sections:

1. File Policy has an independent option available to compare file policy between revisions and between different file policy itself.

2. Intrusion policy also supports the same.

3. SSL supports the same.

4. DNS policies also have the same option.

In addition to it if the requirement is to determine the changes done within the access control policy you can follow the instructions in the document:

https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212696-configuration-to-view-changes-in-an-acce.html

Hope this helps

Raghunath Kulkarni · ‎09-05-2018

The same feature is presently available for health policy as well as network analysis policy too.