09-04-2018 05:38 AM - edited 03-12-2019 06:56 AM
Hi Everyone
When policies has changed (multiple times) and you need to deploy a Policy.
How can you verify the Difference / how can you compare the
- Policy to deploy - with the - Policy deployed?
before you kick of the task?
Accordingly to the Firepower Management Center 6.2.3 here is no options to compare Access Policies:
"
To review policy changes for compliance with your organization's standards or to optimize system performance, you can examine the differences between two policies or between a saved policy and the running configuration.
DNS
File
Health
Identity
Intrusion
Network Analysis
SSL
"
Are we the onlyone on the whole world needing this? I mean, CSM Cisco Security Manager has been able to do this since the last 10 years.....
Any Help/Hacks would be apriciated.
best Regards
Jarle Steffensen
09-05-2018 06:41 PM
Hi,
The feature is on the roadmap so that you have it under access control policy.
That said, currently, we have ways of checking what are the changes made in sections:
1. File Policy has an independent option available to compare file policy between revisions and between different file policy itself.
2. Intrusion policy also supports the same.
3. SSL supports the same.
4. DNS policies also have the same option.
In addition to it if the requirement is to determine the changes done within the access control policy you can follow the instructions in the document:
Hope this helps
09-05-2018 06:43 PM
The same feature is presently available for health policy as well as network analysis policy too.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide