cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2002
Views
0
Helpful
2
Replies

Firepower Access Policy Comparison - not existing????

jsteffensen
Level 1
Level 1

Hi Everyone

 

When policies has changed (multiple times) and you need to deploy a Policy.

How can you verify the Difference / how can you compare the

- Policy to deploy - with the - Policy deployed?

before you kick of the task?

 

Accordingly to the Firepower Management Center 6.2.3 here is no options to compare Access Policies:

"

To review policy changes for compliance with your organization's standards or to optimize system performance, you can examine the differences between two policies or between a saved policy and the running configuration.

  • DNS

  • File

  • Health

  • Identity

  • Intrusion

  • Network Analysis

  • SSL

"

Are we the onlyone on the whole world needing this? I mean, CSM Cisco Security Manager has been able to do this since the last 10 years.....

 

Any Help/Hacks would be apriciated.

best Regards

Jarle Steffensen

 

2 Replies 2

Raghunath Kulkarni
Cisco Employee
Cisco Employee

Hi,

 

The feature is on the roadmap so that you have it under access control policy.

That said, currently, we have ways of checking what are the changes made in sections:

 

1. File Policy has an independent option available to compare file policy between revisions and between different file policy itself.

2. Intrusion policy also supports the same.

3. SSL supports the same.

4. DNS policies also have the same option.

 

In addition to it if the requirement is to determine the changes done within the access control policy you can follow the instructions in the document:

 

https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212696-configuration-to-view-changes-in-an-acce.html

 

Hope this helps

 

The same feature is presently available for health policy as well as network analysis policy too.

Review Cisco Networking for a $25 gift card