cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1615
Views
0
Helpful
4
Replies

Four eyes principle in FMC

mario.jost
Level 3
Level 3

We have the rquirement from our management to use a four eyes principle (Admin1 makes a rule change, Admin2 has to approve in order for it to be deployed) so mistakes like one admin brings down the whole company with one misconfiguration can be avoided. We did not see any feature in FMC that would support such a thing. As far as I can see, we have to develop the rule management on an external plattform that supports the four eyes principle and then implements the rule after approval via the API to the FMC. Is there any such feature hidden in FMC? Is such a feature on the roadmap?

4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

I saw this kind of feature sometime back in Prime or ACS cant remember.  Not sure is this FMC has ability but good question.

 

How about role base access example :

 

1. Engineer  want to deploy FW rules for the business requirement

2, Engineer write down the steps - ask for approval make change control.

3. Seniors review that change and approve it.,

4. if big change like topology change - Senior or SME do the work

5 if standard change which was proven working, Engineer can do

 

using FMC and Serice-now you can do bit of programming integration.

 

4.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help