Solved: Reports and Exports for FMC/FTD

tryingtofixit · ‎03-28-2024

Is it possible for the FMC to run a report to indicate what rules are inactive/disabled?

What about reporting what objects are not being used?

I know beside various items there is a "report" icon, or "export to csv" but this isn't giving me the info I need for auditing.

Seems to me that zero major improvements have been made on the built-in reporting since FMC's release.

And no, I don't want to write a python script to pull data from the rest_API.

I have already pulled py scripts off git and modules to do what FMC should do natively, export rules and objects as CSV.

Does any 3rd party make a product that produces "audit quality" reports (PDF & CSV) from the FMC?

Such a shame cisco doesn't seem to care about updating the interface and reporting of the FMC. If they keep telling us to use the rest_api, why can't they do the same to produce much needed reports and exports natively on the FMC?

Thanks

Pulkit Mittal · ‎03-28-2024

I suggest looking at Algosec, and see if your business would be willing to spend money on it! If not, simply, spin up a 30 days trial to understand the product and optimize your exisiting firewall, and conducting a PoC later to place it better to the board to see if they would be interested. This will definitely help you with the clean up work in future.

I suggested this in my solution here. https://community.cisco.com/t5/network-security/cleaning-up-firepower-policies/td-p/5033206

If you find this useful, please mark it helpful and accept the solution.

View solution in original post

Pulkit Mittal · ‎03-28-2024

I suggest looking at Algosec, and see if your business would be willing to spend money on it! If not, simply, spin up a 30 days trial to understand the product and optimize your exisiting firewall, and conducting a PoC later to place it better to the board to see if they would be interested. This will definitely help you with the clean up work in future.

I suggested this in my solution here. https://community.cisco.com/t5/network-security/cleaning-up-firepower-policies/td-p/5033206

If you find this useful, please mark it helpful and accept the solution.

Marius Gunnerud · ‎03-29-2024

We use AlgoSec for rule optimization. It is a great tool and I highly recommend it. Although we only use the Algosec Firewall Analyzer (AFA) part of it, it also has a module called FireFlow which can allow you to automate firewall configurations. You could also integrate any routers or L3 switches you have into AlgoSec and it can build a decent network map for you.

Just bear in mind that licensing is done based on a per Firewall basis, so, if you have two FTD firewalls in an HA setup you would need two AlgoSec licenses.

--
Please remember to select a correct answer and rate helpful posts

Marvin Rhoads · ‎03-29-2024

To see what object are unused just click the icon to show only unused objects in the top right of the network objects page.

For rules, there's a not great easy report. You can query the hit count and export the results but that's about it as of the current 7.4 release. We expect some big improvements in this area later this year, but for now the capability is limited.