Cisco Defense Orchestrator (CDO) finds identical network policies used by multiple ASAs and identifies them on the network policy page. If you have a shared network policy, you can change it once and distribute the change to the other devices on which it is shared. This keeps network policies consistent across devices.
Shared Network Policy Attributes
The network policy table identifies how many devices use a network policy. Any network policy indicating that it is used by more than one device is a shared policy. Find Shared Network Policies
- Navigate Policies > ASA Policies.
- In the filter pane, click Show All to clear any past filtering or search criteria from the page.
- In the filter bar, expand Shared Policies and select Shared.
- Enter keywords in the search bar to refine your search further.
- Select your shared network policy from the network policy table.
Note: The filter and search criteria are not used in combination, you can only use one at a time. For example, if you filter by "Shared Policies" you will see all the shared policies. If you add a device name to the search, you will see all the network policies used by that device name whether the policies are shared or not.
Edit Shared Network Policies
- Find the shared policies you want to edit.
- Select the shared policy. CDO identifies which devices managed by CDO use that network policy.
- In the details pane, click Edit Policy.
- Edit the rules or rules in the policy.
- Click Save.
- Confirm the devices that will be affected by the change.
- Open the Devices & Service page and notice that the devices are no longer synced.
- Click Deploy Changes Manually... and follow the instructions presented to update the saved configuration on the ASA with your changes.
Compare Shared Network Policies
The purpose of comparing shared network policies is to find policies that have diverged slightly and realign them. If you have several policies that are almost the same, perhaps they have diverged and they should actually be the same. After realigning network policies, CDO will recognize the policies as shared and when you change one, you will be able to distribute the changes to the other devices using that policy.
- Find the shared policies you want to compare.
- Click Compare .
- Select two network policies to compare and click View Comparison.
- Make note of the differences and click Done Comparing.
- If you want to change one of the policies to align it with the other, select it from the network policies table and click Edit Policy in the details pane to edit it.