Analyze On-Premises Firewall Management Center Policies

To use Policy Analyzer and Optimizer to analyze policies on an On-Premises Firewall Management Center Version 7.2 or later, you need to have onboarded it to Security Cloud Control, either using Auto discover from Cisco Security Cloud or Use Credentials way of onboarding. For an On-Premises Firewall Management Center Version 7.6, you need to have integrated it to the Cisco Security Cloud, which in turn onboards your On-Premises Firewall Management Center to your Security Cloud Control tenant. Make sure that you do the following before you begin:

  • After onboarding your On-Premises Firewall Management Center, ensure that its in Active status in Administration > Firewall Management Center.

  • Check the Enable Policy Analysis & Optimization checkbox after you integrate with the Cisco Security cloud, by navagating to Integration > Cisco Security Cloud.

  • If you have just onboarded an On-Premises Firewall Management Center or created or imported a new policy in an already onboarded On-Premises Firewall Management Center, wait until the Policy Analyzer and Optimizer fetches the policies.

  • You can trigger analysis of the policies manually or they get automatically analyzed as part of the scheduled automated analysis.

Procedure

Step 1

From the Security Cloud Control left navigation pane, navigate to Administration > Firewall Management Center—the Services page comes up, with Cloud-Delivered FMC selected by default.

Step 2

Select the On-Premises Firewall Management Center whose policies you want to analyze.

Step 3

Click Policy Analyzer and Optimizer under System on the right pane.

Alternatively, on the left pane, choose Insights & Reports > Policy Analyzer and Optimizer. The Showing policy for option at the top-left corner shows which device's policies are displayed; click to switch among cloud-delivered Firewall Management Center and other On-Premises Firewall Management Centers.

Step 4

For analyzed policies, the Policy Analyzer and Optimizer provides an overview of the analysis that includes Total Rules, Observations, Anaysis Status, and Last Modified and Last Analyzed timestamps. You can also see more details on the right pane when you select a policy.