Analyze On-Prem Firewall Management Center Policies
To use Policy Analyzer and Optimizer to analyze policies on an On-Prem Firewall Management Center Version 7.2 or later, you need to have onboarded it to CDO, either using Auto discover from Cisco Security Cloud or Use Credentials way of onboarding. For an On-Prem Firewall Management Center Version 7.6, you need to have integrated it to the Cisco Security Cloud, which in turn onboards your On-Prem Firewall Management Center to your CDO tenant. Make sure that you do the following before you begin:
-
After onboarding your On-Prem Firewall Management Center, ensure that its in Active status in .
-
Check the Enable Policy Analysis & Optimization checkbox after you integrate with the Cisco Security cloud, by navagating to .
-
If you have just onboarded an On-Prem Firewall Management Center or created or imported a new policy in an already onboarded On-Prem Firewall Management Center, wait until the Policy Analyzer and Optimizer fetches the policies.
-
You can trigger analysis of the policies manually or they get automatically analyzed as part of the scheduled automated analysis.
Procedure
Step 1 | From the CDO left navigation pane, navigate to —the Services page comes up, with Cloud-Delivered FMC selected by default. |
Step 2 | Select the On-Prem Firewall Management Center whose policies you want to analyze. |
Step 3 | Click Policy Analyzer and Optimizer under System on the right pane. Alternatively, on the left pane, choose . The Showing policy for option at the top-left corner shows which device's policies are displayed; click to switch among cloud-delivered Firewall Management Center and other On-Prem Firewall Management Centers. |
Step 4 | For analyzed policies, the Policy Analyzer and Optimizer provides an overview of the analysis that includes Total Rules, Observations, Anaysis Status, and Last Modified and Last Analyzed timestamps. You can also see more details on the right pane when you select a policy. |