Apply Policy Remediation

Before you begin

  • Ensure you take a backup of all the policies before applying remediations.

  • Ensure you have a few policy remediations that are staged to be applied. If there are no staged changes, the Apply Remediation button is disabled.

  • Ensure you have verified the Policy Last Modified, Policy Last Analysed dates and timestamps, and the number of rules that you have marked for remeditation, at the top-right corner, so that you are sure which version of the policies you are applying the remediations to.

Procedure


Step 1

In the Policy Analyzer and Optimizer page, click Apply Remediation.

Step 2

Read through the confirmation pop-up, which contains a gist of all the remediations that will be applied, and ensure you are not applying remediations to policies that you do not want remediated.

Step 3

Click Apply.

Note

When you click Apply, you will see pop-up messages such as Remediations are being applied and The policy is locked for remediation.

Step 4

After the remediations are completed successfully, click Download Optimization Report.

Because the policy just got modified when the remediations were applied, you must reanalyze the newly modified set of policies to get a different analysis summary, using which you can further remediate any left-over policy anomalies.

The remediation report contains consolidated data of all the remediations applied and the rules they were applied to. When you select a policy from the Policy Analyzer and Optimizer page, you can view the Remediation History from the right pane, which includes data about the date and time of the remediation, the user who initiated the remediation, and the remediation status. You can also download the remediation report from the same pop-up.

All the remediations are recorded and are available under Remediation History, with information such as date and time of the remediation, the user who performed the remediation, and so on.

Note

For an On-Premises Firewall Management Center in which the Change Management Workflow is enabled, when policy remediations are applied, an internal workflow ticket is created and the changes are staged. The changes take effect only when the ticket is submitted or approved. See Change Management in Cisco Secure Firewall Management Center Administration Guide for more information.