Analyze On-Premises Firewall Management Center Policies
To analyze policies on an on-premises Firewall Management Center version 7.2 or later using Policy Analyzer and Optimizer, you must first onboard it to Security Cloud Control. You can use either Auto discover from Cisco Security Cloud or Use Credentials for onboarding. If you are using version 7.6, integrate the device with Cisco Security Cloud, which then onboards your on-premises Firewall Management Center to your Security Cloud Control tenant.
Complete these prerequisites before you begin:
-
After onboarding your on-premises Firewall Management Center, ensure that its in Active status in .
-
Check the Enable Policy Analysis & Optimization checkbox after you integrate with the Cisco Security cloud, by navigating to .
-
If you have just onboarded an on-premises Firewall Management Center or created or imported a new policy in an already onboarded on-premises Firewall Management Center, wait until the Policy Analyzer and Optimizer fetches the policies.
-
You can trigger policy analysis manually, or let the system automatically analyze policies as part of the scheduled automated analysis.
Procedure
Step 1 | Choose . The Services page appears with Cloud-Delivered FMC selected by default. | ||
Step 2 | Select the on-premises Firewall Management Center whose policies you want to analyze. | ||
Step 3 | Click Policy Analyzer and Optimizer under System on the right pane. Alternatively, choose on the left pane. The Showing policy for option at the top-left corner indicates which device's policies are displayed. Click this option to switch between Cloud-Delivered Firewall Management Center and other on-premises Firewall Management Centers.
| ||
Step 4 | For analyzed policies, the Policy Analyzer and Optimizer provides an overview of the analysis that includes Total Rules, Observations, Analysis Status, and Last Modified and Last Analyzed timestamps. You can also see more details in the right pane when you select a policy. |