Cisco

ASA

Access Requests
Device object selection
Modify Group
Designer
Syntax-based change
Provisioning
Provisioning in automatic step
Create/modify group
Add Access
Risk Analysis
Designer
Verifier
Syntax-based change instructions
Provisioning
Provisioning in automatic step
Authorization and documentation
Auto close
Remove Access
Designer
Syntax-based change instructions
Provisioning
Provisioning in automatic step
Decommission Network Object
Impact Analysis
Designer
Provisioning
Verifier
Syntax-based commands
Authorization and documentation
Clone Network Object Policy
Designer
Provisioning (or) Provisioning and Committing
Verifier
Rule Decommission
Designer
Provisioning
Provisioning in automatic step
Verifier, Authorization and documentation
Auto close
Rule Modification
Device object selection (object browser)
Provisioning
Syntax-based commands
Rule Recertification
Update metadata

Notes for ASA:

Firepower Management Center

Modify Group
Designer
Provisioning
Provisioning in automatic step
Create/modify group
Add Access
Risk Analysis
Designer
Provisioning
Provisioning in automatic step
Verifier
Authorization and documentation
Decommission Network Object
Impact Analysis
Designer
Provisioning
Verifier
Authorization and documentation
Clone Network Object Policy
Designer
Provisioning (or) Provisioning and CommittingV
erifier
Rule Decommission
Designer
Provisioning
Verifier
Authorization and documentation
Rule Recertification
Rule Modification
Device object selection (object browser)
Provisioning
Rule Recertification
Update metadata

Notes for Firepower Management Center (FMC):

  • Add Access - Designer and Verifier are supported for tickets in Topology mode.
  • Access Request - Support for FMC Zones in non-topology mode.
  • Modify Group and Decommission Network Object supports shared groups/global objects.
  • Overriding objects are not supported for Decommission Network Object and Clone Network Object Policy. They are treated as a regular objects .

  • Provisioning is supported for FMC 6.2.3
  • In workflows in which topology is enabled, in the Workflow Properties dialog:
    • If topology is enabled, path analysis now takes Cisco Network Zones into account.
    • If topology is disabled, when the handler selects the Source and Destination devices, the Advanced Options dialog box will display all possible Cisco Network Zone combinations.

IOS L3 Switch (IOS or IOS XE)

Access Requests
N/A
Add Access
N/A
Clone Server
N/A
Modify Group
N/A
Remove Access
N/A
Rule Decommission
Rule submission from Policy Browserupdate metadata
Rule Modification
Rule submission from Policy Browser
Rule Recertification
Update metadata
Decommission Network Object
N/A

IOS-XR

Access Requests
Manual target selection
Device object selection
Modify Group
Create/modify group
Add Access
Risk Analysis
Verifier
Designer
Authorization and documentation
Auto close
Remove Access
Verifier
Decommission Network Object
Impact Analysis
Verifier
Rule Recertification
Update metadata

Nexus

Access Requests
Manual target selection
Device object selection
Modify Group
Create/modify group
Add Access
Risk Analysis
Verifier
Designer
Authorization and documentationAuto close
Remove Access
Verifier
Decommission Network Object
Impact Analysis
Verifier
Rule Recertification
Update metadata

Notes for Nexus:

  • When running Designer on a Nexus device, it is recommended to avoid changing group names. This is because if two groups accidentally receive the same name, they will be merged together as one group.

Routers (IOS or IOS XE)

Access Requests
Manual target selection
Device object selection
Add Access
Risk Analysis
Designer
Syntax-based change instructions
Provisioning
Provisioning in automatic step
Verifier
Authorization and documentation
Auto close
Remove Access
Designer
Syntax-based change instructions
Provisioning
Provisioning in automatic step
Verifier
Rule Decommission
Verifier
Authorization and documentation
Auto close
Decommission Network Object
Impact Analysis
Designer
Provisioning
Verifier
Rule Recertification
Update metadata

Zone based firewalls

Access Requests
Manual target selection
Add Access
Verifier
Authorization and documentation
Auto close
Rule Decommission
Update metadata