On This Page
Cisco
ASA
- Access Requests
- Device object selection
- Modify Group
- Designer
- Syntax-based change
- Provisioning
- Provisioning in automatic step
- Create/modify group
- Add Access
- Risk Analysis
- Designer
- Verifier
- Syntax-based change instructions
- Provisioning
- Provisioning in automatic step
- Authorization and documentation
- Auto close
- Remove Access
- Designer
- Syntax-based change instructions
- Provisioning
- Provisioning in automatic step
- Decommission Network Object
- Impact Analysis
- Designer
- Provisioning
- Verifier
- Syntax-based commands
- Authorization and documentation
- Clone Network Object Policy
- Designer
- Provisioning (or) Provisioning and Committing
- Verifier
- Rule Decommission
- Designer
- Provisioning
- Provisioning in automatic step
- Verifier, Authorization and documentation
- Auto close
- Rule Modification
- Device object selection (object browser)
- Provisioning
- Syntax-based commands
- Rule Recertification
- Update metadata
Notes for ASA:
-
By default, Designer adds network addresses and services inline in rules or groups. To configure Designer to suggest network and service objects, see Setting Designer to Create Objects on Cisco ASA.
Firepower Management Center
- Modify Group
- Designer
- Provisioning
- Provisioning in automatic step
- Create/modify group
- Add Access
- Risk Analysis
- Designer
- Provisioning
- Provisioning in automatic step
- Verifier
- Authorization and documentation
- Decommission Network Object
- Impact Analysis
- Designer
- Provisioning
- Verifier
- Authorization and documentation
- Clone Network Object Policy
- Designer
- Provisioning (or) Provisioning and CommittingV
- erifier
- Rule Decommission
- Designer
- Provisioning
- Verifier
- Authorization and documentation
- Rule Recertification
- Rule Modification
- Device object selection (object browser)
- Provisioning
- Rule Recertification
- Update metadata
Notes for Firepower Management Center (FMC):
- Add Access - Designer and Verifier are supported for tickets in Topology mode.
- Access Request - Support for FMC Zones in non-topology mode.
- Modify Group and Decommission Network Object supports shared groups/global objects.
-
Overriding objects are not supported for Decommission Network Object and Clone Network Object Policy. They are treated as a regular objects .
- Provisioning is supported for FMC 6.2.3
- In workflows in which topology is enabled, in the Workflow Properties dialog:
- If topology is enabled, path analysis now takes Cisco Network Zones into account.
- If topology is disabled, when the handler selects the Source and Destination devices, the Advanced Options dialog box will display all possible Cisco Network Zone combinations.
IOS L3 Switch (IOS or IOS XE)
- Access Requests
- N/A
- Add Access
- N/A
- Clone Server
- N/A
- Modify Group
- N/A
- Remove Access
- N/A
- Rule Decommission
- Rule submission from Policy Browserupdate metadata
- Rule Modification
- Rule submission from Policy Browser
- Rule Recertification
- Update metadata
- Decommission Network Object
- N/A
IOS-XR
- Access Requests
- Manual target selection
- Device object selection
- Modify Group
- Create/modify group
- Add Access
- Risk Analysis
- Verifier
- Designer
- Authorization and documentation
- Auto close
- Remove Access
- Verifier
- Decommission Network Object
- Impact Analysis
- Verifier
- Rule Recertification
- Update metadata
Nexus
- Access Requests
- Manual target selection
- Device object selection
- Modify Group
- Create/modify group
- Add Access
- Risk Analysis
- Verifier
- Designer
- Authorization and documentationAuto close
- Remove Access
- Verifier
- Decommission Network Object
- Impact Analysis
- Verifier
- Rule Recertification
- Update metadata
-
Notes for Nexus:
-
When running Designer on a Nexus device, it is recommended to avoid changing group names. This is because if two groups accidentally receive the same name, they will be merged together as one group.
Routers (IOS or IOS XE)
- Access Requests
- Manual target selection
- Device object selection
- Add Access
- Risk Analysis
- Designer
- Syntax-based change instructions
- Provisioning
- Provisioning in automatic step
- Verifier
- Authorization and documentation
- Auto close
- Remove Access
- Designer
- Syntax-based change instructions
- Provisioning
- Provisioning in automatic step
- Verifier
- Rule Decommission
- Verifier
- Authorization and documentation
- Auto close
- Decommission Network Object
- Impact Analysis
- Designer
- Provisioning
- Verifier
- Rule Recertification
- Update metadata
Zone based firewalls
- Access Requests
- Manual target selection
- Add Access
- Verifier
- Authorization and documentation
- Auto close
- Rule Decommission
- Update metadata