Cisco

ASA

Access Requests

Device object selection

Modify Group

Designer
Syntax-based change
Provisioning
Provisioning in automatic step
Create/modify group

Add Access

Risk Analysis
Designer
Verifier
Syntax-based change instructions
Provisioning
Provisioning in automatic step
Authorization and documentation
Auto close

Remove Access

Designer
Syntax-based change instructions
Provisioning
Provisioning in automatic step

Server Decommission

Impact Analysis
Designer
Provisioning
Verifier
Syntax-based commands
Authorization and documentation

Clone Server Policy

Designer
Provisioning (or) Provisioning and Committing
Verifier

Rule Decommission

Designer
Provisioning
Provisioning in automatic step
Verifier, Authorization and documentation
Auto close

Rule Modification Device object selection (object browser)
Provisioning
Syntax-based commands

Rule Recertification

Update metadata

Firepower Management Center

Modify Group

Designer
Provisioning
Provisioning in automatic step
Create/modify group

Add Access

Risk Analysis
Designer
Provisioning
Provisioning in automatic step
Verifier
Authorization and documentation

Server Decommission

Impact Analysis
Designer
Provisioning
Verifier
Authorization and documentation

Clone Server Policy

Designer
Provisioning (or) Provisioning and Committing
Verifier

Rule Decommission

Designer
Provisioning
Verifier
Authorization and documentation
Rule Recertification

Rule Modification Device object selection (object browser)
Provisioning

Rule Recertification

Update metadata

Notes for Firepower Management Center (FMC):

  • Add Access - Designer and Verifier are supported for tickets in Topology mode.
  • Access Request - Support for FMC Zones in non-topology mode.
  • Modify Group and Server Decommission supports shared groups/global objects.
  • Overriding objects are not supported for Server Decommission and Clone Server Policy. They are treated as a regular objects .

  • Provisioning is supported for FMC 6.2.3
  • In workflows in which topology is enabled, in the Workflow Properties dialog:
    • If topology is enabled, path analysis now takes Cisco Network Zones into account.
    • If topology is disabled, when the handler selects the Source and Destination devices, the Advanced Options dialog box will display all possible Cisco Network Zone combinations.

IOS L3 Switch (IOS or IOS XE)

Access Requests

N/A

Add Access

N/A

Clone Server

N/A

Modify Group

N/A

Remove Access

N/A

Rule Decommission

Rule submission from Policy Browser
update metadata

Rule Modification

Rule submission from Policy Browser

Rule Recertification

Update metadata

Server Decommission

N/A

IOS-XR

Access Requests

Manual target selection
Device object selection

Modify Group

Create/modify group

Add Access

Risk Analysis
Verifier
Designer
Authorization and documentation
Auto close

Remove Access

Verifier

Server Decommission

Impact Analysis
Verifier

Rule Recertification

Update metadata

Nexus

Access Requests

Manual target selection
Device object selection

Modify Group

Create/modify group

Add Access

Risk Analysis
Verifier
Designer
Authorization and documentation
Auto close

Remove Access

Verifier

Server Decommission

Impact Analysis
Verifier

Rule Recertification

Update metadata

Routers (IOS or IOS XE)

Access Requests

Manual target selection
Device object selection

Add Access

Risk Analysis
Designer
Syntax-based change instructions
Provisioning
Provisioning in automatic step
Verifier
Authorization and documentation
Auto close

Remove Access

Designer
Syntax-based change instructions
Provisioning
Provisioning in automatic step
Verifier

Rule Decommission

Verifier
Authorization and documentation
Auto close

Server Decommission

Impact Analysis
Designer
Provisioning
Verifier

Rule Recertification

Update metadata

Zone based firewalls

Access Requests

Manual target selection

Add Access

Verifier
Authorization and documentation
Auto close

Rule Decommission

Update metadata