Cisco

ASA

Access Requests	Device object selection
Modify Group	Designer Syntax-based change Provisioning Provisioning in automatic step Create/modify group
Add Access	Risk Analysis Designer Verifier Syntax-based change instructions Provisioning Provisioning in automatic step Authorization and documentation Auto close
Remove Access	Designer Syntax-based change instructions Provisioning Provisioning in automatic step
Server Decommission	Impact Analysis Designer Provisioning Verifier Syntax-based commands Authorization and documentation
Clone Server Policy	Designer Provisioning (or) Provisioning and Committing Verifier
Rule Decommission	Designer Provisioning Provisioning in automatic step Verifier, Authorization and documentation Auto close
Rule Modification	Device object selection (object browser) Provisioning Syntax-based commands
Rule Recertification	Update metadata

Firepower Management Center

Modify Group	Designer Provisioning Provisioning in automatic step Create/modify group
Add Access	Risk Analysis Designer Provisioning Provisioning in automatic step Verifier Authorization and documentation
Server Decommission	Impact Analysis Designer Provisioning Verifier Authorization and documentation
Clone Server Policy	Designer Provisioning (or) Provisioning and Committing Verifier
Rule Decommission	Designer Provisioning Verifier Authorization and documentation Rule Recertification
Rule Modification	Device object selection (object browser) Provisioning
Rule Recertification	Update metadata

Notes for Firepower Management Center (FMC):

• Add Access - Designer and Verifier are supported for tickets in Topology mode.
• Access Request - Support for FMC Zones in non-topology mode.
• Modify Group and Server Decommission supports shared groups/global objects.

• Overriding objects are not supported for Server Decommission and Clone Server Policy. They are treated as a regular objects .

• Provisioning is supported for FMC 6.2.3
• In workflows in which topology is enabled, in the Workflow Properties dialog:
  • If topology is enabled, path analysis now takes Cisco Network Zones into account.
  • If topology is disabled, when the handler selects the Source and Destination devices, the Advanced Options dialog box will display all possible Cisco Network Zone combinations.

IOS L3 Switch (IOS or IOS XE)

Access Requests	N/A
Add Access	N/A
Clone Server	N/A
Modify Group	N/A
Remove Access	N/A
Rule Decommission	Rule submission from Policy Browser update metadata
Rule Modification	Rule submission from Policy Browser
Rule Recertification	Update metadata
Server Decommission	N/A

IOS-XR

Access Requests	Manual target selection Device object selection
Modify Group	Create/modify group
Add Access	Risk Analysis Verifier Designer Authorization and documentation Auto close
Remove Access	Verifier
Server Decommission	Impact Analysis Verifier
Rule Recertification	Update metadata

Nexus

Access Requests	Manual target selection Device object selection
Modify Group	Create/modify group
Add Access	Risk Analysis Verifier Designer Authorization and documentation Auto close
Remove Access	Verifier
Server Decommission	Impact Analysis Verifier
Rule Recertification	Update metadata

Routers (IOS or IOS XE)

Access Requests	Manual target selection Device object selection
Add Access	Risk Analysis Designer Syntax-based change instructions Provisioning Provisioning in automatic step Verifier Authorization and documentation Auto close
Remove Access	Designer Syntax-based change instructions Provisioning Provisioning in automatic step Verifier
Rule Decommission	Verifier Authorization and documentation Auto close
Server Decommission	Impact Analysis Designer Provisioning Verifier
Rule Recertification	Update metadata

Zone based firewalls

Access Requests	Manual target selection
Add Access	Verifier Authorization and documentation Auto close
Rule Decommission	Update metadata