Cisco

ASA

Access Requests
Device object selection
Modify Group
Designer
Syntax-based change
Provisioning
Provisioning in automatic step
Create/modify group
Add Access
Risk Analysis
Designer
Verifier
Syntax-based change instructions
Provisioning
Provisioning in automatic step
Authorization and documentation
Auto close
Remove Access
Designer
Syntax-based change instructions
Provisioning
Provisioning in automatic step
Decommission Network Object
Impact Analysis
Designer
Provisioning
Verifier
Syntax-based commands
Authorization and documentation
Clone Network Object Policy
Designer
Provisioning (or) Provisioning and Committing
Verifier
Rule Decommission
Designer
Provisioning
Provisioning in automatic step
Verifier, Authorization and documentation
Auto close
Rule Modification
Device object selection (object browser)
Provisioning
Syntax-based commands
Rule Recertification
Update metadata

Notes for ASA

  • By default, Designer adds network addresses and services inline in rules or groups. To configure Designer to suggest network and service objects, see Setting Designer to Create Objects on Cisco ASA.

  • Verifier is supported on Cisco ASA 9.0 and higher.

Firewall Management Center (FMC)

From R24-1 PGA.0.0, cdFMC (cloud-delivered Firewall Management Center) is supported.
Modify Group
Designer
Provisioning
Provisioning in automatic step
Create/modify group
Add Access
Risk Analysis
Designer
Provisioning
Provisioning in automatic step
Verifier
Authorization and documentation
Decommission Network Object
Impact Analysis
Designer
Provisioning
Verifier
Authorization and documentation
Clone Network Object Policy
Designer
Provisioning (or) Provisioning and CommittingVerifier
Rule Decommission
Designer
Provisioning
Verifier
Authorization and documentation
Rule Recertification
Rule Modification
Device object selection (object browser)
Provisioning
Rule Recertification
Update metadata

Notes for FMC:

  • Add Access - Designer and Verifier are supported for tickets in Topology mode.

  • Access Request - Support for FMC Zones in non-topology mode.

  • Modify Group and Decommission Network Object supports shared groups/global objects.

  • Overriding objects are not supported for Decommission Network Object and Clone Network Object Policy. They are treated as a regular objects .

  • Provisioning is supported for FMC 6.2.3

  • In workflows in which topology is enabled, in the Workflow Properties dialog:

    • If topology is enabled, path analysis now takes Cisco Network Zones into account.

    • If topology is disabled, when the handler selects the Source and Destination devices, the Advanced Options dialog box will display all possible Cisco Network Zone combinations.

IOS L3 Switch (IOS or IOS XE)

Access Requests
N/A
Add Access
N/A
Clone Server
N/A
Modify Group
N/A
Remove Access
N/A
Rule Decommission
Rule submission from Policy Browserupdate metadata
Rule Modification
Rule submission from Policy Browser
Rule Recertification
Update metadata
Decommission Network Object
N/A

IOS-XR

Access Requests
Manual target selection
Device object selection
Modify Group
Create/modify group
Add Access
Risk Analysis
Verifier
Designer
Authorization and documentation
Auto close
Remove Access
Verifier
Decommission Network Object
Impact Analysis
Verifier
Rule Recertification
Update metadata

Nexus

Access Requests
Manual target selection
Device object selection
Modify Group
Create/modify group
Add Access
Risk Analysis
Verifier
Designer
Provisioning
Provisioning in automatic step
Authorization and documentation Auto close
Remove Access
Verifier
Decommission Network Object
Impact Analysis
Verifier
Rule Recertification
Update metadata

Notes for Nexus:

  • When running Designer on a Nexus device, it is recommended to avoid changing default group names given by Designer for new groups. This is to avoid ambiguity, because Nexus can have the same group name for multiple groups, per protocol type. If you must rename the default group name given by Designer, take extra caution you don’t override it by choosing an existing group name

Routers (IOS or IOS XE)

Access Requests
Manual target selection
Device object selection
Add Access
Risk Analysis
Designer
Syntax-based change instructions
Provisioning
Provisioning in automatic step
Verifier
Authorization and documentation
Auto close
Remove Access
Designer
Syntax-based change instructions
Provisioning
Provisioning in automatic step
Verifier
Rule Decommission
Verifier
Authorization and documentation
Auto close
Decommission Network Object
Impact Analysis
Designer
Provisioning
Verifier
Rule Recertification
Update metadata

Zone-based Firewalls

Access Requests
Manual target selection
Add Access
Verifier
Authorization and documentation
Auto close
Rule Decommission
Update metadata