Managing Access Control Policies

At the top of the page, there are convenient links to some related features: Object management, Intrusion policies, Network Analysis policies, DNS policies, and policy Import/Export.

• Analyze Policy—Select one or more policy and then click Analyze Policies to evaluate access control policies for anomalies such as redundant or shadowed rules, and take action to fix discovered anomalies. The analysis job is sent to the cloud and takes time to complete. See Identifying and Fixing Anomalies with Policy Analyzer & Optimizer.

  The Anomalies column shows the results of the analysis. Click the % Optimizable link to see the anomalies, or Re-Analyze to run the analysis again. The Last Analyzed column shows when Policy Analyzer & Optimizer was last run.

  After completing analysis and optimization, you can download the reports by selecting the following options from the More () menu: Download Last Policy Analysis, Remediation History.

  Note

  To use the Policy Analysis feature, you must be using a Cloud-Delivered Firewall Management Center or an On-Prem Firewall Management Center connected to Cisco Security Cloud Control (Security Cloud Control). If your setup does not meet requirements, the explanatory dialog that opens when you click this button includes an Integrate button to help get you started. Policy Analyzer & Optimizer operates in the cloud only.

• Create—Click New PolicyNew Policy; see Creating a Basic Access Control Policy.

• Columns—Click the Show/Hide Columns icon above the list of rules to select which information to show in the table. Click Show All/Hide All to quickly add or remove all listed columns, excepting name and actions. Click Default to undo all of your customizations.

• Inheritance—Click Plus next to a policy with descendants to expand your view of the policy's hierarchy.

• Edit—Click Edit (); see Editing an Access Control Policy

• Delete—Click Delete (). You must remove any device assignments before deleting a policy.

  To delete more than one policy at a time, select the check boxes for the policies, then select Delete Policies above the table.

• Copy—Select Clone from the More () menu. Device assignments are not retained in the copy.

• Report—Select Generate Report from the More () menu. The report is generated as a background process. Go to the message/notifications center and look in the Tasks list. When the report is finished, you can download it from the notification.

• View the Audit Log—Click Go to Audit LogGo to Audit Log from the More ().

• Lock or unlock a policy—See Locking an Access Control Policy.