Managing Access Control Policies

You can edit system-provided access control policies and create custom access control policies.

Procedure

Step 1

Choose Policies > Access Control heading > Access Control.

At the top of the page, there are convenient links to some related features: Object management, Intrusion policies, Network Analysis policies, DNS policies, and policy Import/Export.

Step 2

Manage access control policies:

  • Analyze Policy—Select one or more policy and then click Analyze Policy to evaluate access control policies for anomalies such as redundant or shadowed rules, and take action to fix discovered anomalies. The analysis job is sent to the cloud and takes time to complete. See Identifying and Fixing Anomalies with Policy Analyzer & Optimizer.

    The Anomalies column shows the results of the analysis. Click the % Optimizable link to see the anomalies, or Re-Analyze to run the analysis again. The Last Analyzed column shows when Policy Analyzer & Optimizer was last run.

    After completing analysis and optimization, you can download the reports by selecting the following options from the More (more icon) menu: Download Last Policy Analysis, Remediation History.

    Note

    To use the Policy Analysis feature, you must be using a Cloud-delivered Firewall Management Center or an On-Prem Firewall Management Center connected to Cisco Security Cloud Control (Security Cloud Control). If your setup does not meet requirements, the explanatory dialog that opens when you click this button includes an Integrate button to help get you started. Policy Analyzer & Optimizer operates in the cloud only.

  • Create—Click New Policy; see Creating a Basic Access Control Policy.

  • Columns—Click the Show/Hide Columns icon above the list of rules to select which information to show in the table. Click Show All/Hide All to quickly add or remove all listed columns, excepting name and actions. Click Default to undo all of your customizations.

  • Inheritance—Click Plus next to a policy with descendants to expand your view of the policy's hierarchy.

  • Edit—Click Edit (edit icon); see Editing an Access Control Policy

  • Delete—Click Delete (delete icon). You must remove any device assignments before deleting a policy.

    To delete more than one policy at a time, select the check boxes for the policies, then select Delete Policies above the table.

  • Copy—Select Clone from the More (more icon) menu. Device assignments are not retained in the copy.

  • Report—Select Generate Report from the More (more icon) menu..

  • View the Audit Log—Click Go to Audit Log from the More (more icon).

  • Lock or unlock a policy—See Locking an Access Control Policy.