The default Compliance policies and rules don't differentiate between firewalls and routers / switches. I'm trying to figure out a way to have a rule such as "Disable PAD" which checks for the string "no service pad" in the config ignore any ASAs which don't have a PAD service to turn off. I don't want to manually select which nodes the rule checks against, since the possiblility to miss a router or switch by accident is too high.
What I'm looking for is a way to have the rule check that "ASA Version" doesn't exist in the config before checking for "no service pad". There are a few other policy violations that are version specific and show up in the reports even though the IOS version in question doesn't support the command that the rule looks for.
Orion Core 2011.2.2, IPAM 3.0, NCM 7.0.2, NPM 10.2.2, NTA 3.9.0,