Open for Voting
over 2 years ago

Access Control List Management Features

Enhancement to Configuration Manager that has a workflow something like this;  Create ACL {For which group? - choose location, device,etc}  -> Type of ACL { Wizard or create from template} -> Associate ACL {Which object to apply ACL to ? - pick from vty,interface, etc. } -> Networks { choose networks and hosts - permit, deny } ->  Finalize {Show / Evaluate / Apply}.  Review {Ability to DIFF/analyze these ACLS} and evaluate filters, ability to execute inline edits, redistribute while in editing tool. ability to optimize for performace based upon hits.

Parents
  • Honestly I think FWSM is a crock.  That whole product is just a select set of features that should have just been put in NCM.  Compliance Reports anyone?  From NCM or FWSM?  They should just combine the products/teams and get to work on making NCM better.

    I use the same ACL between many devices so I would LOVE to have one place to edit the ACL and have NCM make sure that ACL matches on every device its deployed to.  Service Templates.

Comment
  • Honestly I think FWSM is a crock.  That whole product is just a select set of features that should have just been put in NCM.  Compliance Reports anyone?  From NCM or FWSM?  They should just combine the products/teams and get to work on making NCM better.

    I use the same ACL between many devices so I would LOVE to have one place to edit the ACL and have NCM make sure that ACL matches on every device its deployed to.  Service Templates.

Children
  • I completely agree with you JustinY.  I have no need or justification for FSM (as it can't manage my firewalls anyway), but definitely feel that ACL management should be a subset of an application called Network Configuration Manager.  Especially since the data is being pulled from the NCM database (Now Orion Core) device configuration files.  It is like an add-on for an add-on.  Sure seems like there should be an out-of-the-box "ACL" compliance report that could be applied by device type, ip range, or group membership.  This is a compliance feature, not a Firewall Management function.