Automated Policy Change Commands
For Cisco ASA and Juniper SRX devices, Policy Planner generates a list of CLI commands that you can use to implement policy changes. This allows you to save time and decrease the potential for human error that can come from manual changes to firewall devices.
The Generate CLI Automation Commands check box must be selected in the Policy Automation section of device settings in the Administration module.
Note: If a ticket requires changes for Cisco and Juniper devices as well as other devices, CLI commands will only appear for the Cisco and Juniper devices.
Note: If a more current revision exists than the revision that was used to generate the CLI commands, the text "Updates Needed" will appear next to a device name. FireMon recommends that you regenerate all CLI commands for those devices.
FireMon, LLC does not warrant and specifically disclaims any representations that the feature will meet your requirements or that the operation of the feature and/or its use will be uninterrupted or error free, or that defects, if any, will be corrected. FireMon recommends that you first test this feature in a non-production environment before implementing in a production environment.
- In the Review task, scroll to the bottom of the Analysis tab. The CLI commands appear grouped by device under the Requirements.
- Review the ticket as needed.
- In the Implement task, scroll the bottom of the Change Plan tab. The CLI commands appear grouped by device under the Requirements.
- For each device for which the CLI is provided, complete the following steps.
- Copy the CLI commands.
- Log into the corresponding device and open a terminal.
- Paste the CLI commands into the terminal and press Enter.
- In Policy Planner, click Complete.
If the device has changed since the original CLI generation, the Refresh button is now present on the Tasks tab when in the Implement task when you click Show to view the CLI command.