Skip to main content

 

 

Cisco Defense Orchestrator

Copy FTD Access Control Rules

Use this procedure to copy access control rules by copying it from their current position and pasting them to a new position in the same policy or by pasting them to the policy of a different FTD. You can paste the rule before or after other rules in the policy, so the rule evaluates that network traffic in its proper order within the policy. 

Copy Rules within an FTD

To copy rules within an FTD device, follow this procedure:

  1. In the CDO navigation bar, click Devices & Services.
  2. Select the FTD device you whose policy it is you want to edit.
  3. In the Management pane on the right, click Policy
  4. Select one or more access control rules you want to copy and click Copy in the Actions pane on the right. 
  5. In the policy where you want to paste the rule(s), select the rule that your copied rule(s) should precede or follow and, in the Actions pane, click Paste Before or Paste After.  
    • Paste Before automatically pastes one or more copied rules above the selected rule, so the copied rule is ordered above it.
    • Paste After automatically pastes one or more copied rules below the selected rule, so the copied rule is ordered below it. 

The paste operation can be performed multiple times at any required position. 

Note: When pasting rules within an FTD device, if a rule with the same name exists, '- Copy' is appended to the original name. If the renamed name also exists, '- Copy n' is appended to the original name. For example, 'rule name - Copy 2'.

  1. Review your changes and Deploy Configuration Changes from Defense Orchestrator to FTD now or wait and deploy multiple changes at once. 

Copy Rules from One FTD Policy to Another FTD Policy

When copying rules from one FTD policy to another FTD policy, objects associated with those rules are copied to the new FTD as well.

CDO validates some conditions when pasting the rules. For more information, see Behavior of Objects when Pasting Rules to Another FTD.

Important: CDO allows you to copy rules from one FTD to another FTD only if the same software versions on both devices are the same. If the software version is different, the "Rules could not be pasted because they are not compatible with the version of this device" error appears when you attempt to paste the rules. You can click the Details link to know the details. 

To copy rules to another FTD device, follow this procedure:

  1. In the CDO navigation bar, click Devices & Services.
  2. Select the FTD device you want to copy the rule from.
  3. In the Management pane on the right, click Policy
  4. Select one or more access control rules you want to copy and click Copy in the Actions pane on the right.
  5. Click Devices & Services and navigate to the FTD device you want to paste the rules to. 
  6. In the Management pane on the right, click Policy
  7. In the policy where you want to paste the rule(s) you just copied, select the rule that your copied rule(s) should precede or follow and, in the Actions pane, click Paste Before or Paste After
  8. Select any access control rule you want for pasting the copied rules around it and in the Actions pane, click either Past Before or Paste After
    • Paste Before automatically one or more rules above the selected rule, so the copied rules evaluate network traffic before the selected rule.
    • Paste After automatically one or more rules below the selected rule, so the copied rules evaluate network traffic after the selected rule.

The paste operation can be performed multiple times at any required position. 

Note: When pasting rules to another FTD device, if a rule with the same name exists, '-Copy' is appended to the original name. If the renamed name also exists, '-Copy n' is appended to the original name. For example, 'rule name-Copy 2'. 

  1. When you copy rules from one FTD to another, the Configuration Status of the destination device is in 'Not Synced' state. Review your changes and Deploy Configuration Changes from Defense Orchestrator to FTD now or wait and deploy multiple changes at once. 

 

Related Topics

  • Was this article helpful?