Skip to main content

 

 

Cisco Defense Orchestrator

Move FTD Access Control Rules

Use this feature to move access control rules by cutting it from their current position in a policy and pasting them to a new position in the same policy or to the policy of a different FTD. You can paste the rule before or after other rules in a policy, so the rule evaluates that network traffic in its proper order within the policy. 

Move Rules within an FTD

To move rules within an FTD device, follow this procedure:

  1. In the CDO navigation bar, click Devices & Services.
  2. Select the FTD device whose policy it is you want to edit.
  3. In the Management pane on the right, click Policy
  4. Select one or more access control rules you want to move and click Cut in the Actions pane on the right. The selected rules are highlighted in yellow. 
    Note: If you want to cancel your selection, select any rule and click Copy.
  5. In the policy where you want to paste the rule(s) you just cut, select the rule that the cut rule(s) should precede or follow and, in the Actions pane, click Paste Before or Paste After
  • Paste Before automatically pastes one or more rules above the selected rule, so the cut rules evaluate network traffic before the selected rule.
  • Paste After automatically pastes one or more rules below the selected rule, so the cut rules evaluate network traffic after the selected rule.

The paste operation can be performed multiple times at any required position. 

Note: When pasting rules within an FTD device, if a rule with the same name exists, '- Copy' is appended to the original name. If the renamed name also exists, '- Copy n' is appended to the original name. For example, 'rule name - Copy 2'.   

  1. Review your changes and Deploy Configuration Changes from Defense Orchestrator to FTD now or wait and deploy multiple changes at once. 

Move a Rule from One FTD Policy to Another FTD Policy

When moving rules from one FTD policy to another FTD policy, objects associated with those rules are copied to the new FTD as well.

CDO validates some conditions when pasting the rules. For more information on those conditions, see Behavior of Objects when Pasting Rules to Another FTD.

To move rules to another FTD device, follow this procedure:

  1. In the CDO navigation bar, click Devices & Services.
  2. Select the FTD device you want to copy the rule from.
  3. In the Management pane on the right, click Policy
  4. Select one or more access control rules you want to move and click Cut in the Actions pane on the right.
  5. Click Devices & Services and navigate to the FTD device you want to move one or more selected rules to. 
  6. In the Management pane on the right, click Policy.
  7. In the policy where you want to paste the rule(s) you just cut, select the rule that your cut rule should precede or follow and, in the Actions pane, click Paste Before or Paste After
    • Paste Before automatically one or more rules above the selected rule, so the cut rules evaluate network traffic before the selected rule.
    • Paste After automatically one or more rules below the selected rule, so the cut rules evaluate network traffic after the selected rule.

The paste operation can be performed multiple times at any required position. 

Note: When pasting rules within an FTD device, if a rule with the same name exists, '-Copy' is appended to the original name. If the renamed name also exists, '- Copy n' is appended to the original name. For example, 'rule name - Copy 2'. 

  1. When you copy rules from one FTD to another, the Configuration Status of source and destination devices are in 'Not Synced' state.  Review your changes and Deploy Configuration Changes from Defense Orchestrator to FTDs now or wait and deploy multiple changes at once. 

 

Related Topics

  • Was this article helpful?