If the rules you cut or copied contain objects, and you paste those rules into another FTD policy, CDO copies the objects in those rules to the destination FTD when any of the following conditions are met:
For all types of objects (except security zone)
- The destination device does not contain the object; in that case, CDO creates the object in the destination device first and then pastes the rule.
- The destination device contains the object with the same name and the same values as the source device.
For security zone objects
- The destination device contains the security zone object with the same name and the same interfaces as the source.
- The destination device does not contain the same security zone object and has interfaces for use on the destination.
- The destination device contains the security zone object, which is empty and has interfaces for use on the destination.
For objects with Active Directory (AD) realm
- CDO pastes the rule with Active Directory (AD) realm objects only if the realm with the same name already present on the target device.
The paste operation fails in the following conditions:
- If there are differences in the vulnerability, geolocation, intrusion, or URL databases between the two device versions, CDO cannot paste the rules into the target device. You need to recreate the rules manually in the new device.
- If the rule you are adding has a security zone that contains the interface of type 'management-only'.