Skip to main content



Cisco Defense Orchestrator

FTD Rulesets

About FTD Rulesets 

A Firepower Threat Defense (FTD) ruleset is a collection of access control rules that can be shared with multiple FTD devices. Any changes made to the rules of a ruleset affect the other managed FTD devices that use this ruleset. An FTD device can have device-specific (local) and shared (rulesets) rules. You can also create rulesets from existing rules in an FTD device. 

Copy or Move Rules associated with Rulesets

It’s possible to copy or move access control rules within a ruleset or across different rulesets. Also, you’re allowed to copy or move rules between local and rulesets. See Copy FTD Access Control Rules and Move FTD Access Control Rules for more information. 

Note: The Rulesets feature is currently available for devices running Firepower Threat Defense version 6.5 or later.

Auto-Detect Existing Rulesets

When you onboard a device, CDO auto-detects existing rulesets on them and tries to match them with the rules on the device. On a successful match, CDO automatically attaches the rulesets to the newly onboarded device. However, if there are multiple ruleset matches for the same set of rules on the device, none of them are attached, and you have to assign them manually.

Related Topics


  • Was this article helpful?