About FTD Rulesets
A Firepower Threat Defense (FTD) ruleset is a collection of access control rules that can be shared with multiple FTD devices. Any changes made to the rules of a ruleset affect the other managed FTD devices that use this ruleset. An FTD device can have device-specific (local) and shared (rulesets) rules. You can also create rulesets from existing rules in an FTD device.
Important: The "Rulesets" feature is currently available for devices running Firepower Threat Defense version 6.5 or later that are not Snort 3 enabled devices. The following limitations apply:
- You cannot attach rulesets to Snort 3-enabled devices.
- You cannot create a ruleset from an existing device that has Snort 3 installed.
- You cannot associate a custom IPS policy with a ruleset.
Copy or Move Rules associated with Rulesets
It’s possible to copy or move access control rules within a ruleset or across different rulesets. Also, you’re allowed to copy or move rules between local and rulesets. See Copy FTD Access Control Rules and Move FTD Access Control Rules for more information.
Auto-Detect Existing Rulesets
When you onboard a device, CDO auto-detects existing rulesets on them and tries to match them with the rules on the device. On a successful match, CDO automatically attaches the rulesets to the newly onboarded device. However, if there are multiple ruleset matches for the same set of rules on the device, none of them are attached, and you have to assign them manually.
- Configure Rulesets for an FTD
- FTD Rulesets with FTD Templates
- Create Rulesets from Existing Device Rules
- Impact of Out-of-Band Changes on Rulesets
- Impact of Discarding Staged Ruleset Changes
- View FTD Rules and Rulesets
- Change Log Entries after Creating Rulesets
- Detach FTD Devices from a Selected Ruleset
- Delete Rules and Rulesets
- Remove a Ruleset From a Selected FTD device