Skip to main content

 

 

Cisco Defense Orchestrator

Configure Rulesets for an FTD

Use the sections below to create and deploy a ruleset:  

  1. Create a ruleset.
    1. Create a new ruleset and assign rules to it.
    2. Assign objects to the rules. 
    3. Set the priority of the ruleset.
    4. Change the order of the rules if required. 
  2. Deploy a ruleset to multiple FTD devices.
    1. Attach multiple devices to a ruleset.
    2. Review and deploy the ruleset to the devices.

Create or Edit a Ruleset

You can create a ruleset and add new access control rules to it. 

Use the following procedure to create a ruleset for multiple FTD devices:

  1. In the navigation pane, click Policies > Rulesets
  2. Click the plus blue_cross_button.png button to create a new ruleset.
    Note: To edit an existing ruleset, 
    select the ruleset and click the edit icon pencil.png
  3. Enter a name for the ruleset and then click Create
  4. Create access control rules to add them to the ruleset. See Configure the Firepower Threat Defense Access Control Policy for instructions. 
    Note: Access Control rules in the rulesets don't support criteria for Users criteria.
  5. In the upper right corner of the window, select the ruleset's priority PolicyPriority.JPG. The priority can be set when the device is not attached to the ruleset. 
    This selection affects all of the rules included in this ruleset and how it is handled on the devices:
    • Top- The ruleset is processed before all other rules on the device. Rules are ordered at the top of the rule list and are processed first. No other ruleset can precede the rules in this policy. You can only have one mandatory ruleset per device. 
    • Bottom- The ruleset is processed after all other rules on the device. Other than the policy's default action, no other ruleset can succeed the rules in this policy. You can only have one default ruleset per device. 

Note: The priority cannot be changed when a ruleset is attached to a device. You have to detach the device and change the priority.

  1. Click Save. You can create as many rules as you want.

Note:

  • You can change the order of rules in a ruleset even if you have devices attached to the ruleset. Use the following procedure to change the priority of the ruleset:
  1. In the navigation pane, click Policies > Rulesets and select the ruleset you want to modify.
  2. Select a rule that you want to move. 
  3. Hover the cursor inside the rule row and use the Move Up UpArrow.JPG or Move Down DownArrow.JPG arrow to move the rule to the desired order. 
  • CDO allows you to override objects associated with the rules of a ruleset. When you add a new object to a rule, you can override it only after you attach a device to the ruleset and save the changes.

Deploy a Ruleset to Multiple FTD Devices or Templates

You must attach a ruleset to a device or template for the rules to be enforced. After reviewing the changes, you can deploy the configuration on the device. When you apply a template to a new FTD device, the ruleset included in the template is pushed to the device. 

For more information, see FTD Rulesets with FTD Templates.

Before you begin, consider the following information:

  • You can only attach a ruleset to FTD devices that are already onboarded to CDO. 
  • A device can have only one default or mandatory ruleset. 
  • After you attach or remove a device from a ruleset, the changes are staged in CDO but not deployed, and the device becomes Not Synced with CDO. Deploy the changes to the device by clicking the deploy_pending_icon.jpg icon from the top right corner of the screen.
  • After you attach a device, the new rules associated with rulesets don't overwrite existing rules associated with the device. 

You can associate rulesets with devices in two ways:

  • Add devices to a Ruleset from the Ruleset page.
  • Add Rulesets to a device from the Device Policy page.

Add Devices to a Ruleset from the Ruleset page

  1. In the navigation pane, click Policies > Rulesets
  2. Select the ruleset you want to assign to FTD devices.
  3. On the top right corner, click the Device button RulesetsDevices.JPG appearing beside Ruleset for.
  4. Select from the list of eligible FTD devices and click Save.
  5. Click Save in the upper right corner to save the changes made to the ruleset. Saving the ruleset stages the changes to CDO. 
    Note: Each time you modify a ruleset, you must click Save. By doing this operation, all changes are staged to CDO. You have to deploy the changes manually.
  6. Click Confirm. Saving the ruleset stages the changes to CDO.
  7. Review and deploy the changes you made, or wait and deploy multiple changes at once. 
    If you discard the staged ruleset changes on a device, see Impact of Discarding Staged Ruleset Changes for information. 

Add Rulesets to a Device from the Device Policy page

  1. In the navigation pane, click Devices & Services
  2. Select the device that you want from the list and in the Management pane on the right, click Policy.
  3. Click the AddRulesetToDevice.JPG button appearing in the upper right corner of the window.
  4. Select a ruleset that you want and click Attach Ruleset. The ruleset gets added to the device based on the priority of the ruleset.

Related Topics

  • Was this article helpful?