Dynamic Objects

A dynamic object is an object that specifies one or many IP addresses retrieved either using REST API calls or using the Cisco Secure Dynamic Attributes Connector, which is capable of updating IP addresses from cloud sources. These dynamic objects can be used in access control rules without the need to deploy the access control policy afterward.

Note

Unlike most other objects, dynamic objects do not have to be deployed to managed devices to take effect. Just add dynamic objects to the Dyamic Attributes tab page of your access control rule; the object values are automatically updated on the managed device as soon as possible after being pushed by the Cisco Secure Dynamic Attributes Connector.

There are the following kinds of dynamic objects:

• Dynamic objects created using the dynamic attributes connector are pushed to the management center as soon as they're created and are updated at a regular interval.

• API-created dynamic objects:

  • Are IP addresses, with or without or classless inter-domain routing (CIDR), that can be used in access control rules much like a network object.

  • Do not support fully-qualified domain names or address ranges.

  • Must be updated using an API.

  For more information about API-created dynamic objects, see About API-Created Dynamic Objects.