FlexConfig Policy Object Variables

A policy object variable is associated with a specific policy object configured in the Object Manager. When you insert a policy object variable in a FlexConfig object, you give the variable a name and select the object associated with it.

Although you can give the variable the exact same name as the associated object, the variable itself is not the same thing as the associated object. You must use the Insert > Insert Policy Object > Object Type menu in the FlexConfig object editor to add the variable for the first time to the script in the FlexConfig to establish the association with the object. Simply typing in the name of the object preceded by a $ sign does not create a policy object variable.

You can create variables to point to the following types of object. Ensure that you create the right type of object for each variable. To create objects, go to the Objects > Object Management page.

  • Text Objects—For text strings, which can include IP addresses, numbers, and other free-form text such as interface or zone names. Select FlexConfig > Text Object from the table of contents, then click Add Text Object. You can configure these objects to contain a single value or multiple values. These objects are highly flexible and built specifically for use within FlexConfig objects. For detailed information, see Configure FlexConfig Text Objects.

  • Network—For IP addresses. You can use network objects or groups. Select Network from the table of contents, then select Add Network > Add Object or Add Group. If you use a group object, the variable returns a list of each IP address specification within the group. Addresses can be host, network, or address ranges, depending on the object contents. See Network.

  • Security Zones—For interfaces within a security zone or interface group. Select Interface from the table of contents, then select Add > Security Zone or Interface Group. A security zone variable returns a list of the interfaces within that zone or group for the device being configured. See Interface.

  • Standard ACL Object—For standard access control lists. A standard ACL variable returns the name of the standard ACL object. Select Access List > Standard from the table of contents, then click Add Standard Access List Object. See Access List.

  • Extended ACL Object—For extended access control lists. An extended ACL variable returns the name of the extended ACL object. Select Access List > Extended from the table of contents, then click Add Extended Access List Object. See Access List.

  • Route Map—For route map objects. A route map variable returns the name of the route map object. Select Route Map from the table of contents, then click Add Route Map. See Route Map.