Configure Dynamic Attributes Conditions

When you configure dynamic attributes for an access control rule, objects of the same type are ORed together and objects of different types are ANDed together. An example is shown at the end of this topic.

Note

This procedure is based on the Legacy UI. In the New UI Layout you can add dynamic attributes by clicking Add (add icon) in the Sources and Destinations and Applications fields.

Before you begin

Create some dynamic objects and understand how those objects are used in access control policy.

For more information about dynamic objects, see About API-Created Dynamic Objects.

For more information about how dynamic objects are used in access control policy, see Dynamic Attributes Rule Conditions.

Procedure

Step 1

In the rule editor, click Dynamic Attributes.

Step 2

Do any of the following in the Available Attributes section:

  • Enter part of all of the name of an attribute in the field.

  • Click Security Group Tag or Dynamic Objects to view only objects of that type.

Step 3

To apply the objects you selected to source matching criteria, click Add to Source.

Step 4

To apply the objects you selected to destination matching criteria, click Add to Destination.

Step 5

When you're finished configuring the rule, click Save.

Example: Using multiple source conditions in a block rule

The following example blocks traffic from Security Group Tags Contractors or Guests; and device types Android or Blackberry from accessing the dynamic object __azure1 .

Configure External Attributes in an access control rule to block traffic from Security Group Tags Contractors or Guests; and device types Android or Blackberry from accessing the dynamic object __azure1

What to do next

  • Deploy configuration changes.