Create Access Control Rules Using Dynamic Attributes Filters

This topic discusses how to create access control rules using dynamic objects.

Before you begin

Create dynamic attributes filters as discussed in Create Dynamic Attributes Filters.
Note

You cannot create dynamic attributes filters for AWS, Azure, Azure Service Tags, Cisco Multicloud Defense, GitHub, Google Cloud, and Outlook 365, vCenter, Webex, and Zoom). These types of cloud objects provide their own IP addresses.

Procedure

Step 1

Log in to CDO.

Step 2

Click Policies > FTD Policies.

Step 3

Click Edit (edit icon) next to an access control policy.

Step 4

Click Add Rule.

Step 5

Click the Dynamic Attributes tab.

Step 6

In the Available Attributes section, from the list, click Dynamic Objects.

The following figure shows an example.

Configure Dynamic Attributes created using the dynamic attributes connector as dynamic objects in access control rules. Use those exactly as you would network objects.

The preceding example shows a dynamic object named FinanceNetwork that corresponds to the dynamic attribute filter created in the Cisco Secure Dynamic Attributes Connector.

Step 7

Add the desired object to source or destination attributes.

Step 8

Add other conditions to the rule if desired.

What to do next

Access Control chapter in the Cisco Secure Firewall Management Center Device Configuration Guide (link to chapter)