Create Access Control Rules Using Dynamic Attributes Filters

This topic discusses how to create access control rules using dynamic objects (these dynamic objects are named after the dynamic attributes filters you created previously).

Before you begin

Create dynamic attributes filters as discussed in Create Dynamic Attributes Filters.

Procedure


Step 1

Log in to CDO.

Step 2

Click Policies > FTD Policies.

Step 3

Click Edit (edit icon) next to an access control policy.

Step 4

Click Add Rule.

Step 5

Click the Dynamic Attributes tab.

Step 6

In the Available Attributes section, from the list, click Dynamic Objects.

The following figure shows an example.

Configure Dynamic Attributes created using the dynamic attributes connector as dynamic objects in access control rules. Use those exactly as you would network objects.

The preceding example shows a dynamic object named FinanceNetwork that corresponds to the dynamic attribute filter created in the Dynamic Attributes Connector.
Step 7

Add the desired object to source or destination attributes.

Step 8

Add other conditions to the rule if desired.


What to do next

Access Control chapter in the Cisco Secure Firewall Management Center Device Configuration Guide (link to chapter)