Create an SGT Group

To create an SGT group that can be used for an access control rule, use the following procedure:

Before you begin

You must have the following configurations or environments configured prior to creating a security group tag (SGT) group:

  • FDM-managed device must be running at least Version 6.5.

  • You must configure the ISE identity source to subscribe to SXP mappings and enable deploy changes. To manage SXP mappings, see Configure Security Groups and SXP Publishing in ISE of the Firepower Device Manager Configuration Guide for the version you're using, Version 6.7 and later.

  • All SGTs must be created in ISE. To create an SGT, see the Cisco Identity Services Engine Configuration Guide of the version your are currently running.

Procedure

Step 1

In the CDO navigation bar on the left, click Objects > FDM Objects.

Step 2

Click the blue plus button to create an object.

Step 3

Click FTD > Network.

Step 4

Enter an Object Name.

Step 5

(Optional) Add a description.

Step 6

Click SGT and use the drop-down menu to check all the applicable SGTs you want included in the group. You can sort the list by SGT name.

Step 7

Click Save.

Note

You cannot create or edit SGTs in CDO, you can only add or remove them from an SGT group. To create or edit an SGT, see the Cisco Identity Services Engine Configuration Guide of the version you are currently running.