Create Access Control Rules Using Dynamic Attributes Filters

This topic discusses how to create access control rules using dynamic objects (these dynamic objects are named after the dynamic attributes filters you created previously).

Before you begin

Create dynamic attributes filters as discussed in Create Dynamic Attributes Filters.
Note

You cannot create dynamic attributes filters for AWS, Azure, Azure Service Tags, Cisco Multicloud Defense, Generic Text, GitHub, Google Cloud, and Outlook 365, pxGrid cloud identity source, vCenter, Webex, and Zoom). These types of cloud objects provide their own IP addresses.

Procedure


Step 1

Log in to Security Cloud Control.

Step 2

Click Policies > FTD Policies.

Step 3

Click Edit (edit icon) next to an access control policy.

Step 4

Click Add Rule.

Step 5

Click the Dynamic Attributes tab.

Step 6

In the Available Attributes section, from the list, click Dynamic Objects.

The following figure shows an example.

Configure Dynamic Attributes created using the dynamic attributes connector as dynamic objects in access control rules. Use those exactly as you would network objects.

The preceding example shows a dynamic object named FinanceNetwork that corresponds to the dynamic attribute filter created in the Cisco Secure Dynamic Attributes Connector.

Step 7

Add the desired object to source or destination attributes.

Step 8

Add other conditions to the rule if desired.


What to do next

Dynamic Attributes Rule Conditions in the Cisco Secure Firewall Management Center Device Configuration Guide.