Add Additional Values to a Shared Network Group in Security Cloud Control

The values in a shared network group that are present on all devices associated with it are called "default values". Security Cloud Control allows you to add "additional values" to the shared network group and assign those values to some devices associated with that shared network group. When Security Cloud Control deploys the changes to the devices, it determines the contents and pushes the "default values" to all devices associated with the shared network group and the "additional values" only to the specified devices.

For example, consider a scenario where you have four AD main servers in your head office that should be accessible from all your sites. Therefore, you have created an object group named "Active-Directory" to use it in all your sites. Now you want to add two more AD servers to one of your branch offices. You can do this by adding their details as additional values specific to that branch office on the object group "Active-Directory". These two servers do not participate in determining whether the object "Active-Directory" is consistent or shared. Therefore, the four AD main servers are accessible from all your sites, but the branch office (with two additional servers) can access two AD servers and four AD main servers.

Note

If there are inconsistent shared network groups, you can combine them into a single shared network group with additional values. See Resolve Inconsistent Object Issues for more information.

Caution

If cloud-delivered Firewall Management Center is deployed on your tenant:

Changes you make to the ASA, FDM, and FTD network objects and groups are reflected in the corresponding cloud-delivered Firewall Management Center network object or group. In addition, an entry is created in the Devices with Pending Changes page for each on-premises management center with Discover & Manage Network Objects enabled, from which you can choose and deploy the changes to the on-premises management center on which you have these objects.

Deleting a network object or group from either page deletes the object or group from both pages.

Procedure


Step 1

In the left pane, click Objects.

Step 2

Locate the shared network group you want to edit by using object filters and search field.

Step 3

Click the edit icon in the Actions pane.

  • The Devices field shows the devices the shared network group is present.

  • The Usage field shows the rulesets associated with the shared network group.

  • The Default Values field specifies the default network objects and their values associated with the shared network group that was provided during their creation. Next to this field, you can see the number of devices that contain this default value, and you can click to see their names and device types. You can also see the rulesets associated with this value.

Step 4

In the Additional Values field, enter a value or name. When you start typing, Security Cloud Control provides object names or values that match your entry.

Step 5

You can choose one of the existing objects shown or create a new one based on the name or value that you have entered.

Step 6

If Security Cloud Control finds a match, to choose an existing object, click Add to add the network object or network group to the new network group.

Step 7

If you have entered a value or object that is not present, you can perform one of the following:

  • Click Add as New Object With This Name to create a new object with that name. Enter a value and click the checkmark to save it.

  • Click Add as New Object to create a new object. The object name and value are the same. Enter a name and click the checkmark to save it.

  • Click Add Value to create an inline value without using an object. Enter a value and click the checkmark to save it.

It's is possible to create a new object even though the value is already present. You can make changes to those objects and save them.

Step 8

In the Devices column, click the cell associated with the newly added object and click Add Devices.

Step 9

Select the devices that you want and click OK.

Step 10

Click Save. Security Cloud Control displays the devices that will be affected by the change.

Step 11

Click Confirm to finalize the change to the object and any devices affected by it.

Step 12

Preview and Deploy Configuration Changes for All Devices.