Extended Access List
Location in GUI:
Objects » Object Management » Access List » Extended
Diagram
Classes
objects (fmc.domains)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| extended_access_lists | List | [extended_access_lists] | No |
extended_access_lists (fmc.domains.objects)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.+-]{1,64}$ | Yes | |
| logging | Choice | PER_ACCESS_LIST_ENTRY, DEFAULT, DISABLED | No | |
| log_level | Choice | ALERT, CRIT, DEBUG, EMERG, ERR, INFORMATIONAL, NOTICE, WARNING | No | |
| log_interval | Integer | min: 1, max: 600 | No | |
| entries | List | [entries] | Yes |
entries (fmc.domains.objects.extended_access_lists)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| action | Choice | DENY, PERMIT | Yes | |
| logging | Choice | PER_ACCESS_LIST_ENTRY, DEFAULT, DISABLED | Yes | |
| destination_network_literals | List | String | No | |
| destination_network_objects | List | String | No | |
| destination_port_literals | List | [destination_port_literals] | No | |
| destination_port_objects | List | String | No | |
| source_network_literals | List | String | No | |
| source_network_objects | List | String | No | |
| source_sgt_objects | List | String | No | |
| source_port_literals | List | [source_port_literals] | No | |
| source_port_objects | List | String | No |
destination_port_literals (fmc.domains.objects.extended_access_lists.entries)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| port | Integer | min: 1, max: 65535 | Yes | |
| protocol | Choice | TCP, UDP | Yes |
Examples
Prerequisites:
fmc:
domains:
- name: Global
objects:
hosts:
- name: MyHostName1
ip: 10.10.10.10
networks:
- name: MyNetworkName1
prefix: 10.10.10.0/24
ports:
- name: MyPortName1
port: 8080
protocol: TCP
sgts:
- name: MySGTName1
tag: 123
Extended Access List:
fmc:
domains:
- name: Global
objects:
extended_access_lists:
- name: MyExtendedACLName1
entries:
- action: PERMIT
logging: DEFAULT
source_network_literals:
- 13.13.13.13
source_network_objects:
- MyHostName1
source_port_literals:
- protocol: TCP
port: 8080
source_port_objects:
- MyPortName1
source_sgt_objects:
- MySGTName1
destination_network_literals:
- 13.13.13.13
destination_network_objects:
- MyNetworkName1
destination_port_literals:
- protocol: TCP
port: 8080
destination_port_objects:
- HTTPS