Access Policy

Location in GUI: Policies » Access Control

Diagram

Classes

policies (fmc.domains)

Name	Type	Constraint	Mandatory	Default Value
access_policies	List	[access_policies]	No

access_policies (fmc.domains.policies)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: ^[a-zA-Z0-9_ -]{1,64}$	Yes
description	String	max: 255	No
default_action	Choice	BLOCK, TRUST, PERMIT, NETWORK_DISCOVERY, INHERIT_FROM_PARENT	No	BLOCK
base_ips_policy	String		No
send_events_to_fmc	Boolean	true, false	No	false
enable_syslog	Boolean	true, false	No
log_begin	Boolean	true, false	No	false
log_end	Boolean	true, false	No	false
syslog_config_id	String		No
access_rules	List	[access_rules]	No
categories	List	[categories]	No

access_rules (fmc.domains.policies.access_policies)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: ^[a-zA-Z0-9_ -]{1,50}$	Yes
action	Choice	ALLOW, TRUST, BLOCK, MONITOR, BLOCK_RESET, BLOCK_INTERACTIVE, BLOCK_RESET_INTERACTIVE	Yes
enabled	Boolean	true, false	No	true
category	String		No
destination_dynamic_objects	List	String	No
destination_network_objects	List	String	No
destination_network_literals	List	String	No
destination_port_objects	List	String	No
destination_port_literals	List	String	No
destination_sgts	List	String	No
destination_zones	List	String	No
enable_syslog	Boolean	true, false	No	false
file_policy	String		No
ips_policy	String		No
variable_set	String		No
vlan_tags	List	String	No
log_connection_begin	Boolean	true, false	No
log_connection_end	Boolean	true, false	No
log_files	Boolean	true, false	No
new_comments	String		No
section	Choice	mandatory, default	No
send_events_to_fmc	Boolean	true, false	No
source_dynamic_objects	List	String	No
source_network_objects	List	String	No
source_network_literals	List	String	No
source_port_objects	List	String	No
source_port_literals	List	String	No
source_sgts	List	String	No
source_zones	List	String	No
syslog_config	String		No
syslog_severity	Choice	ALERT, CRIT, DEBUG, EMERG, ERR, INFO, NOTICE, WARNING	No
urls	List	String	No

categories (fmc.domains.policies.access_policies)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: ^[a-zA-Z0-9_ -]{1,50}$	Yes
section	Choice	mandatory, default	No

Examples

fmc:
  domains:
    - name: Global
      policies:
        access_policies:
          - name: MyAccessPolicyName1
            categories:
              - name: MyCategoryName1
                section: mandatory      
            access_rules:
              - name: MyAccessRuleNAme1
                action: ALLOW
                category: MyCategoryName1                 
                source_zones:
                - outside
                destination_zones:
                - inside
                source_networks:
                - any-ipv4
                destination_networks:
                - Server_1
                destination_ports:
                - HTTP
                ips_policy: MyIntrusionPolicyName1
                log_connection_begin: true
                log_connection_end: true
                log_files: false
                send_events_to_fmc: true