Skip to main content

Prefilter Policy

Location in GUI: Policies » Prefilter

Diagram

Classes

policies (fmc.domains)

NameTypeConstraintMandatoryDefault Value
prefilter_policiesList[prefilter_policies]No

prefilter_policies (fmc.domains.policies)

NameTypeConstraintMandatoryDefault Value
nameStringRegex: ^[a-zA-Z0-9_.+ -]{1,64}$Yes
descriptionStringmax: 255No
actionChoiceBLOCK_TUNNELS, ANALYZE_TUNNELSNo
log_beginBooleantrue, falseNo
log_endBooleantrue, falseNo
send_events_to_fmcBooleantrue, falseNo
snmp_configStringNo
syslog_configStringNo
rulesList[rules]No

rules (fmc.domains.policies.prefilter_policies)

NameTypeConstraintMandatoryDefault Value
nameStringRegex: ^[a-zA-Z0-9_.+ -]{1,64}$Yes
actionChoiceFASTPATH, ANALYZE, BLOCKYes
rule_typeChoicePREFILTER, TUNNELYes
bidirectionalBooleantrue, falseNo
destination_interfacesListStringNo
destination_network_literalsListIPNo
destination_network_objectsListStringNo
destination_port_literalsList[destination_port_literals]No
destination_port_objectsListStringNo
enabledBooleantrue, falseNo
encapsulation_portsChoiceGRE, IP_IN_IP, IPV6_IN_IP, TEREDONo
log_beginBooleantrue, falseNo
log_endBooleantrue, falseNo
send_events_to_fmcBooleantrue, falseNo
send_syslogBooleantrue, falseNo
snmp_configStringNo
source_interfacesListStringNo
source_network_literalsListIPNo
source_network_objectsListStringNo
source_port_literalsList[source_port_literals]No
source_port_objectsListStringNo
syslog_configStringNo
syslog_severityChoiceALERT, CRIT, DEBUG, EMERG, ERR, INFO, NOTICE, WARNINGNo
time_rangeStringNo
tunnel_zoneStringNo
vlan_tag_literalsListInteger[min: 1, max: 4095]No
vlan_tag_objectsListStringNo

destination_port_literals (fmc.domains.policies.prefilter_policies.rules)

NameTypeConstraintMandatoryDefault Value
portIntegermin: 1, max: 65535Yes
protocolChoiceTCP, UDPYes

Examples

Prerequisites:

fmc:
domains:
- name: Global
objects:
hosts:
- name: MyHostName1
ip: 10.10.10.10
networks:
- name: MyNetworkName1
prefix: 10.10.10.0/24
ports:
- name: MyPortName1
port: 8080
protocol: TCP
security_zones:
- name: MySecurityZoneName1
- name: MySecurityZoneName2

Prefilter Policy

fmc:
domains:
- name: Global
policies:
prefilter_policies:
- name: MyPrefilterPolicyName1
default_action: ANALYZE_TUNNELS
rules:
- name: MyPrefilterRuleName1
action: FASTPATH
rule_type: PREFILTER
source_interfaces:
- MySecurityZoneName1
destination_network_objects:
- MyHostName1
source_network_objects:
- MyNetworkName1
destination_interfaces:
- MySecurityZoneName2
destination_port_objects:
- MyPortName1