Prefilter Policy
Location in GUI:
Policies » Prefilter
Diagram
Classes
policies (fmc.domains)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| prefilter_policies | List | [prefilter_policies] | No |
prefilter_policies (fmc.domains.policies)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.+ -]{1,64}$ | Yes | |
| description | String | max: 255 | No | |
| action | Choice | BLOCK_TUNNELS, ANALYZE_TUNNELS | No | |
| log_begin | Boolean | true, false | No | |
| log_end | Boolean | true, false | No | |
| send_events_to_fmc | Boolean | true, false | No | |
| snmp_config | String | No | ||
| syslog_config | String | No | ||
| rules | List | [rules] | No |
rules (fmc.domains.policies.prefilter_policies)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.+ -]{1,64}$ | Yes | |
| action | Choice | FASTPATH, ANALYZE, BLOCK | Yes | |
| rule_type | Choice | PREFILTER, TUNNEL | Yes | |
| bidirectional | Boolean | true, false | No | |
| destination_interfaces | List | String | No | |
| destination_network_literals | List | IP | No | |
| destination_network_objects | List | String | No | |
| destination_port_literals | List | [destination_port_literals] | No | |
| destination_port_objects | List | String | No | |
| enabled | Boolean | true, false | No | |
| encapsulation_ports | Choice | GRE, IP_IN_IP, IPV6_IN_IP, TEREDO | No | |
| log_begin | Boolean | true, false | No | |
| log_end | Boolean | true, false | No | |
| send_events_to_fmc | Boolean | true, false | No | |
| send_syslog | Boolean | true, false | No | |
| snmp_config | String | No | ||
| source_interfaces | List | String | No | |
| source_network_literals | List | IP | No | |
| source_network_objects | List | String | No | |
| source_port_literals | List | [source_port_literals] | No | |
| source_port_objects | List | String | No | |
| syslog_config | String | No | ||
| syslog_severity | Choice | ALERT, CRIT, DEBUG, EMERG, ERR, INFO, NOTICE, WARNING | No | |
| time_range | String | No | ||
| tunnel_zone | String | No | ||
| vlan_tag_literals | List | Integer[min: 1, max: 4095] | No | |
| vlan_tag_objects | List | String | No |
destination_port_literals (fmc.domains.policies.prefilter_policies.rules)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| port | Integer | min: 1, max: 65535 | Yes | |
| protocol | Choice | TCP, UDP | Yes |
Examples
Prerequisites:
fmc:
domains:
- name: Global
objects:
hosts:
- name: MyHostName1
ip: 10.10.10.10
networks:
- name: MyNetworkName1
prefix: 10.10.10.0/24
ports:
- name: MyPortName1
port: 8080
protocol: TCP
security_zones:
- name: MySecurityZoneName1
- name: MySecurityZoneName2
Prefilter Policy
fmc:
domains:
- name: Global
policies:
prefilter_policies:
- name: MyPrefilterPolicyName1
default_action: ANALYZE_TUNNELS
rules:
- name: MyPrefilterRuleName1
action: FASTPATH
rule_type: PREFILTER
source_interfaces:
- MySecurityZoneName1
destination_network_objects:
- MyHostName1
source_network_objects:
- MyNetworkName1
destination_interfaces:
- MySecurityZoneName2
destination_port_objects:
- MyPortName1