Skip to content
Network as Code

Policy List

Location in GUI: Objects » Object Management » Policy List

Diagram

Section titled “Diagram”
Diagram

Classes

Section titled “Classes”

objects (fmc.domains)

Section titled “objects (fmc.domains)”
NameTypeConstraintMandatoryDefault Value
policy_listsList[policy_lists]No

policy_lists (fmc.domains.objects)

Section titled “policy_lists (fmc.domains.objects)”
NameTypeConstraintMandatoryDefault Value
nameStringYes
actionChoiceDENY, PERMITYes
interfacesListStringNo
interface_literalsListStringNo
address_standard_access_listsListStringNo
address_ipv4_prefix_listsListStringNo
next_hop_standard_access_listsListStringNo
next_hop_ipv4_prefix_listsListStringNo
route_source_standard_access_listsListStringNo
route_source_ipv4_prefix_listsListStringNo
as_pathsListInteger[min: 1, max: 500]No
community_listsListStringNo
match_community_exactlyBooleantrue, falseNo
metricIntegermin: 0, max: 4294967295No
tagIntegermin: 0, max: 4294967295No

Examples

Section titled “Examples”

Prerequisites:

fmc:
  domains:
    - name: Global
      objects:


        security_zones:
          - name: MySecurityZoneName1


        interface_groups:
          - name: MyInterfaceGroupName1


        ipv4_prefix_lists:
          - name: MyIPv4PrefixListName1
            entries:
              - action: PERMIT
                prefix: 10.20.30.0/24
                min_prefix_length: 24
                max_prefix_length: 30
              - action: PERMIT
                prefix: 10.20.40.0/24
                min_prefix_length: 24
                max_prefix_length: 30


        hosts:
          - name: MyHostName1
            ip: 10.10.10.1


        standard_access_lists:
          - name: MyStandardACLName1
            entries:
              - action: DENY
                literals:
                  - 10.1.13.130
              - action: PERMIT
                objects:
                  - MyHostName1


        as_paths:
          - name: 100
            overridable: false
            entries:
              - action: PERMIT
                regular_expression: "65000"
              - action: DENY
                regular_expression: "^(100|200)$"


        expanded_community_lists:
          - name: MyExpandedCommunityListName1
            entries:
              - action: PERMIT
                regular_expression: "^(65000:400|65000:500)$"
              - action: DENY
                regular_expression: "^(65000:600)$"


        extended_community_lists:
          - name: MyExtendedCommunityListName1
            sub_type: Expanded
            entries:
              - action: PERMIT
                regular_expression: "^(65000:700|65000:800)$"
              - action: DENY
                regular_expression: "^(65000:900)$"


        standard_community_lists:
          - name: MyStandardCommunityListName1
            entries:
              - action: PERMIT
                communities:
                  - "65000:100"
                  - "65000:200"
                internet: true
              - action: DENY
                communities:
                  - "65000:300"
                no_export: false

Policy List:

fmc:
  domains:
    - name: Global
      objects:
        policy_lists:
          - name: MyPolicyListName1
            action: PERMIT
            interfaces:
              - MyInterfaceGroupName1
              - MySecurityZoneName1
            interface_literals:
              - GigabitEthernet0/0
              - GigabitEthernet0/1
            address_standard_access_lists:
              - MyStandardACLName1
            next_hop_ipv4_prefix_lists:
              - MyIPv4PrefixListName1
            route_source_ipv4_prefix_lists:
              - MyIPv4PrefixListName1
            as_paths:
              - 100
            community_lists:
              - MyStandardCommunityListName1
              - MyExpandedCommunityListName1
              - MyExtendedCommunityListName1
            match_community_exactly: true
            metric: 100
            tag: 200