Prefilter Policy
Location in GUI: Policies
» Prefilter
Diagram
Section titled “Diagram”Classes
Section titled “Classes”policies (fmc.domains)
Section titled “policies (fmc.domains)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
prefilter_policies | List | [prefilter_policies] | No |
prefilter_policies (fmc.domains.policies)
Section titled “prefilter_policies (fmc.domains.policies)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
name | String | Regex: ^[a-zA-Z0-9_.+ -]{1,64}$ | Yes | |
description | String | max: 255 | No | |
default_action | Choice | BLOCK_TUNNELS , ANALYZE_TUNNELS | No | ANALYZE_TUNNELS |
log_begin | Boolean | true , false | No | |
log_end | Boolean | true , false | No | |
send_events_to_fmc | Boolean | true , false | No | |
snmp_config | String | No | ||
syslog_config | String | No | ||
rules | List | [rules] | No |
rules (fmc.domains.policies.prefilter_policies)
Section titled “rules (fmc.domains.policies.prefilter_policies)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
name | String | Regex: ^[a-zA-Z0-9_.+ -]{1,64}$ | Yes | |
action | Choice | FASTPATH , ANALYZE , BLOCK | Yes | |
rule_type | Choice | PREFILTER , TUNNEL | Yes | |
bidirectional | Boolean | true , false | No | |
destination_interfaces | List | String | No | |
destination_network_literals | List | IP | No | |
destination_network_objects | List | String | No | |
destination_port_literals | List | [destination_port_literals] | No | |
destination_port_objects | List | String | No | |
enabled | Boolean | true , false | No | |
encapsulation_ports | Choice | GRE , IP_IN_IP , IPV6_IN_IP , TEREDO | No | |
log_begin | Boolean | true , false | No | |
log_end | Boolean | true , false | No | |
send_events_to_fmc | Boolean | true , false | No | |
send_syslog | Boolean | true , false | No | |
snmp_config | String | No | ||
source_interfaces | List | String | No | |
source_network_literals | List | IP | No | |
source_network_objects | List | String | No | |
source_port_literals | List | [source_port_literals] | No | |
source_port_objects | List | String | No | |
syslog_config | String | No | ||
syslog_severity | Choice | ALERT , CRIT , DEBUG , EMERG , ERR , INFO , NOTICE , WARNING | No | |
time_range | String | No | ||
tunnel_zone | String | No | ||
vlan_tag_literals | List | Integer[min: 1 , max: 4095 ] | No | |
vlan_tag_objects | List | String | No |
destination_port_literals (fmc.domains.policies.prefilter_policies.rules)
Section titled “destination_port_literals (fmc.domains.policies.prefilter_policies.rules)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
port | Integer | min: 1 , max: 65535 | Yes | |
protocol | Choice | TCP , UDP | Yes |
Examples
Section titled “Examples”Prerequisites:
fmc: domains: - name: Global objects: hosts: - name: MyHostName1 ip: 10.10.10.10 networks: - name: MyNetworkName1 prefix: 10.10.10.0/24 ports: - name: MyPortName1 port: 8080 protocol: TCP security_zones: - name: MySecurityZoneName1 - name: MySecurityZoneName2
Prefilter Policy
fmc: domains: - name: Global policies: prefilter_policies: - name: MyPrefilterPolicyName1 default_action: ANALYZE_TUNNELS rules: - name: MyPrefilterRuleName1 action: FASTPATH rule_type: PREFILTER source_interfaces: - MySecurityZoneName1 destination_network_objects: - MyHostName1 source_network_objects: - MyNetworkName1 destination_interfaces: - MySecurityZoneName2 destination_port_objects: - MyPortName1