Prefilter Policy

Location in GUI: Policies » Prefilter

Diagram

Classes

policies (fmc.domains)

Name	Type	Constraint	Mandatory	Default Value
prefilter_policies	List	`[prefilter_policies]`	No

prefilter_policies (fmc.domains.policies)

Name	Type	Constraint	Mandatory
name	String	Regex: `^[a-zA-Z0-9_.+ -]{1,64}$`	Yes
description	String	max: `255`	No
action	Choice	`BLOCK_TUNNELS`, `ANALYZE_TUNNELS`	No
log_begin	Boolean	`true`, `false`	No
log_end	Boolean	`true`, `false`	No
send_events_to_fmc	Boolean	`true`, `false`	No
snmp_config	String		No
syslog_config	String		No
rules	List	`[rules]`	No

rules (fmc.domains.policies.prefilter_policies)

Name	Type	Constraint	Mandatory
name	String	Regex: `^[a-zA-Z0-9_.+ -]{1,64}$`	Yes
action	Choice	`FASTPATH`, `ANALYZE`, `BLOCK`	Yes
rule_type	Choice	`PREFILTER`, `TUNNEL`	Yes
bidirectional	Boolean	`true`, `false`	No
destination_interfaces	List	String	No
destination_network_literals	List	IP	No
destination_network_objects	List	String	No
destination_port_literals	List	`[destination_port_literals]`	No
destination_port_objects	List	String	No
enabled	Boolean	`true`, `false`	No
encapsulation_ports	Choice	`GRE`, `IP_IN_IP`, `IPV6_IN_IP`, `TEREDO`	No
log_begin	Boolean	`true`, `false`	No
log_end	Boolean	`true`, `false`	No
send_events_to_fmc	Boolean	`true`, `false`	No
send_syslog	Boolean	`true`, `false`	No
snmp_config	String		No
source_interfaces	List	String	No
source_network_literals	List	IP	No
source_network_objects	List	String	No
source_port_literals	List	`[source_port_literals]`	No
source_port_objects	List	String	No
syslog_config	String		No
syslog_severity	Choice	`ALERT`, `CRIT`, `DEBUG`, `EMERG`, `ERR`, `INFO`, `NOTICE`, `WARNING`	No
time_range	String		No
tunnel_zone	String		No
vlan_tag_literals	List	Integer[min: `1`, max: `4095`]	No
vlan_tag_objects	List	String	No

destination_port_literals (fmc.domains.policies.prefilter_policies.rules)

Name	Type	Constraint	Mandatory	Default Value
port	Integer	min: `1`, max: `65535`	Yes
protocol	Choice	`TCP`, `UDP`	Yes

Examples

Prerequisites:

fmc:
  domains:
    - name: Global
      objects:
        hosts:
          - name: MyHostName1
            ip: 10.10.10.10
        networks:
          - name: MyNetworkName1
            prefix: 10.10.10.0/24
        ports:
          - name: MyPortName1
            port: 8080
            protocol: TCP
        security_zones:
          - name: MySecurityZoneName1
          - name: MySecurityZoneName2

Prefilter Policy

fmc:
  domains:
    - name: Global
      policies:
        prefilter_policies:
          - name: MyPrefilterPolicyName1
            default_action: ANALYZE_TUNNELS
            rules:
              - name: MyPrefilterRuleName1
                action: FASTPATH
                rule_type: PREFILTER
                source_interfaces:
                  - MySecurityZoneName1
                destination_network_objects:
                  - MyHostName1
                source_network_objects:
                  - MyNetworkName1
                destination_interfaces:
                  - MySecurityZoneName2
                destination_port_objects:
                  - MyPortName1