Prefilter Policy
Location in GUI: Policies » Prefilter
Diagram
Section titled “Diagram”Classes
Section titled “Classes”policies (fmc.domains)
Section titled “policies (fmc.domains)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| prefilter_policies | List | [prefilter_policies] | No |
prefilter_policies (fmc.domains.policies)
Section titled “prefilter_policies (fmc.domains.policies)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.+ -]{1,64}$ | Yes | |
| description | String | max: 255 | No | |
| default_action | Choice | BLOCK_TUNNELS, ANALYZE_TUNNELS | No | ANALYZE_TUNNELS |
| log_begin | Boolean | true, false | No | |
| log_end | Boolean | true, false | No | |
| send_events_to_fmc | Boolean | true, false | No | |
| snmp_config | String | No | ||
| syslog_config | String | No | ||
| rules | List | [rules] | No |
rules (fmc.domains.policies.prefilter_policies)
Section titled “rules (fmc.domains.policies.prefilter_policies)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.+ -]{1,64}$ | Yes | |
| action | Choice | FASTPATH, ANALYZE, BLOCK | Yes | |
| rule_type | Choice | PREFILTER, TUNNEL | Yes | |
| bidirectional | Boolean | true, false | No | |
| destination_interfaces | List | String | No | |
| destination_network_literals | List | IP | No | |
| destination_network_objects | List | String | No | |
| destination_port_literals | List | [destination_port_literals] | No | |
| destination_port_objects | List | String | No | |
| enabled | Boolean | true, false | No | |
| encapsulation_ports | Choice | GRE, IP_IN_IP, IPV6_IN_IP, TEREDO | No | |
| log_begin | Boolean | true, false | No | |
| log_end | Boolean | true, false | No | |
| send_events_to_fmc | Boolean | true, false | No | |
| send_syslog | Boolean | true, false | No | |
| snmp_config | String | No | ||
| source_interfaces | List | String | No | |
| source_network_literals | List | IP | No | |
| source_network_objects | List | String | No | |
| source_port_literals | List | [source_port_literals] | No | |
| source_port_objects | List | String | No | |
| syslog_config | String | No | ||
| syslog_severity | Choice | ALERT, CRIT, DEBUG, EMERG, ERR, INFO, NOTICE, WARNING | No | |
| time_range | String | No | ||
| tunnel_zone | String | No | ||
| vlan_tag_literals | List | Integer[min: 1, max: 4095] | No | |
| vlan_tag_objects | List | String | No |
destination_port_literals (fmc.domains.policies.prefilter_policies.rules)
Section titled “destination_port_literals (fmc.domains.policies.prefilter_policies.rules)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| port | Integer | min: 1, max: 65535 | Yes | |
| protocol | Choice | TCP, UDP | Yes |
Examples
Section titled “Examples”Prerequisites:
fmc: domains: - name: Global objects: hosts: - name: MyHostName1 ip: 10.10.10.10 networks: - name: MyNetworkName1 prefix: 10.10.10.0/24 ports: - name: MyPortName1 port: 8080 protocol: TCP security_zones: - name: MySecurityZoneName1 - name: MySecurityZoneName2Prefilter Policy
fmc: domains: - name: Global policies: prefilter_policies: - name: MyPrefilterPolicyName1 default_action: ANALYZE_TUNNELS rules: - name: MyPrefilterRuleName1 action: FASTPATH rule_type: PREFILTER source_interfaces: - MySecurityZoneName1 destination_network_objects: - MyHostName1 source_network_objects: - MyNetworkName1 destination_interfaces: - MySecurityZoneName2 destination_port_objects: - MyPortName1