Policy Assignment
Location in GUI: There is no single GUI location for this feature. Assignment of the policy to the desired device is done under a specific device configuration. In yaml, under the device configuration, there are attributes to assign the policy to the configured device.
Policy assignment under devices, like fmc.domains.devices.access_control_policy, will assign policy to device regardless if it is defined as resource or data source.
Each device needs to have Access Control Policy and Health Policies assigned. Options after_destroy_access_control_policy and after_destroy_health_policy allow re-assigning device to different policies on destroy.
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”system (fmc)
Section titled “system (fmc)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| policy_assignment | Class | [policy_assignment] | No |
policy_assignment (fmc.system)
Section titled “policy_assignment (fmc.system)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| after_destroy_access_control_policy | String | No | ||
| after_destroy_health_policy | String | No |
Examples
Section titled “Examples”fmc: system: policy_assignment: after_destroy_access_control_policy: Initial_ACP domains: - name: Global devices: devices: - name: MyDeviceName1 access_control_policy: MyAccessPolicyName2 nat_policy: MyFTDNatPolicyName1