Policy Assignment
Used to assign various types of policies to the devices, defined under devices, like fmc.domains.devices.devices.access_control_policy, will assign policy to device regardless if the device is defined as resource or existing (data source).
Each device needs to have Access Control Policy and Health Policies assigned. Options after_destroy_access_control_policy and after_destroy_health_policy allow re-assigning device to different policies on terraform destroy.
Location in GUI:
There is no single GUI location for this feature. Assignment of the policy to the desired device is done under a specific device configuration. In yaml, under the device configuration, there are attributes to assign the policy to the configured device.
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”system (fmc)
Section titled “system (fmc)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| policy_assignment | Class | [policy_assignment] | No |
policy_assignment (fmc.system)
Section titled “policy_assignment (fmc.system)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| after_destroy_access_control_policy | String | No | ||
| after_destroy_health_policy | String | No |
Examples
Section titled “Examples”fmc: system: policy_assignment: after_destroy_access_control_policy: Initial_ACP domains: - name: Global devices: devices: - name: MyDeviceName1 access_control_policy: MyAccessPolicyName2 nat_policy: MyFTDNatPolicyName1Location in GUI:
There is no single GUI location for this feature. Assignment of the policy to the desired device is done under a specific device configuration. In yaml, under the device configuration, there are attributes to assign the policy to the configured device.
Policy assignment under devices, like fmc.domains.devices.access_control_policy, will assign policy to device regardless if it is defined as resource or data source.
Each device needs to have Access Control Policy and Health Policies assigned.
Options after_destroy_access_control_policy and after_destroy_health_policy allow re-assigning device to different policies on destroy.
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”system (fmc)
Section titled “system (fmc)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| policy_assignment | Class | [policy_assignment] | No |
policy_assignment (fmc.system)
Section titled “policy_assignment (fmc.system)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| after_destroy_access_control_policy | String | No | ||
| after_destroy_health_policy | String | No |
Examples
Section titled “Examples”fmc: system: policy_assignment: after_destroy_access_control_policy: Initial_ACP domains: - name: Global devices: devices: - name: MyDeviceName1 access_control_policy: MyAccessPolicyName2 nat_policy: MyFTDNatPolicyName1