Policies allow you to enforce rules and take action. The different types of policy rules that you can create on the firewall are: Security, NAT, Quality of Service (QoS), Policy Based Forwarding (PBF), Decryption, Application Override, Authentication, Denial of Service (DoS), and Zone protection policies. All these different policies work together to allow, deny, prioritize, forward, encrypt, decrypt, make exceptions, authenticate access, and reset connections as needed to help secure your network. The following topics describe how to work with policy:
- Policy Types
- Security Policy
- Policy Objects
- Security Profiles
- Enumeration of Rules Within a Rulebase
- Move or Clone a Policy Rule or Object to a Different Virtual System
- Use Tags to Group and Visually Distinguish Objects
- Use an External Dynamic List in Policy
- Register IP Addresses and Tags Dynamically
- Monitor Changes in the Virtual Environment
- CLI Commands for Dynamic IP Addresses and Tags
- Identify Users Connected through a Proxy Server
- Policy-Based Forwarding
Use Tags to Group and Visually Distinguish Objects
Use Tags to Group and Visually Distinguish Objects You can tag objects to group related items and add color to the tag in order to ...
Use Dynamic Address Groups in Policy
Use Dynamic Address Groups in Policy Dynamic address groups are used in policy. They allow you to create policy that automatically adapts to changes—adds, moves, ...
Objects > Tags
Objects > Tags Tags allow you to group objects using keywords or phrases. Tags can be applied to address objects, address groups (static and dynamic), ...
Policy Enforcement using Dynamic Address Groups
Policy Enforcement using Dynamic Address Groups Unlike the other versions of the VM-Series firewall, because both virtual wire interfaces (and subinterfaces) belong to the same ...
Policy Types Policies enable you to control firewall operation by enforcing rules and automating actions. The firewall supports the following policy types : Basic security ...
Forward Logs to an HTTP(S) Destination
Forward Logs to an HTTP(S) Destination The firewall and Panorama can forward logs to an HTTP server. You can choose to forward all logs or ...
Register IP Addresses and Tags Dynamically
Register IP Addresses and Tags Dynamically To mitigate the challenges of scale, lack of flexibility and performance, the architecture in networks today allows for virtual ...
Create and Apply Tags
Create and Apply Tags Create tags. To tag a zone, you must create a tag with the same name as the zone. When the zone ...
Firewall Policy Based on Endpoint Group, Tenant, or Applica...
Firewall Policy Based on Endpoint Group, Tenant, or Application You can create firewall security policy referencing Cisco ACI attributes such as EPG, tenants, and application ...