DocsYouTube ChannelDevNetCisco Defense Orchestrator DocsFirewall How To Community
Guides

Scenario 4 - Basic Access Control

Suggest Edits

In this step we will create a basic Access Control policy. Because we do not have any devices yet, it is too early to try and do much with this policy. However, we must have a policy to deploy when we add our managed devices. It will be easier to create one ahead of time rather than at the time we join our first device.

If you are registering several devices to an FMC it might be easier to create a blank or dummy Access Control policy you can use temporarily as you register each device. The only purpose of this policy is to satisfy the requirement that any FMC managed device must have an Access Control policy assigned. You can then add the device to it's actual policy later.

In anticipation of managing several devices we will create parent and child policies. This will allow us to configure various settings in the parent and have those inherited by the child policies. This will make maintaining a consistent environment much easier, especially if we have a large number of policies.

📘

Lab Tasks

These are the tasks in this scenario. If you are familiar with the Secure Firewall you may do these on your own, or for step-by-step instructions see below.

  • Task 1 - Create a new Access Control policy named Global Parent
  • Task 2 - Create a second Access Control policy named NGFW1 and set its base policy to the policy above.

Task 1 - Create Parent Access Control Policy

  1. From the FMC2 web UI, navigate to Policies > Access Control.

    1. Click the New Policy button.

    2. For Name enter Global Parent.

    3. For Description enter Common policy settings.

    4. Click Save to save the parent policy.

    5. Click Return to Access Control Policy Management on the top-left to return to the policy list.

Task 2 - Create the NGFW1 Child Policy

Next, we will create our child policy. This is the policy that will be assigned to our first firewall device.

  1. Click New Policy in the upper-right.

    1. Name the policy NGFW1.

    2. Under Select Base Policy select Global Parent.

    3. Click Save

  2. Click Return to Access Control Policy Management towards the upper-left to return to the policy list which should look like the figure below.


👍

Tell us how we are doing

We are doing our best to ensure the scenarios in this lab guides are useful, clear and work as expected.

Please share your thoughts to help us improve or fix any problems you may run into..

Click here to provide your feedback or report an issue with this guide

Updated 5 months ago

What’s Next

Continue with the next step below.

© 2024 Cisco Systems, Inc.
Title of the document The current suggested release is 7.4.2 Release 7.7 is live! Reminder that 7.7 firewalls are Snort 3 only