Create an SGT Group
To create an SGT group that can be used for an access control rule, use the following procedure:
Before you begin
You must have the following configurations or environments configured prior to creating a security group tag (SGT) group:
-
FDM-managed device must be running at least Version 6.5.
-
You must configure the ISE identity source to subscribe to SXP mappings and enable deploy changes. To manage SXP mappings, see Configure Security Groups and SXP Publishing in ISE of the Firepower Device Manager Configuration Guide for the version you're using, Version 6.7 and later.
-
All SGTs must be created in ISE. To create an SGT, see the Cisco Identity Services Engine Configuration Guide of the version your are currently running.
Procedure
Step 1 | On the left pane, click Objects > FDM Objects. | ||
Step 2 | Click the blue plus button to create an object. | ||
Step 3 | Click FTD > Network. | ||
Step 4 | Enter an Object Name. | ||
Step 5 | (Optional) Add a description. | ||
Step 6 | Click SGT and use the drop-down menu to check all the applicable SGTs you want included in the group. You can sort the list by SGT name. | ||
Step 7 | Click Save.
|